WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Single signon using WebSEAL or the Tivoli Access Manager plug-in for Web servers

Either Tivoli Access Manager WebSEAL or Tivoli Access Manager plug-in for Web servers can be used as reverse proxy servers to provide access management and single signon (SSO) capability to WebSphere Application Server resources. With such an architecture, either WebSEAL or the plug-in authenticates users and forwards the collected credentials to WebSphere Application Server in the form of an IV Header. Two types of single signon are available, the TAI interface and the new TAI interface, so named as both use WebSphere Application Server trust association interceptors (TAIs). With TAI, the end-user name is extracted from the HTTP header and forwarded to embedded Tivoli Access Manager where it is used to construct the client credential information and authorize the user. The difference with the new TAI interface is that all user credential information is available in the HTTP header (not just user name). The new TAI is the more efficient of the two solutions as an Lightweight Directory Access Protocol (LDAP) call is not required as it is with TAI. TAI functionality is retained for backwards compatibility.

The following tasks need to be completed to enable single signon to WebSphere Application Server using either WebSEAL or the plug-in for Web servers. These tasks assume that embedded Tivoli Access Manager is configured for use.
  1. Creating a trusted user account in Tivoli Access Manager
  2. Configuring WebSEAL for use with WebSphere Application Server or Configuring Tivoli Access Manager plug-in for Web servers for use with WebSphere Application Server
  3. Configuring single signon using the trust association interceptor or Configuring single signon using trust association interceptor ++



Related tasks
Creating a trusted user account in Tivoli Access Manager
Configuring WebSEAL for use with WebSphere Application Server
Configuring Tivoli Access Manager plug-in for Web servers for use with WebSphere Application Server
Configuring single signon using the trust association interceptor
Configuring single signon using trust association interceptor ++

Concept topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/csec_sso_ws_using.html

© Copyright IBM Corporation 2004, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)