Configure Tivoli connection

Tivoli connections use the Tivoli configuration files to determine how a particular API Gateway instance connects to an instance of a Tivoli server. You can upload the Tivoli configuration files you generated to API Gateway and add the required connection details in the Tivoli Configuration dialog.

This section describes how to configure the IBM Tivoli Access Manager (TAM) connection using Policy Studio. For more information on working in Policy Studio, see the API Gateway Policy Developer Guide.

Note   Each API Gateway instance can connect to a single Tivoli server.

The connection is configured globally under the Server Settings, so it can be reused in filters and policies without the need to reconfigure details again.

Upload Tivoli configuration files in Policy Studio

  1. In the node tree, click Environment Configuration > Server Settings > Security > Tivoli, and select Add a Tivoli Connection.
  2. Select Tivoli Connections > Add a Tivoli Connection, and enter a name on the Tivoli Configuration dialog, or select an existing Tivoli connection to base the new configuration on.
  3. Set the following, and click Next:
    • Upload Tivoli configuration files: Select this.
    • Connection enabled: Select this to immediately enable the connection.
  4. Click Load File, and select your main Tivoli configuration file (.conf). The contents of the file are displayed in the text area.
  5. Change all directory paths of the configuration files in the main configuration file to the absolute paths on API Gateway, then click Next. For example:
  6. Example screenshot on the renamed files
  1. Click Load File, select the Tivoli SSL key file (.kdb), and click Next.
  2. Note   The (base-64 encoded) SSL keys cannot be edited in the text area.
  3. Click Load File, select the Tivoli SSL stash file (.sth), and click Next.
  4. Click Load File, select Tivoli Configuration database configuration file (.conf.obf), and click Finish.
  5. In the node tree, click Environment Configuration > Server Settings > Security > Tivoli, ensure the Tivoli connection you just created is selected in the drop-down list, and click Save.
  6. Deploy the configuration to API Gateway to upload the files.
Note   When you upload the configuration files, on each startup and refresh (for example, when configuration updates are deployed), API Gateway overwrites the configuration files to INSTALL_DIR\apigateway\groups\GROUP-NUMBER\PROCESS_NAME\conf\plugin\tivoli\PROCESS_NAME, where PROCESS_NAME is API Gateway instance. This means that any changes to the main configuration file must be made in Policy Studio, not directly to the file on the disk.

Spaces in the API Gateway instance name are substituted with -, and API Gateway names each file as config.<EXTENSION>. For example, the directory, INSTALL_DIR\apigateway\groups\group-2\instance-1\conf\plugin\tivoli\instance-1 contains config.conf, config.kdb, config.sth, and config.conf.obf.

To later disable or enable configured Tivoli connections, select the connection you want, click Edit Tivoli connection, and deselect or select Connection enabled as needed.

For more details on the fields and options in this configuration window, see Configure Tivoli connections in the API Gateway Policy Developer Guide.

Upload Tivoli configuration files manually

Alternatively, you can manually copy the configuration files to a location on API Gateway to upload the files and create a new Tivoli connection.

To configure API Gateway to pick up the uploaded files, perform the following steps:

  1. Copy the files to API Gateway's file system. Ensure that the settings in the main configuration file (.conf) pointing to the other configuration files point to the right locations. You must use the full paths to the files. For example:
  2. An example of edited paths in the main config file.
  3. In the node tree in Policy Studio, click Environment Configuration > Server Settings > Security > Tivoli, and select Add a Tivoli Connection.
  4. Select Tivoli Connections > Add a Tivoli Connection, and enter a name on the Tivoli Configuration dialog, or select an existing Tivoli connection to base the new configuration on.
  5. Enter a name on the Tivoli Configuration dialog.
  6. Set the following, and click Next:
    • Set file location for main Tivoli Configuration file: Select this.
    • Connection enabled: Select this to immediately enable the connection.
  7. In Server-side Tivoli configuration, enter the full path to the main Tivoli configuration file (for example, INSTALL_DIR\apigateway\groups\group-2\instance-1\conf\plugin\tivoli\instance-1\config.conf) on the API Gateway's file system, and click Finish.
  8. In the node tree, click Environment Configuration > Server Settings > Security > Tivoli, ensure the Tivoli connection you just created is selected in the drop-down list, and click Save.
  9. Deploy the configuration to API Gateway to upload the files.
Note   When the Set file location option is selected, API Gateway does not overwrite the files at startup or refresh time. You can edit the main configuration file directly using an editor of your choice.

Related Links