SSO Application - Enable authentication with WebSEAL

SSO Application - Enable authentication with WebSEAL

Enabling authentication with WebSEAL eliminates the need for a separate password to access IBM Security Identity Manager..

Configure ISIM for SSO with application server trust association interceptors and ISAM WebSEAL
Create an access control list that requires authenticated access to associate with the WebSEAL junction. For example,
pdadmin> acl create SSOAPP-ACL

Grant access to the ACL. For example,
pdadmin> acl modify SSOAPP-ACL set group ITIM-Group Trx
acl modify SSOAPP-ACL set any-other T
acl modify SSOAPP-ACL set unauthenticated T

Create the junction between WebSEAL and the back-end WebSphere server If we are installing the SSO application on an IBM Security Identity Manager cluster, the LTPA token must be enabled at the WebSEAL junction. To enable the LTPA token at the junction to the SSO application, you must provide the following information.

The location of the key file used to encrypt the identity information.
The password to this key file.

Web services configuration requirements are specified in three extra options to the server task create command used to create the junction.

-A Enable the LTPA cookies.
-F keyfile Full path name location on the WebSEAL server of the key file used to encrypt the identity information that is contained in the cookie. The shared key is originally created on the WebSphere server and copied securely to the WebSEAL server. See the appropriate WebSphere documentation for details about this task.
-Z keyfile-password Password needed to open the key file. The password appears as encrypted text in the junction XML file.

Use these options and the other junction options when we create the junction between WebSEAL and the back-end WebSphere server..
For example:
server task default-webseald-tam60-server create -b supply -t tcp -s -j -e utf8_uri -c iv-creds -A -F "/abc/xyz/key.file" -Z "abcdefg" -p 9080 -h ITIMServer.ondemandinc.com/isimserver

Associate the WebSEAL junction to the ACLs. For example,
acl attach /WebSEAL/tam60-server-default/itimserver/itim_ws SSOAPP-ACL

Parent topic: Install on a system where ISIM is installed

-A	Enable the LTPA cookies.
-F keyfile	Full path name location on the WebSEAL server of the key file used to encrypt the identity information that is contained in the cookie. The shared key is originally created on the WebSphere server and copied securely to the WebSEAL server. See the appropriate WebSphere documentation for details about this task.
-Z keyfile-password	Password needed to open the key file. The password appears as encrypted text in the junction XML file.