Course Description
This is a classroom course with hands-on labs for IBM Tivoli Access Manager for e-business 6.0 product. IBM Tivoli Access Manager is an authentication and authorization solution for corporate Web, client/server, and existing applications.This product allows customers to control user access to protected information and resources by providing a centralized, flexible, and scalable access control solution. This course is targeted for System Administrators, Security Architects, Application Programmers, and Identity Developers who are responsible for maintaining large numbers of users, groups, and access to specific information resources.

Class Length
4 days

Objectives

• Describe how IBM Tivoli Access Manager for e-business secures access to business applications and resources.
• Explain the architecture of IBM Tivoli Access Manager for e-business.
• Describe how IBM Tivoli Access Manager for e-business can integrate with new or existing products to secure business applications and resources
• Describe how to install and configure IBM Tivoli Access Manager for e-business and its prerequisites for a particular case study.
• Describe how to install and configure Web Portal Manager to manage the Access Manager environment.
• Describe how to install and configure IBM Tivoli Directory Server Web Application Tool in order to ease management of the IBM Tivoli Directory Server user registry.
• Troubleshoot Access Manager for e-business installations.
• Describe the role of the user registry in IBM Tivoli Access Manager for e-business implementation.
• Create users, groups, access control lists, and protected object policies to manage the authentication and authorization of users.
• Use pdadmin commands and Web Portal Manager to manage users, groups, access control, and WebSEAL environment.
• Describe authorization rules to customize access control.
• Create Access Manager domains to unify the authentication and authorization of users.
• Create Access Manager delegated administrators to delegate domain management responsibilities to lower-level administrators.
• Use auditing to track users and administrators activities.
• Implement the Access Manager common auditing and reporting systems (CARS) for historical and operational reporting.
• Describe how WebSEAL secures Web-based resources.
• Install and configure WebSEAL.
• Describe and implement a variety of authentication methods including forms-based single sign-on, cross domain single sign-on, Windows desktop single sign-on (SPNEGO), and client-side certificates.
• Describe Session Management Server (SMS) and WebSEAL shared session management to limit concurrent sessions and terminate or inspect active sessions.
• Create and manage WebSEAL junctions to unify the Web space of the back-end servers with the Web space of the WebSEAL server.
• Enable auditing to track user activities.
• Enable logging to troubleshoot WebSEAL environment.
• Describe how to tailor a security environment with IBM Tivoli Access Manager for e-business Web server plug-ins.

Who will benefit from this course
This course is targeted for System Administrators, Security Architects, Application Programmers, and Identity Developers who are responsible for maintaining large numbers of users, groups, and access to specific information resources.

Required Skills Knowledge

The following list contains the prerequisite knowledge or Tivoli product knowledge an attendee must have prior to attending the course:

• Basic operating-system administrative skills for Linux
• Basic knowledge of Lightweight Directory Access Protocol (LDAP)
• TCP/IP fundamentals
• Firewall concepts
• Working knowledge of Web protocols (HTTP, XML)
• Basic knowledge of IBM WebSphere Application Server

Prerequisites
LDAP foundation class.

Course Outline

Unit 1: IBM Tivoli Access Manager for e-business 6.0 Introduction and Overview
Lesson 1: Introduction to Tivoli Access Manager for e-business
Lesson 2: Tivoli Access Manager for e-business Architecture
Lesson 3: Tivoli Access Manager for e-business Integration

Unit 2: IBM Tivoli Access Manger for e-business Installation and Configuration
Lesson 1: Tivoli Access Manager for e-business Prerequisites
Lesson 2: Tivoli Access Manager for e-business Installation

Unit 3: Tivoli Access Manager and the LDAP User Registry
Lesson 1: What is LDAP
Lesson 2: Tivoli Access Manager and the User Registry
Lesson 3: Installing and Configuring the IBM Tivoli Directory Server Web Application Tool

Unit 4: Managing Users and Groups
Lesson 1: Using the Tivoli Access Manager Command Line and Graphical User Interface
Lesson 2: Installing and Configuring the Web Portal Manager
Lesson 3: Using pdadmin Commands and Web Portal Manager to Manage Users, Groups, and Access Control

Unit 5: Managing Access Control
Lesson 1: Controlling Access with Tivoli Access Manager
Lesson 1: ACLs
Lesson 2: POPs
Lesson 3: IP Authentication

Unit 6: Introduction to WebSEAL
Lesson 1: What is WebSEAL
Lesson 2: WebSEAL Authentication
Lesson 3: WebSEAL Junctions
Lesson 4: Web Space Protection
Lesson 5: Web Space Scalability
Lesson 6: Single Sign-on

Unit 7: WebSEAL Installation and Configuration
Lesson 1: Installation Prerequisites
Lesson 2: Installation Methods
Lesson 3: WebSEAL Configuration
Lesson 4: WebSEAL Instance Management
Lesson 5: WebSEAL Configuration Files

Unit 8: WebSEAL Authentication Mechanisms
Lesson 1: Authentication Overview
Lesson 2: Authentication Methods
Lesson 3: Basic Authentication
Lesson 4: Forms Authentication
Lesson 5: Client Certificate Authentication
Lesson 6: HTTP Header Authentication
Lesson 7: IP Address Authentication
Lesson 8: Token Authentication

Unit 9: Advanced Authentication Methods
Lesson 1: Multiplexing Proxy Agents
Lesson 2: Switch User Authentication
Lesson 3: Re-authentication
Lesson 4: External Authentication Interface
Lesson 5: Logout and Password Change Operations
Lesson 6: Login Failure Policy

Unit 10: WebSEAL Junctions
Lesson 1: WebSEAL Junctions Overview
Lesson 2: Managing Junctions with Web Portal Manager
Lesson 3: Managing Junctions with pdadmin Utility
Lesson 4: Standard WebSEAL Junctions
Lesson 5: Transparent Path Junctions
Lesson 6: Stateful Junctions
Lesson 7: Junction Cookie
Lesson 8: Junction Mapping Table
Lesson 9: Generating a Third Party Web Space (Query-Contents)
Lesson 10: Junction Throttling

Unit 11: Virtual Host Junctions
Lesson 1: Virtual Host Junction Concepts
Lesson 2: Configuring a Virtual Host Junction
Lesson 3: Virtual Host Junctions in Object Space
Lesson 4: Commands for Virtual Host Junctions

Unit 12: Single Sign-on
Lesson 1: Single Sign-on Concepts
Lesson 2: Single Sign-on using HTTP Basic Authentication (BA) Headers
Lesson 3: Supplying Client Identity and Generic Password
Lesson 4: Forwarding Original Client BA Header Information
Lesson 5: Removing Client BA Header Information
Lesson 6: Supplying User Name and Password from GSO
Lesson 7: Global Sign-on
Lesson 8: Configuring a GSO Enabled WebSEAL Junction
Lesson 9: Forms Single Sign-on Authentication
Lesson 10: Single Sign-on to IBM WebSphere (LTPA)

Unit 13: Windows Desktop Single Sign-on
Lesson 1: Windows Single Sign on Overview
Lesson 2 SPNEGO
Lesson 3: Active Directory with Windows Single Sign On
Lesson 4: Configuration of Windows Single Sign On

Unit 14: Cross Domain Single Sign-on
Lesson 1: Cross Domain Single Sign On Overview
Lesson 2: Configuration of Cross Domain Single Sign On
Lesson 3: Extended Attributes for CDSSO

Unit 15: Session Management Server
Lesson 1: Overview of Session Management
Lesson 2: Overview of SMS
Lesson 2: Administration
Lesson 3: Installation
Lesson 4: Configuration
Lesson 5: SMS and WebSEAL

Unit 16: Domain and Policy Proxy Server
Lesson 1: Tivoli Access Manager Secure Domains
Lesson 2: Managing Secure Domains
Lesson 3: Using Policy Proxy Servers

Unit 17: Authorization Rules
Lesson 1: Authorization Rules
Lesson 2: Creating Custom Authorization Rules

Unit 18: Delegated Administration
Lesson 1: Domain Management Responsibilities
Lesson 2: Delegated Administration
Lesson 3: Delegated User and Group Administration
Lesson 4: Delegated Object Space Management

Unit 19: Logging and Auditing
Lesson 1: Policy Server Auditing
Lesson 2: Policy Server Logging
Lesson 3: WebSEAL Auditing
Lesson 4: WebSEAL Logging

Unit 20: Common Auditing and Reporting Services (CARS)
Lesson 1: Common Auditing and Reporting Services Overview
Lesson 2: CARS Installation and Configuration
Lesson 3: CARS Configuration for IBM Tivoli Access Manager Policy Server
Lesson 4: CARS WebSEAL Configuration
Lesson 5: IBM Tivoli Access Manager Reporting with CARS