Configure WebSEAL for use with WebSphere Application Server
Overview
The first step is to create a junction between WebSEAL and WAS to carry the following headers:
- iv-creds or iv-user
- HTTP basic authentication
To create a TAI++ junction open a pdadmin command prompt from any node that has a TAM Runtime component installed. This can be done on the TAM Server node, WebSEAL node or the WebSphere Portal node.
server task webseald-server create -t ssl -b supply -c iv-creds -h host_name -p websphere_app_port_number junction_nameTo create a TAI junction...
server task webseald-server create -t ssl -b supply -c iv-user -h host_name -p websphere_app_port_number junction_nameIf warning messages are displayed about the incorrect setup of certificates and key databases, delete the junction, correct problems with the key databases and re-create the junction.
The junction can be created as -t tcp or -t ssl depending on your requirements.
To set up SSL across the junction configure WAS (WAS) or the HTTP Server used by WAS, to accept inbound SSL traffic by importing the necessary signing certificates into the WebSEAL certificate keystore, and possibly also the HTTP Server certificate keystore.
Single Sign-on
For single signon to WAS the SSO password must be set in WebSEAL. To set the password...
- Edit the WebSEAL configuration file,...
webseal_install_directory/etc/webseald-default.conf
- Set the following parameter,...
basicauth-dummy-passwd=webseal_userid_passwdWhere webseal_userid_passwd is the SSO password for the trusted user account .
- Restart WebSEAL.
See Also
Single signon using WebSEAL or the TAM plug-in for Web servers
Creating a trusted user account in TAM