#
# Install LTPA Security.
#
####################################################################
# Patrick Finnegan 23/09/2004. V1.
####################################################################
#-------------------------------------------------------------------------------
# Install LTPA settings.
#-------------------------------------------------------------------------------
proc getLTPAId {} {
global AdminConfig
puts "\n## List LTPA Details ##\n"
if { [ catch { $AdminConfig list LTPA } r ] == 0 } {
set ltpaId $r
foreach e $r {
puts [ format "\n%-10s %-50s\n" "LTPA:" $e ]
catch { $AdminConfig showAttribute $e OID } r
puts [ format "%-5s %-20s %-50s" " " OID $r ]
catch { $AdminConfig showAttribute $e authConfig } r
puts [ format "%-5s %-20s %-50s" " " authConfig $r ]
catch { $AdminConfig showAttribute $e authContextImplClass } r
puts [ format "%-5s %-20s %-50s" " " authContextImplClass $r ]
catch { $AdminConfig showAttribute $e authValidationConfig } r
puts [ format "%-5s %-20s %-50s" " " authValidationConfig $r ]
catch { $AdminConfig showAttribute $e isCredentialForwardable } r
puts [ format "%-5s %-20s %-50s" " " isCredentialForwardable $r ]
catch { $AdminConfig showAttribute $e password } r
puts [ format "%-5s %-20s %-50s" " " password $r ]
catch { $AdminConfig showAttribute $e private } r
puts [ format "%-5s %-20s %-50s" " " private $r ]
catch { $AdminConfig showAttribute $e properties } r
puts [ format "%-5s %-20s %-50s" " " properties $r ]
catch { $AdminConfig showAttribute $e public } r
puts [ format "%-5s %-20s %-50s" " " public $r ]
catch { $AdminConfig showAttribute $e shared } r
puts [ format "%-5s %-20s %-50s" " " shared $r ]
catch { $AdminConfig showAttribute $e simpleAuthConfig } r
puts [ format "%-5s %-20s %-50s" " " simpleAuthConfig $r ]
catch { $AdminConfig showAttribute $e singleSignon } r
puts [ format "%-5s %-20s %-50s" " " singleSignon $r ]
# display SSO properties
foreach { a b } [ $AdminConfig showall $r ] {
puts [ format "%-10s %-20s %-15s" " " [ lindex $a 0 ] [ lindex $a 1 ] ]
puts [ format "%-10s %-20s %-15s" " " [ lindex $b 0 ] [ lindex $b 1 ] ]
}
catch { $AdminConfig showAttribute $e timeout } r
puts [ format "%-5s %-20s %-50s" " " timeout $r ]
catch { $AdminConfig showAttribute $e trustAssociation } r
puts [ format "%-5s %-20s %-50s" " " trustAssociation $r ]
}
} else {
puts "\nproblem accessing LDAP user registry ID.\n"
puts $r
puts "************************************\n"
return -code error $r
}
return $ltpaId
}
#-------------------------------------------------------------------------------
# generate ltpa keys.
#-------------------------------------------------------------------------------
proc generateLtpaKeys { ltpaPassword } {
global AdminConfig AdminControl
puts "\n## generate ltpa keys"
if { [ catch { $AdminControl queryNames WebSphere:type=SecurityAdmin,* } sb ] == 0 } {
if { [ catch { $AdminControl invoke $sb generateKeys $ltpaPassword } r ] == 0 } {
return $r
} else {
puts "\nproblem generating LTPA keys.\n"
puts $r
puts "************************************\n"
return -code error $r
} else {
puts "\nproblem getting security bean.\n"
puts $r
puts "************************************\n"
return -code error $r
}
}
}
#-------------------------------------------------------------------------------
# set LTPA properties.
#-------------------------------------------------------------------------------
proc ltpaProperties { domainName password timeout ltpaId } {
global AdminConfig AdminControl
puts "\n## set Ltpda properties"
set password [ list password $password ]
set timeout [ list timeout $timeout ]
puts "\n## set SSO properties"
set domain [ list domainName $domainName ]
set requiresSSL [ list requiresSSL false ]
set enabled [ list enabled true ]
set propertiesList [ list $domain $requiresSSL $enabled ]
set singleSignon [ list singleSignon $propertiesList ]
set attrs [ list $password $timeout $singleSignon ]
if { [ catch { $AdminConfig modify $ltpaId $attrs } r ] == 0 } {
return $r
} else {
puts "\nproblem setting ltpa attributes.\n"
puts $r
puts "************************************\n"
return -code error $r
}
}
####################################################################
# Main Control.
####################################################################
puts "\n argc = $argc \n"
if {$argc < 2} {
return -code error "error - no arguments supplied. Supply domainName and ltpa password"
}
set domainName [ lindex $argv 0 ]
set ltpaPassword [ lindex $argv 1 ]
set timeout [ lindex $argv 2 ]
puts "domainName = $domainName "
puts "ltpaPassword = $ltpaPassword "
#######################################################################
# List servers and check if target server already exists.
# If so delete it and recreate.
#######################################################################
if { [ catch { getLTPAId } r ] == 0 } {
# puts "\n $r \n"
set ltpaId $r
} else {
return -code error $r
}
if { [ catch { ltpaProperties $domainName $ltpaPassword $timeout $ltpaId } r ] == 0 } {
puts "\n## Admin Config Save ##\n"
catch { $AdminConfig save } r
puts $r
} else {
return -code error $r
}
####################################################################
# List ltpa details to verify install.
####################################################################
if { [ catch { getLTPAId } r ] == 0 } {
# puts "\n $r \n"
set ltpaId $r
} else {
return -code error $r
}
