Configuring PassPort AM

This section describes how to configure access management when not using Central Governance.

Procedure

To configure the PassPort AM connection, set the UCONF parameters described in this section. From the Administration screen in the graphical user interface, access the Unified Configuration window. Double-click in the Unified Configuration window to begin editing parameters.

  1. Define the connection to the PassPort AM server using the UCONF parameters in the following tables. You must define the parameters in the order listed.

PassPort AM connector parameters

Parameter Description
am.passport.hostname
PassPort AM server hostname/IP address.
am.passport.port
PassPort AM server port.
am.passport.srchost

The PassPort AM local network interface for outgoing connections.

am.passport.instance_id

Transfer CFT instance ID for PassPort AM  

  • You must determine your Transfer CFT's PassPort instance name. If it does not match the instance name of default, you must add an instance with the correct name.
  • The passport.instance_id corresponds to the instance (An instance name is a unique identifier of the installed instance of the component. Check that PassPort and your Transfer CFT have the SAME instance name) of the CSD that is available in PassPort.
  • In PassPort, you can view this by selecting Access > Components > Transfer CFT and checking the screen display (default value: default (when you import a component, PassPort assigns it the instance name default )).
am.passport.login
Transfer CFT login for PassPort AM. This user must exist in PassPort and have an Administrator role. This user represents an application user with which Transfer CFT makes requests.
am.passport.password
Transfer CFT Instance ID Password for PassPort AM, see above.
am.passport.superuser

Enables users to perform any type of action without PassPort AM permission checks.

You must set up at least one superuser. Doing so enables you to deactivate or change the PassPort AM connector configuration if the server is not responding.

If the user's name for a session contains a space in the name, you must insert the backslash \ character where the space occurs.

Example

If you are defining the users "firstname lastname" and "johndoe" as superusers, you would set the am.passport.superuser parameter value to "firstname\ lastname johndoe".

So for this example, the command is:

CFTUTIL uconfset id = am.passport.superuser, value = "'firstname\ lastname johndoe'"

am.passport.use_ssl

Enables SSL with PassPort AM.

The server port is not the same as the default port when using SSL.

am.passport.ca_cert Certification Authority (CA) public certificate to authenticate the PassPort AM server.
am.passport.csd_file Transfer CFT Component Security descriptor file for PassPort AM. The default value is $(cft.install_dir)/extras/PassPort/csd_Transfer_CFT.xml.
  1. Set the access management type parameter to PassPort: am.type = passport
Note The am.type is the last parameter to set when activating PassPort AM and the first to unset when deactivating it.
  1. Restart the Transfer CFT and Copilot servers.

Example PassPort AM configuration with SSL 

  1. Configure the Access Management type:

CFTUTIL UCONFSET ID=am.type, VALUE=none

  1. Configure the connection using your CFTPARM PART name as the instance_id value.

CFTUTIL UCONFSET ID=am.passport.hostname, VALUE=pam.company.com

CFTUTIL UCONFSET ID=am.passport.port, VALUE=6666
CFTUTIL UCONFSET ID=am.passport.use_ssl, VALUE=YES

CFTUTIL UCONFSET ID=am.passport.ca_cert, VALUE=conf/pki/<your_passport_CA>

CFTUTIL UCONFSET ID=am.passport.instance_id, VALUE=CFT23412
CFTUTIL UCONFSET ID=am.passport.login, VALUE=PASSPORT_ADMIN_USER

CFTUTIL UCONFSET ID=am.passport.password, VALUE=PASSPORT_ADMIN_PASSWORD

  1. Activate the PassPort Access Management:

CFTUTIL UCONFSET ID=am.type, VALUE=passport

Optional PassPort AM

Parameter Definition
am.passport.userctrl.check_permissions_on_transfer_execution

Check the permissions for the execute action on the transfer resource when the Transfer CFT user control is enabled (USERCTRL=YES). To disable the permission check, set the following parameter to No. The default is Yes.

am.passport.domain PassPort AM domain.
am.passport.max_connections Maximum number of connections with PassPort.
am.passport.pipe_priority Pipelining priority mode.
am.passport.pipeline_size Maximum number of requests in the pipe for one PassPort.
am.passport.resource_prefix Only EXPERTS may use the resource prefix.

References

A complete set of PassPort documentation is available at support.axway.com.

For more information about starting the Transfer CFT UI (Copilot), refer to Starting and Stopping the Copilot UI.

Related topics

About PassPort AM

PassPort AM CSD

Defining user rights Windows

Defining user rights Unix

Related Links