server task add
Adds an application server to an existing WebSEAL junction. Requires authentication (administrator ID and password) to use.
server task instance-webseald-host add -h host [options] junction_point
Options
-h host DNS host name or IP address of the target application server. Valid values for host include any valid IP host name. For example: www.example.com instance-webseald-host Full WebSEAL server name. Specify in the exact format as displayed in the output of the pdamin server list command. The instance specifies the configured name of the WebSEAL server instance. The webseald designation indicates the WebSEAL service performs the command task. The host is the name of the physical computer where the WebSEAL server is installed. For example, the configured name of a single WebSEAL server instance is default. The host computer name where the WebSEAL server is installed is abc.ibm.com. Then, the full WebSEAL server name is default-webseald-abc.ibm.com. If an additional WebSEAL server instance is configured and named web2, the full WebSEAL server name is: web2-webseald-abc.ibm.com
junction_point Name of the directory in the WebSEAL protected object space where the document space of the server is mounted. -D "dn" Distinguished name of the server certificate. This value, matched with the actual certificate DN, enhances authentication and provides mutual authentication over SSL. For example, the certificate for www.example.com might have the following DN: "CN=www.example.com,OU=Software,O=example.com\, Inc,L=Minneapolis, ST=Texas,C=US"
Valid only with junctions created with the type of ssl or sslproxy.
-H host DNS host name or IP address of the proxy server. Valid values for host include any valid IP host name. For example: www.example.com This option is used for junctions that were created with the type of tcpproxy or sslproxy. -i That the WebSEAL server does not treat URLs as case-sensitive. This option is used for junctions that were created with the type of tcp or ssl. -p port Specifies the TCP port of the server. Default is 80 for TCP junctions and 443 for SSL junctions. This option is used for junctions that were created with the type of tcp or ssl. -P port TCP port of the HTTP proxy server. The default value is 7138. Use this option for junctions that were created with the type of tcpproxy or sslproxy. For port, use any valid port number. A valid port number is any positive number allowed by TCP/IP and that is not currently being used by another application. Use the default port number value, or use a port number that is greater than 1000 that is not being used. This option is also valid for mutual junctions to specify the HTTPS port of the back-end third-party server. -q url Relative path for the query_contents script. By default, Security Verify Access looks for this script in the /cgi_bin subdirectory. If this directory is different or the query_contents file is renamed, use this option to indicate to WebSEAL the new URL to the file. Required for Windows servers. This option is used for junctions that were created with the type of tcp or ssl. -u uuid UUID of this server when connected to WebSEAL over a stateful junction that was using the -s option. This option is used for junctions that were created with the type of tcp or ssl. -v virtual_hostname Virtual host name that is represented on the server. This option supports a virtual host setup on the server. Use this option when the junction server expects a host name header, because we are junctioning to one virtual instance of that server. The default HTTP header request from the browser does not know the server has multiple names and multiple virtual servers. We must configure WebSEAL to supply that extra header information in requests that are destined for a server set up as a virtual host. This option is used for junctions that were created with the type of tcp or ssl. -V virtual_hostname Virtual host name that is represented on the back-end server. This option:
- Supports a virtual host setup on the back-end server.
- Is used only for mutual junctions.
- Corresponds to the virtual host used for HTTPS requests.
We can use -V when the back-end junction server expects a host name header and we are junctioning to one virtual instance of that server. The default HTTPS header request from the browser does not know the back-end server has multiple names and multiple virtual servers. We must configure WebSEAL to supply that extra header information. This header information applies to requests destined for a back-end server set up as a virtual host.
-w Indicates Microsoft Windows 32 bit (Win32) file system support. This option is used for junctions that were created with the type of tcp or ssl.
Authorization
Users and groups that require access to this command must be given the c (control) permission in the ACL that governs the /WebSEAL/host-instance/junction_point object. For example, the sec_master administrative user is given this permission by default.
Return codes
0 The command completed successfully. For WebSEAL server task commands, the return code is 0 when the command is sent to the WebSEAL server without errors. However, even after the command was successfully sent, the WebSEAL server might not be able to successfully complete the command, and returns an error message. 1 The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the ISAM error messages by decimal or hexadecimal codes. This command is available only when WebSEAL is installed.
For more information about how to add servers to existing junctions, see the Administering topics in the IBM Knowledge Center.
Example
Create a junction for the WebSEAL server named WS1 to the server named APP1. The example adds another server named APP2 to the same junction point:pdadmin> server task default-webseald-WS1 create -t tcp -h APP1 -s /mnt
pdadmin> server task default-webseald-WS1 add -h APP2 /mnt
See also
server task create
server task delete
server task remove
server task showParent topic: pdadmin commands