Creation of a junction for an initial server

Creation of a junction for an initial server

We can create a new junction with the create command.
Operation: Creates a new junction point and junctions an initial server.
Syntax:
create -t type -h host-name options junction-point

junction-point is name of the junction point. Required.
Options

Junction type Parameter Description

Standard -t type Type of junction. One of: tcp, ssl, tcpproxy,sslproxy, local, mutual. Required. Default port for -t tcp is 80. Default port for -t ssl is 443.
Standard -h host-name The DNS host name or IP address of the target back-end server. Required.
Standard -a address Local IP address that WebSEAL uses when communicating with the target back-end server. If not provided, WebSEAL uses the default address as determined by the operating system. If we supply an address for a particular junction, WebSEAL will be modified to bind to this local address for all communication with the junctioned server.

Standard -E description A description of the junction.

Standard -f Forces the replacement of an existing junction.

Standard -i WebSEAL server treats URLs as case insensitive.

Standard -q location Provides WebSEAL with the correct name of the query_contents program file and where to find the file. By default, the Windows file is called query_contents.exe and the UNIX file is called query_contents.sh. By default, WebSEAL looks for the file in the cgi_bin directory of the back-end Web server. Required for back-end Windows and UNIX Web servers.

Standard -T resource
-T resource-group Name of GSO resource or resource group. Required for and used only with -b gso option.

Standard -w Windows filesystem support.

TCP and SSL -p port TCP port of the back-end third-party server. Default is 80 for TCP junctions; 443 for SSL junctions.

Stateful -s The junction should support stateful applications. By default, junctions are not stateful.

Stateful -u UUID UUID of a back-end server connected to WebSEAL using a stateful junction (-s).

Mutual -p HTTP port HTTP port of the back-end third-party server.

Mutual -P HTTPS port HTTPS port of the back-end third-party server.

Mutually authenticated -B WebSEAL uses BA header information to authenticate to back-end server. Requires -U, and -W options.

Mutually authenticated -D "DN" Distinguished name of back-end server certificate. This value, matched with actual certificate DN enhances authentication.

Mutually authenticated -K "key-label" Key label of WebSEAL's client-side certificate, used to authenticate to back-end server.

Mutually authenticated -U "username" WebSEAL user name. Use with -B to send BA header information to back-end server.

Mutually authenticated -W "password" WebSEAL password. Use with -B to send BA header information to back-end server.

Proxy junction -H host-name The DNS host name or IP address of the proxy server. Requires -t tcpproxy or -t sslproxy

Proxy junction -P port The TCP port of the proxy server. Requires -t tcpproxy or -t sslproxy.

BA Identity in HTTP header -b BA-value Defines how the WebSEAL server passes client identity information in HTTP basic authentication (BA) headers to the back-end server. One of: filter (default), ignore, supply, gso

Identity in HTTP header -c header-types Inserts client identity information specific to ISAM in HTTP headers across the junction. The header-types argument can include any combination of the following header types: iv-user, iv-user-l, iv-groups, iv-creds, all.

Identity in HTTP header -e encoding-type Encoding to use when generating HTTP headers for junctions. This encoding applies to headers generated with both the -c junction option and tag-value. Possible values for encoding are:

utf8_bin
utf8_uri
lcp_bin
lcp_uri

Identity in HTTP header -I Cookie handling: -I ensures unique Set-Cookie header name attribute.

Identity in HTTP header -j Supplies junction identification in a cookie to handle script generated server-relative URLs.

Identity in HTTP header -J JavaScript Control the junction cookie JavaScript block.

-J trailer Append (rather than prepend) the junction cookie JavaScript to HTML page returned from back-end server.
-J inhead Insert the JavaScript block between <head> </head> tags for HTML 4.01 compliance.
-J onfocus Ensure the correct junction cookie is used in a multiple-junction/multiple-browser-window scenario.
-J xhtml10 Insert a JavaScript block that is HTML 4.01 and XHTML 1.0 compliant.

Identity in HTTP header -k Sends session cookie to back-end portal server.

Identity in HTTP header -n No modification of the names of non-domain cookies are to be made. Use when client-side scripts depend on the names of cookies. By default, if a junction is listed in the JMT or if the -j junction option is used, WebSEAL prepends the names of non-domain cookies that are returned from the junction to with: AMWEBJCT_junction_point_

Identity in HTTP header -r Insert incoming IP address in HTTP header across the junction.

Junction fairness -l percent-value Soft limit for consumption of worker threads.

Junction fairness -L percent-value Hard limit for consumption of worker threads.

WebSphere SSO -A Enable junctions to support LTPA cookies (tokens). LTPA version 1 cookies (LtpaToken) and LTPA version 2 cookies (LtpaToken2) are both supported. LTPA version 1 cookies are specified by default. LTPA version 2 cookies must be specified with the additional -2 option. Also requires -F, and -Z options.

WebSphere SSO -2 Used with the -A option. Specifies that LTPA version 2 cookies (LtpaToken2) are used. The -A option without the -2 option specifies that LTPA version 1 cookies (LtpaToken) are used.

WebSphere SSO -F "keyfile" Name of the key file used to encrypt LTPA cookie data. Only valid with -A option.

WebSphere SSO -Z "keyfile-password" Password for the key file used to encrypt LTPA cookie data. Only valid with -A option.

Federation Runtime -Y Enable the Federation Runtime for the junction. Before using this option, configure the WebSEAL configuration files to support the Federation Runtime single sign-on over junctions.

WebSEAL-to-WebSEAL SSL -C Mutual authentication between a front-end WebSEAL server and a back-end WebSEAL server over SSL. Requires -t ssl or -t sslproxy type.

Forms single signon -S file_name Name of the forms single signon configuration file.

Virtual hosts -v virtualhost[:port] Virtual host name represented on the back-end application server. For mutual junctions this value corresponds to the virtual host used for HTTP requests. We use -v when the back-end junction server expects a Host header because we are junctioning to one virtual instance of that server. The default HTTP header request from the browser does not know the back-end server has multiple names and multiple virtual servers. We configure WebSEAL to supply that extra header information in requests destined for a back-end server set up as a virtual host.

Virtual hosts -V virtualhost[:port] Virtual host name represented on the back-end application server. Corresponds to the virtual host is used for HTTPS requests. Only used for mutual junctions. We use -V when the back-end junction server expects a Host header because we are junctioning to one virtual instance of that server. The default HTTPS header request from the browser does not know the back-end server has multiple names and multiple virtual servers. We configure WebSEAL to supply that extra header information in requests destined for a back-end server set up as a virtual host.

Transparent -x Create a transparent path junction.

Parent topic: Command option summary: standard junctions
Related concepts

Standard WebSEAL junction configuration
Addition of server to an existing junction
Use pdadmin server task to create junctions
Server task commands for junctions