Operating Systems: i5/OS
Personalize the table of contents and search results
Configure WebSEAL for use with WebSphere Application Server
Use this topic to set the SSO password in WebSEAL for single sign-on
to WebSphere Application Server.
Overview
A junction must be created between WebSEAL and WebSphere Application
Server. This junction carries the iv-credentials (for TAI++) or iv-user (for
TAI) and the HTTP basic authentication headers with the request. You can configure
WebSEAL to pass the end user identity in other ways, the iv-credentials header
is the only one supported by the TAI++ and the iv-user is the only one supported
by TAI.
We recommend that communications over the junction use Secure
Sockets Layer (SSL) for increased security. Setting up SSL across this junction
requires that you configure the HTTP Server used by WebSphere Application
Server, and WebSphere Application Server itself, to accept inbound SSL traffic
and route it correctly to WebSphere Application Server. This activity requires
importing the necessary signing certificates into the WebSEAL certificate
keystore, and possibly also the HTTP Server certificate keystore.
Create
the junction between WebSEAL and WebSphere Application Server using the -c
iv_creds option for TAI++ and -c iv_user for TAI. Enter either
of the following commands as one line using the variables that are appropriate
for your environment:
TAI++
server task webseald-server create -t ssl -b supply -c iv_creds
-h host_name -p websphere_app_port_number junction_name
TAI
server task webseald-server create -t ssl -b supply -c iv_user
-h host_name -p websphere_app_port_number junction_name
Notes:
- If warning messages are displayed about the incorrect setup of certificates
and key databases, delete the junction, correct problems with the key databases,
and recreate the junction.
- The junction can be created as -t tcp or -t ssl, depending
on your requirements.
For single sign-on ( SSO) to WebSphere Application Server the
SS) password must be set in WebSEAL. To set the password, complete the following
steps:
Procedure
- Edit the WebSEAL configuration file webseal_install_directory/etc/webseald-default.conf
Set the following parameter: basicauth-dummy-passwd=webseal_userid_passwd
where webseal_userid_passwd is
the SSO password for the trusted user account set in Creating a trusted user account in Tivoli Access Manager.
- Restart WebSEAL.
What to do next
For more details and options about how to configure junctions between
WebSEAL and WebSphere Application Server, including other options for specifying
the WebSEAL server identity, refer to the Tivoli Access Manager WebSEAL
Administration Guide as well as to the documentation for the HTTP Server
you are using with your WebSphere Application Server. Tivoli Access Manager
documentation is available at http://publib.boulder.ibm.com/tividd/td/tdprodlist.html.
}
Related tasks
Creating a trusted user account in Tivoli Access Manager
Configuring single sign-on capability with Tivoli Access Manager or
WebSEAL
|