Single signon using WebSEAL or the TAM plug-in for Web servers
The TAM WebSEAL or the TAM plug-in for Web servers can be used as reverse proxy servers to provide access management and single signon (SSO) capability to WAS resources. WebSEAL or the plug-in can authenticate users and forward credentials to WAS in the form of an IV Header.
With TAI, the end-user name is extracted from the HTTP header and forwarded to embedded Tivoli Access Manager where it is used to construct the client credential information and authorize the user. The difference with the new TAI interface is that all user credential information is available in the HTTP header (not just user name). The new TAI is the more efficient of the two solutions as an LDAP call is not required as it is with TAI. TAI functionality is retained for backwards compatibility.
The following tasks need to be completed to enable single signon to WAS using either WebSEAL or the plug-in for Web servers. These tasks assume that embedded TAM is configured for use.
- Create a trusted user account in TAM
- Configure WebSEAL for use with WAS or Configure TAM plug-in for Web servers for use with WAS
- Configure single signon using the trust association interceptor or Configure single signon using trust association interceptor ++
Related Tasks
Create a trusted user account in TAM
Configure WebSEAL for use with WAS
Configure TAM plug-in for Web servers for use with WAS
Configure single signon using the trust association interceptor
Configure single signon using trust association interceptor ++