Define a junction that points to ISIM Server
Create a WebSEAL junction that points to ISIM Server with the pdadmin utility.
IBM Security Access Manager must be installed.
- Start pdadmin
- Log in to a secure domain as the sec_master administration user.
For example:
pdadmin> login
Enter User ID: sec_master
Enter Password: password
pdadmin>- Locate the name of the WebSEAL server to create the junction.
To determine the name of the WebSEAL server defined in IBM Security Access Manager, issue the server list command. The information that is returned contains the name in the following format:
webseald-server_hostname
...where server_hostname is the WebSEAL server name. If we install multiple WebSEAL server instances on the same workstation, the name format is server_ instancename-webseald-server_ hostname. For example:
pdadmin sec_master> server list amwpm-tam72-server ivacld-tam72-server default-webseald-tam72-server
pdadmin sec_master>- Issue the server task create command to create the junction. The command format is as follows.
server task webseal_server_name create options /junction_name
...where...
webseal_server_name Name of the WebSEAL server. -b supply How the WebSEAL server passes the HTTP BA authentication information to the backend server. -c iv-creds Specify client_identity_options, such as iv-creds to instruct WebSEAL to insert the iv-creds HTTP header variable. -e utf8_uri Encoding to use generating HTTP headers for junctions. Applies to headers generated with both the -c junction option and tag-value. The value utf8_uri specifies that WebSEAL sends the headers in UTF-8, but that URI also encodes them. This behavior is the default behavior. -h hostname Fully qualified host name of ISIM Server. -j Supply junction identification in a cookie to handle script-generated server-relative URLs. This option is valid for all junctions except for the type of local. -s The junction supports stateful applications. By default, junctions are not stateful. This option is valid for all junctions except for the type of local. -p port_number Port number for ISIM Server. -t tcp Type of junction type. -x Create a transparent path junction. This option is valid for all junctions except for the type of local. junction_name Specify a name for the junction point. Each junction point must have a unique name. For example, to define a TCP junction:
server task default-webseald-tam72-server create -b supply -t tcp -s -x -e utf8_uri -c iv_creds -p 9080 -h ITIMServer.example.com /itim/ui
- To create two junctions, one for Identity Service Center and the other for IBM Security Identity Manager REST.
- The junction name for Identity Service Center REST must be /itim/ui
- The junction name for IBM Security Identity Manager REST must be /itim/rest
Parent topic: Configure ISIM for SSO with application server trust association interceptors and ISAM WebSEAL