SSO application - Enable authentication on a separate system with WebSEAL

Enabling authentication with WebSEAL eliminates the need for a separate password to access IBM Security Identity Manager..

1. Configure ISIM for SSO with application server trust association interceptors and ISAM WebSEAL

2. On the server where the SSO application is installed, configure a Trust Association Interceptor for the application security domain.

3. Define a junction that points to the SSO application. For example,
   server task default-webseald-tam60-server create -b supply -t tcp -s -j -e utf8_uri -c iv_creds -p 9080 -h AppServer.myco.com /appserver

4. Create an ACL that requires authenticated access to associate with the WebSEAL junction. For example,
   pdadmin> acl create SSOAPP-ACL

5. Grant access to the ACL. For example,
   pdadmin> acl modify SSOAPP-ACL set group ITIM-Group Trx
   acl modify SSOAPP-ACL set any-other T
   acl modify SSOAPP-ACL set unauthenticated T

6. Associate the WebSEAL junction to the ACLs. For example,
   acl attach /WebSEAL/tam60-server-default/itimserver/itim_ws SSOAPP-ACL

Parent topic: Install on a separate system than where ISIM is installed