Configure TAM plug-in for Web servers for use with WAS


Search Tips   |   Advanced Search




Tivoli Access Manager (TAM) plug-in for Web servers can be used as a security gateway. The plug-in authorizes all user requests before passing the credentials of the authorized user to WAS in the form of an iv-creds header. Trust between the plug-in and WAS is established through use of basic authentication headers containing the single signon (SSO) user password.

In the following example TAM plug-in for Web Servers V5.1 configuration shows IV headers configured for post-authorization processing and basic authentication configured as the authentication mechanism and for post-authorization processing. After a request has been authorized the basic authentication header is removed from the request (strip-hdr = always) and a new one added (add-hdr = supply). Included in this new header is the password set when the SSO user was created in...

Creating a trusted user account in TAM

This password needs to be specified in the supply-password parameter and is passed in the newly created header. This basic authentication header enables trust between WAS and the plug-in.

An iv-creds header is also added (generate = iv-creds) which contains the credential information of the user passed onto WAS.

Note also that session cookies are used to maintain session state.



authentication = BA
session = session-cookie
post-authzn = BA
post-authzn = iv-headers

accept = all
generate = iv-creds

strip-hdr = always
add-hdr = supply
supply-password = sso_user_password


What to do next

Configure single signon using the trust association interceptor or Configure single signon using trust association interceptor ++


See Also

Single signon using WebSEAL or the TAM plug-in for Web servers


Related Tasks

Create a trusted user account in Tivoli Access Manager




Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.