Configure a Tivoli demo setup

To test or demonstrate Tivoli Access Manager integration in API Gateway, you may want to configure a test Tivoli objectspace as well as sample users and web services using the pdadmin tool. For more details on the pdadmin tool, see the pdadmin commands.

Create a Tivoli objectspace

  1. Open a terminal window on the machine running the Tivoli authorization server and management server.
  2. Start the pdadmin tool using the following command, where mypwd is the password for the management server:
  3. > pdadmin -a sec_master -p mypwd
  4. Use the objectspace create command to add a user:
  5. pdadmin> objectspace create <objectspace name> <description> 9

    The parameter 9 indicates that you are adding a web resource. As the Policy Decision Point (PDP), API Gateway is responsible of mapping an attempt to access a web service to a given object. The Tivoli authorization server does not contain any mapping between its objectspace nodes and URLs.

    For example:

    pdadmin> objectspace create /axway/test "For testing purposes" 9

Add users and web services to Tivoli

To authorize a user to access a web service, you must first add the user to Tivoli as follows:

  1. Add the user as before using the user create command:
  2. pdadmin> user create <username> <dn> <cn> <sn> <password>
    Note   Ensure that the DName you assign the user is identical to the DName in the user's certificate.
  3. Insert the server that runs your web service into Tivoli's objectspace using the following command:
  4. pdadmin> object create /apigateway/<object-name> <description> 9
  5. To bind the user and the object, create an ACL for the object, and add the user to that list:
  6. pdadmin> acl create <acl-name>
    pdadmin> acl modify <acl-name> set user <username> rx
    pdadmin> acl attach <object-name> <acl-name>
  7. To view the details of a user, use the following commands:
  8. >user show <username>
    >objectspace list
    >acl show <acl-name>

For more details on this utility, see the pdadmin commands.

