Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Implement single sign-on to minimize web user authentications > Configure single sign-on capability with Tivoli Access Manager or WebSEAL

Configure WebSEAL for use with WAS

To create junctions between WebSEAL and WAS for...

• iv-credentials (for TAI++)
• iv-user (for TAI)

...and the HTTP basic authentication headers...

1. For SSL, import WAS signing certificates into the keystores for WebSEAL and IHS.

2. From the WebSEAL server, create the junction...

   • TAI++
     server task webseald-server create -t ssl -b supply -c iv_creds -h host_name -p websphere_app_port junction_name

   • TAI
     server task webseald-server create -t ssl -b supply -c iv_user -h host_name -p websphere_app_port junction_name

   If warning messages are displayed about the incorrect setup of certificates and key databases, delete the junction, correct problems with the key databases, and recreate the junction. The junction can be created as -t tcp or -t ssl.

3. Set password in WebSEAL. Edit...
   webseal_install_directory/etc/webseald-default.conf

   ...and set...

   basicauth-dummy-passwd=webseal_userid_passwd

4. Restart WebSEAL.

Create a trusted user account in Tivoli Access Manager
Configure single sign-on capability with Tivoli Access Manager or WebSEAL

+

Search Tips   |   Advanced Search