Operation for local response redirection
When WebSEAL receives a client request, it determines the appropriate operation required in response to the request.
To respond appropriately, the response handler application must be informed of the required response operation, as determined by WebSEAL. Example operations include serving a standard login form, a change password form, or an access denied error message.
The required operation is provided as an argument in the query string of the HTTP 302 Location URI header. The label for the operation argument is TAM_OP.
The following table lists the valid values for the TAM_OP query string argument:
Values for TAM_OP Operation Argument Description acct_inactivated User has provided correct authentication details, but nsAccountLock is set to true for the user in Sun Java™ System Directory Server. acct_locked User authentication failed due to a locked (invalid) account. cert_login User must login with a certificate when accept-client-certs = prompt_as_needed. cert_stepup_http User tried to step-up to certificate authentication over HTTP, which is not allowed (HTTPS is required). eai_auth_error External authentication interface information returned to WebSEAL is invalid. error An error occurred. Check the ERROR_CODE macro for the hexadecimal error code. See the Error messages section of the IBM Knowledge Center. failed_cert An attempt to authenticate with a client certificate failed. Client failed to authenticate with a certificate when accept-client-certs = required. A valid client certificate is required to make this connection. User's certificate is invalid. help User performed an action that makes no sense, such as requesting /pkmslogout while logged in using basic authentication. login User needs to authenticate. login_success User successfully authenticated, but there is no last cached URL to redirect to. logout User has logged out. passwd User requests password change. passwd_exp User's password has expired. passwd_rep_failure Password change request failed. passwd_rep_success Password change request succeeded. passwd_warn Password is soon to expire. passwd_warn_failure Password change not performed after notification the password is soon to expire. stepup User must step-up to another authentication level. Check the AUTHNLEVEL macro for the required authentication level. switch_user User requested the switch user login page. too_many_sessions User has reached or exceeded the maximum number of allowed sessions.
The following example header shows a Location URI with a password change operation indicated in the query string:
Location: https://webseal/jct/handler-svr/handler?TAM_OP=passwd
Parent topic: Local response redirection