Configure TAI in WebSphere Application Server

 

+

Search Tips   |   Advanced Search

 

The next step is to configure the TAI in WebSphere Application Server.

  1. Launch the Administrative Console for WebSphere and login.

  2. Expand...

    Security | Global security | Authentication Mechanisms | LTPA | Trust Association | Interceptors | com.ibm.ws.security.web.TAMTrustAssociaionInterceptorPlus | Custom properties | New

    Enter the following property name:

    com.ibm.websphere.security.webseal.loginId

    Enter the following property value:

    taiuser

    The taiuser must be the shortname of the user in LDAP. This user's password is configured in webseald.conf as the dummy password. This user must exist in LDAP in the directory tree that WebSphere application and TAM can search.

  3. Click OK to continue.

  4. Add the following properties to the TAI the same way as described above.

    • com.ibm.websphere.security.webseal.id = iv-user

      This is not required, by default it is set to iv-creds, since we have created the junction with -c all we can add the iv-user as an additional check forWebSEAL validation.

      This is a comma separated list of headers that should exist in the request.

    • com.ibm.websphere.security.webseal.hostnames

      set the hostname to access for theWebSEAL machine.

    • com.ibm.websphere.security.webseal.ports

      set the port to access for theWebSEAL machine.

    • com.ibm.websphere.security.webseal.checkViaHeader = true.

      Default value is false.

      When it is set to false, the webseal hostnames in the Via Header are ignored, and the hostnames and port properties do not need to be set. The only mandatory property when checkViaHeader is false is com.ibm.websphere.security.webseal.loginId.

      When set to true, the TAI is going to validate the hostnames set in TAI with the ones in the ViaHeader set byWebSEAL.

    • com.ibm.websphere.security.webseal.hostnames = m23vnx61

      It is not required if CheckViaHeader is set to false or not set. This is a comma separated list ofWebSEAL hostnames to be trusted and it is case sensitive. If using the Tivoli Access Manager plugin for Web servers, this property is not set.

    • com.ibm.websphere.security.webseal.ports = 443,80

      It is not required if CheckViaHeader is set to false or not set. This is a comma separated list ofWebSEAL ports to be trusted. If using the Tivoli Access Manager plugin for Web servers, this property is not set.

  5. Save the configuration for WebSphere, then restart the application server.