Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Implement single sign-on to minimize web user authentications

SSO with TAM or WebSEAL

Overview

We can enable single sign-on to WAS using either of the following as the reverse proxy server...

• Tivoli Access Manager WebSEAL
• Tivoli Access Manager plug-in for web servers

The proxy server...

1. Authenticates users

2. Forwards credentials to WAS in the form of an IV Header

TAIs on the WAS application host...

1. Extract the end-user name from the HTTP header and forward to embedded TAM
2. Credential information is created and used to authorize the user

With TAI++, all user information is available in the HTTP header, not just the name. An LDAP call is not required.

Enable SSO to WAS using WebSEAL or plug-in for web servers

1. Enable embedded TAM
2. Role-based security with embedded TAM
3. Create a trusted user account for TAM in shared LDAP user registry
4. Configure WebSEAL or configure TAM plug-in
5. Configure TAI or configure TAI++

Related

Single sign-on settings
com.tivoli.pd.jcfg.PDJrteCfg
com.tivoli.pd.jcfg.SvrSslCfg
Configure global sign-on principal mapping
Implement single sign-on to minimize web user authentications

+

Search Tips   |   Advanced Search