Configure API Gateway for IBM Tivoli Access Manager

This section describes how configure API Gateway for integration with IBM Tivoli Access Manager.

Install the Tivoli Access Manager runtime environment

You must install the Tivoli Access Manager runtime environment on the machine running API Gateway. The runtime environment is not packaged with API Gateway, so you must install it separately.

Note   The Tivoli Access Manager Java runtime environment is not required.

It is recommend to install the Tivoli Access Manager runtime environment using the native utilities instead of the installation wizard to ensure the Tivoli Access Manager Java runtime environment is not installed. The installation wizard requires the Tivoli Access Manager Java runtime environment even though the runtime software does not.

Generate Tivoli configuration files

API Gateway uses information stored in the Tivoli configuration files to connect to a Tivoli server. You can generate these configuration files using the svrsslcfg command line utility included in the Tivoli Access Manager runtime environment. For more details on this utility, see the Tivoli documentation.

  1. Run the svrsslcfg utility. For example:
  2. svrsslcfg -config -f "C:\conf\config.conf" -d "C:\conf" -n apigateway
    -s remote -P XXXXXXXX -S YYYYYYYY -r 7777 -h test.axway.com

    The available arguments are as follows:

    Argument Description
    -config The command that creates the configuration files required API Gateway uses to communicate with Tivoli.
    -f The directory and name of the main Tivoli configuration file. This command generates the file in the specified location.
    -d The directory where to generate the SSL key file (.kdb) for the Tivoli server. This command generates the file in the specified location.
    -n The name of the application connecting to the Tivoli server (API Gateway).
    -s The mode how the application (API Gateway) runs. The most likely scenario is that API Gateway runs remotely.
    -P The password of the Tivoli administrator.
    -S The password for API Gateway. This command sets the password for API Gateway on the Tivoli server.
    -r The listening port on API Gateway.
    -h The name of the host running API Gateway.
  3. To add a Tivoli authorization server replica, run the following command:
  4. svrsslcfg -add_replica -f <main Tivoli config file> -h <Tivoli authorization server>

    For example:

    svrsslcfg -add_replica -f "C:\conf\config.conf" -h tivoli.axway.com

    API Gateway contacts this server to make authorization decisions.

The following files are generated in the directory you specified:

  • <name>.conf: the main Tivoli configuration file
  • <name>.kdb: the SSL key file
  • <name>.sth: the stash file for the SSL key file
  • <name>.conf.obf: the database configuration file

The files are named as you define for the main configuration file. For example:

  • config.conf: the main Tivoli configuration file
  • config.kdb: the SSL key file
  • config.sth: the stash file for the SSL key file
  • config.conf.obf: the database configuration file
Note   Depending on the version of API Gateway you are running, the file names might have spaces in them.

After creating the configuration files you must upload them to API Gateway using Policy Studio, or manually copy the files to a location on API Gateway's file system. See Configure Tivoli connection.

Related Links