WebSEAL functionality on the ISAM appliance

Supported web reverse proxy functionality

The appliance web reverse proxy functionality is based on the technology included with the IBM Security Verify Access WebSEAL product. The appliance supports the majority of features offered by WebSEAL, with the exception of the items contained in the following table:

Feature Description

Custom libraries The appliance does not support custom CDAS and EAS library modules, which means the appliance does not support the following authentication mechanisms:

IP address
HTTP header
Post password change
WebSEAL does not provide CDAS modules for these mechanisms. The appliance does support the IBM Security Identity Manager Password Synchronization Plug-in. See the [itim] stanza in the Stanza Reference topics.

Local junctions The following limitations apply to local junction support on the appliance:

The appliance can support a single fixed file system path for the local junction of a WebSEAL instance.
Local junctions on the appliance cannot execute any CGI scripts.

Application Response Measurement WebSEAL software includes support for Application Response Measurement (ARM) to monitor transactions throughout the request and response processing stream. The appliance does not include ARM support.

Tivoli Common Directory Logging Stores all log files for IBM Security software applications in a common file system directory. The appliance does not support this common logging. Logging for the appliance is managed through the LMI.

Audit to a pipe or CARS The appliance cannot send audit records directly to a pipe or a CARS server. It can however, use an intermediate Verify Access authorization server to indirectly send audit records to the destinations.

ARS (web service) The IBM Security Verify Access for Web ARS web service can send request information to an external ARS server for authorization. ARS is not available on the appliance.

Parent topic: web reverse proxy administration

Feature	Description
Custom libraries	The appliance does not support custom CDAS and EAS library modules, which means the appliance does not support the following authentication mechanisms: IP address HTTP header Post password change WebSEAL does not provide CDAS modules for these mechanisms. The appliance does support the IBM Security Identity Manager Password Synchronization Plug-in. See the [itim] stanza in the Stanza Reference topics.
Local junctions	The following limitations apply to local junction support on the appliance: The appliance can support a single fixed file system path for the local junction of a WebSEAL instance. Local junctions on the appliance cannot execute any CGI scripts.
Application Response Measurement	WebSEAL software includes support for Application Response Measurement (ARM) to monitor transactions throughout the request and response processing stream. The appliance does not include ARM support.
Tivoli Common Directory Logging	Stores all log files for IBM Security software applications in a common file system directory. The appliance does not support this common logging. Logging for the appliance is managed through the LMI.
Audit to a pipe or CARS	The appliance cannot send audit records directly to a pipe or a CARS server. It can however, use an intermediate Verify Access authorization server to indirectly send audit records to the destinations.
ARS (web service)	The IBM Security Verify Access for Web ARS web service can send request information to an external ARS server for authorization. ARS is not available on the appliance.