This is a classroom course with hands-on labs for IBM Tivoli Access Manager for e-business 6.0 product. IBM Tivoli Access Manager is an authentication and authorization solution for corporate Web, client/server, and existing applications. This product allows customers to control user access to protected information and resources by providing a centralized, flexible, and scalable access control solution. This course is targeted for System Administrators, Security Architects, Application Programmers, and Identity Developers who are responsible for maintaining large numbers of users, groups, and access to specific information resources.
Objectives
After completing this course, students will be able to accomplish the following:
Describe how IBM Tivoli Access Manager for e-business secures access to business applications and resources.
Explain the architecture of IBM Tivoli Access Manager for e-business.
Describe how to install and configure IBM Tivoli Access Manager for e-business and its prerequisites.
Describe how to install and configure Web Portal Manager to manage the Access Manager environment.
Describe how to install and configure IBM Tivoli Directory Server Web Application Tool in order to ease management of the IBM Tivoli Directory Server user registry.
Describe the role of the user registry in IBM Tivoli Access Manager for e-business implementation.
Create users, groups, access control lists, and protected object policies to manage the authentication and authorization of users.
Use pdadmin commands and Web Portal Manager to manage users, groups, access control, and WebSEAL environment.
Create Access Manager domains to unify the authentication and authorization of users.
Create Access Manager delegated administrators to delegate domain management responsibilities to lower-level administrators.
Use auditing to track users and administrators activities.
Install and configure common auditing and reporting service (CARS) for e-business reporting.
Describe how WebSEAL secures Web-based resources.
Install and configure WebSEAL.
Describe a variety of authentication methods including basic authentication, forms-based single sign-on, and client-side certificate.
Describe Session Management Server (SMS) and WebSEAL uses SMS to manage user sessions.
Create and manage WebSEAL junctions to unify the Web space of the back-end servers with the Web space of the WebSEAL server.
Course outline
IBM Tivoli Access Manager for e-business 6.0 Introduction and Overview
Lesson 1: IBM Tivoli Access Manager for e-business
Lesson 2: Tivoli Access Manager for e-business Architecture
Lesson 3: Authentication and Authorization
IBM Tivoli Access Manger for e-business Installation and Configuration
Lesson 1: Planning a New Tivoli Access Manager Deployment
Lesson 2: Installing Tivoli Access Manager
Lesson 3: Tivioli Access Manager Prerequisites
Lesson 4: Installation Methods
Tivoli Access Manager and the User Registry
Lesson 1: Lightweight Directory Access Protocol
Lesson 2: Setting up LDAP
Lesson 3: Processing LDAP Requests
Managing Users and Groups
Lesson 1: Tivoli Access Manager Administration
Lesson 2: Tivoli Access Manager Users and Groups
Managing Access Control
Lesson 1: Protected Object Space
Lesson 1: Access Control Lists (ACLs)
Lesson 2: Protected Object Policies (POPs)
Lesson 3: IP Authentication
Lesson 5: New to Tivoli Access Manager for e-business
Introduction to WebSEAL
Lesson 1: WebSEAL
Lesson 2: WebSEAL Features
Lesson 3: WebSEAL Authentication Mechanisms
Lesson 4: WebSEAL Junctions
Lesson 5: Web Space Scalability
Lesson 6: Single Sign-on
WebSEAL Installation and Configuration
Lesson 1: WebSEAL Installation
Lesson 2: WebSEAL Configuration
Lesson 3: WebSEAL Instance Management
WebSEAL Authentication
Lesson 1: Authentication Overview
Lesson 2: Authentication Methods
Lesson 3: Basic Authentication
Lesson 4: Forms Authentication
Lesson 5: Client-side Certificate Authentication
Lesson 6: Token Authentication
Lesson 7: Reauthentication
Lesson 8: External Authentication Interface
Standard WebSEAL Junctions
Lesson 1: WebSEAL Junctions
Lesson 2: URL Filtering
Lesson 3: Junction Mapping Table
Lesson 4: Transparent Path Junctions
Lesson 5: Worker Thread Limits
Virtual Host Junctions
Lesson 1: Virtual Host Junction Concepts
Lesson 2: Managing Virtual Host Junctions
Lesson 3: Multiple Listening Addresses and Ports
Lesson 4: Junction Throttling
Single Sign-on
Lesson 1: Single Sign-on Concepts
Lesson 2: Basic Authentication Single Sign-on
Lesson 3: Global Sign-on (GSO)
Lesson 4: Forms Single Sign-on Authorization
Session Management Server
Lesson 1: Session State Concepts
Lesson 2: Session Management Server
Lesson 3: SMS Administration
Lesson 4: Installation
Lesson 5: Configuration
Domain and Policy Proxy Server
Lesson 1: Domains
Lesson 2: Policy Proxy Server
Delegated Administration
Lesson 1: Delegated Administration
Lesson 2: ACLs for User and Group
Logging and Auditing
Lesson 1: Overview of Event Types and Logging Support
Common Auditing and Reporting Services (CARS)
Lesson 1: Common Auditing and Reporting Services Overview
Lesson 2: Installation and Configuration
Lesson 3: CARS Reporting
Who will benefit from this course
This course is targeted for System Administrators, Security Architects, Application Programmers, and Identity Developers who are responsible for maintaining large numbers of users, groups, and access to specific information resources.
Required skills/knowledge
The following list contains the prerequisite knowledge or Tivoli product knowledge an attendee must have prior to attending the course:
Basic operating-system administrative skills for Linux and Windows
Basic knowledge of Lightweight Directory Access Protocol (LDAP)
TCP/IP fundamentals
Firewall concepts
Working knowledge of Web protocols (HTTP, XML)
Basic knowledge of IBM WebSphere Application Server
If you are unable to locate a course at the time and location you desire, including
training for prior product releases, please feel free to contact your regional delivery
management team:
