Configure WebSEAL for use with WebSphere Application Server
OverviewThe first step is to create a junction between WebSEAL and WAS to carry the following headers:
To create a TAI++ junction open a pdadmin command prompt from any node that has a TAM Runtime component installed. This can be done on the TAM Server node, WebSEAL node or the WebSphere Portal node.server task webseald-server create -t ssl -b supply -c iv-creds -h host_name -p websphere_app_port_number junction_name
To create a TAI junction...server task webseald-server create -t ssl -b supply -c iv-user -h host_name -p websphere_app_port_number junction_name
If warning messages are displayed about the incorrect setup of certificates and key databases, delete the junction, correct problems with the key databases and re-create the junction.
The junction can be created as -t tcp or -t ssl depending on your requirements.
To set up SSL across the junction configure WAS (WAS) or the HTTP Server used by WAS, to accept inbound SSL traffic by importing the necessary signing certificates into the WebSEAL certificate keystore, and possibly also the HTTP Server certificate keystore.
For single signon to WAS the SSO password must be set in WebSEAL. To set the password...
- Edit the WebSEAL configuration file,...webseal_install_directory/etc/webseald-default.conf
- Set the following parameter,...basicauth-dummy-passwd=webseal_userid_passwd
Where webseal_userid_passwd is the SSO password for the trusted user account .
- Restart WebSEAL.
See AlsoSingle signon using WebSEAL or the TAM plug-in for Web servers
Creating a trusted user account in TAM
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.