Configuring IMPACT to Authenticate against the ObjectServer
Impact can be configured to use the ObjectServer to authenticate and authorise users. This tip outlines the steps needed to accomplish this.
Stop the embedded WebSphere Application Server
$NCHOME/bin/ewas.sh stop -username wasadmin -password netcool
Install the Virtual Member Manager (VMM)
The install-vmm4ncos.sh script is used to install the VMM. The usage of this script is:
install-vmm4ncos.sh <ObjectServer_user> <ObjectServer_password> <ObjectServer_host:port>
You can specify multiple ObjectServers (a failover pair for example). To do so the list must be quoted so it is passed to the script as a single argument e.g. “carl:4100 lenny:4100”
sh $NCHOME/etc/tivoli-vmm4ncos/bin/install-vmm4ncos.sh root "" carl:4100
Restart the embedded WebSphere Application Server
Create ObjectServer groups to control authorisation
Impact defines 3 roles available for users – IMPACT_USER, NETCOOL_ADMIN and OPVIEW_USER. A group for each role should be created in the ObjectServer. In the screenshot below you can see that I have created the groups ImpactUser, NetcoolAdmin and OpViewUser:
Edit the VMM configuration file
The group to role mapping information is maintained in the file
$NCHOME/etc/tivoli-vmm4ncos/guiserver.settings. The role setting information is at the bottom of the file. Uncomment the
role.XXXXX.group lines and add the names of the groups just created.
Update the role information
Note that this command will prompt for the embedded WAS admin user and password, so make sure you have a valid DISPLAY set. You must be in the
$NCHOME/etc/tivoli-vmm4ncos directory for the
update-impact-roles.sh command to work.
You should now be able to add users to the groups in Omnibus.
It looks like Impact does some caching of group information as it can take 30 minutes or so for group changes to be detected. Re-running the update-impact-roles.sh script forces the changes to take effect.