Configure ISAM plug-in for web servers for use with WAS

ISAM plug-in for web servers can be used as a security gateway for the protected WebSphere Application Server resources.

With such an arrangement the plug-in authorizes all user requests before passing the credentials of the authorized user to WAS in the form of an iv-creds header. Trust between the plug-in and WAS is established through use of basic authentication headers containing the SSO user password.

  1. The TAM plug-in for web servers configuration shows IV headers configured for post-authorization processing, and basic authentication configured as the authentication mechanism and for post-authorization processing, as shown in the example below.

  2. After a request is authorized, the basic authentication header is removed from the request (strip-hdr=always) and a new one is added (add-hdr=supply).

  3. Included in this new header is the password set when the SSO user is created in Create a trusted user account in ISAM.

  4. Specify this password in the supply-password parameter and it is passed in the newly created header. This basic authentication header enables trust between WAS and the plug-in.

  5. An iv-creds header is also added (generate=iv-creds), which contains the credential information of the user passed onto WAS. Session cookies are used to maintain session state.


Example


Configure SSO using trust association or Configure SSO using trust association interceptor ++


Related


Configure SSO capability with ISAM WebSEAL
Create a trusted user account in ISAM


+

Search Tips   |   Advanced Search