ISAM WebSEAL reverse proxy server
Architecture
Components:
- IBM Security Verify Governance (ISIM)
- IBM Security Verify Access V10 (ISAM)
- IBM Security Directory Integrator (SDI)
Specifications supported:
- Kerberos
- OpenID Connect which uses OAuth
- SAML
Before migrating
- Run WAS security configuration report
- Query webseald.conf to get info on existing configurion for LDAP, junctions, authentication (certs, http-headers, etc), content (redirects, mime-types, etc, logging, and policy director.
- Copy the WebSEAL certificate file to a temporary directory:
# cp /opt/pdweb/www/certs/pdsrv.kdb /path/to/temporary_directory
WebSEAL notes
IBM ISAM WebSEAL is a Web server that applies fine-grained security policy to the ISAM protected Web object space. Provides SSO solutions and authentication/authorization control.
ACL policies provide the authorization service with information to make a "yes" or "no" answer on a request to access a protected object and perform some operation on that object.
Protected object policies (POP) contain additional conditions on the request that are passed back to ISAM Base and the resource manager (such as WebSEAL) along with the "yes" ACL policy decision from the authorization service.
Web Portal Manager graphical tool to manage security policy. The pdadmin command line utility provides the same, and more, administration capabilities.
The authentication method results in a client identity. Client authentication is successful only if the user has an account defined in the ISAM user registry or is processed successfully by a Cross-domain Authentication Service (CDAS)
Program files...
/opt/pdweb/
Document root doc-root = /opt/pdweb/www/docs
Logs /var/pdweb/www/log/
Restart:
pdweb {start|stop|restart|status}
User registries:
See also
- ACL policies
- Set up certificates
- Configure authentication
- WebSEAL setup
- TAM WebSEAL administrators guide
- Identity Management