We are designing a system where will use SharePoint, the customer has Tivoli Identity Manager integrated with Active Directory.
One way that we have thought of doing this is by creating an asp.net membership provider that communicates with TIM. But then how to connect roles in TIM to access to lists?
Or does anyone have a better idea of how to do this?
We are using WSS 3.0.
I'm pretty Microsoft-centric, so I don't know the differences between TIM and TAM, but maybe this will help. We looked into Tivoli Access Manager for Microsoft .NET last summer with the goal of using it as a secondary authentication option for users that did not have Active Directory IDs
The following was contained within the downloaded documentation:
Tivoli Access Manager Role and Membership Providers for ASP.NET
This use case differs in that it is not a single sign-on solution and therefore does not require the Tivoli Access Manager authentication module for ASP.NET, nor WebSEAL, or the Plug-in for Web Servers.
This use case exploits the Role and Membership Provider model and abstract classes introduced to the ASP.NET 2.0 framework. By making the appropriate configurations in the web.config file, an ASP.NET application is able to externalize all authentication, authorization, role and membership administration responsibilities to Tivoli Access Manager via the Tivoli Access Manager Role and Membership Providers for ASP.NET.
Furthermore, the programmatic and declarative security constructs of the .NET languages are also able to be utilized in this use case as the Principal of the HTTP request will be ‘provider aware’ and automatically query the configured role provider for authorization decisions.
In the end, we did not use it because the required changes to the server were rejected: