Operation for local response redirection

Operation for local response redirection

When WebSEAL receives a client request, it determines the appropriate operation required in response to the request.
To respond appropriately, the response handler application must be informed of the required response operation, as determined by WebSEAL. Example operations include serving a standard login form, a change password form, or an access denied error message.
The required operation is provided as an argument in the query string of the HTTP 302 Location URI header. The label for the operation argument is TAM_OP.
The following table lists the valid values for the TAM_OP query string argument:

Values for TAM_OP Operation Argument Description

acct_inactivated User has provided correct authentication details, but nsAccountLock is set to true for the user in Sun Java™ System Directory Server.

acct_locked User authentication failed due to a locked (invalid) account.

cert_login User must login with a certificate when accept-client-certs = prompt_as_needed.

cert_stepup_http User tried to step-up to certificate authentication over HTTP, which is not allowed (HTTPS is required).

eai_auth_error External authentication interface information returned to WebSEAL is invalid.

error An error occurred. Check the ERROR_CODE macro for the hexadecimal error code. See the Error messages section of the IBM Knowledge Center.

failed_cert An attempt to authenticate with a client certificate failed. Client failed to authenticate with a certificate when accept-client-certs = required. A valid client certificate is required to make this connection. User's certificate is invalid.

help User performed an action that makes no sense, such as requesting /pkmslogout while logged in using basic authentication.

login User needs to authenticate.

login_success User successfully authenticated, but there is no last cached URL to redirect to.

logout User has logged out.

passwd User requests password change.

passwd_exp User's password has expired.

passwd_rep_failure Password change request failed.

passwd_rep_success Password change request succeeded.

passwd_warn Password is soon to expire.

passwd_warn_failure Password change not performed after notification the password is soon to expire.

stepup User must step-up to another authentication level. Check the AUTHNLEVEL macro for the required authentication level.

switch_user User requested the switch user login page.

too_many_sessions User has reached or exceeded the maximum number of allowed sessions.

The following example header shows a Location URI with a password change operation indicated in the query string:
Location: https://webseal/jct/handler-svr/handler?TAM_OP=passwd

Parent topic: Local response redirection

Values for TAM_OP Operation Argument	Description
acct_inactivated	User has provided correct authentication details, but nsAccountLock is set to true for the user in Sun Java™ System Directory Server.
acct_locked	User authentication failed due to a locked (invalid) account.
cert_login	User must login with a certificate when accept-client-certs = prompt_as_needed.
cert_stepup_http	User tried to step-up to certificate authentication over HTTP, which is not allowed (HTTPS is required).
eai_auth_error	External authentication interface information returned to WebSEAL is invalid.
error	An error occurred. Check the ERROR_CODE macro for the hexadecimal error code. See the Error messages section of the IBM Knowledge Center.
failed_cert	An attempt to authenticate with a client certificate failed. Client failed to authenticate with a certificate when accept-client-certs = required. A valid client certificate is required to make this connection. User's certificate is invalid.
help	User performed an action that makes no sense, such as requesting /pkmslogout while logged in using basic authentication.
login	User needs to authenticate.
login_success	User successfully authenticated, but there is no last cached URL to redirect to.
logout	User has logged out.
passwd	User requests password change.
passwd_exp	User's password has expired.
passwd_rep_failure	Password change request failed.
passwd_rep_success	Password change request succeeded.
passwd_warn	Password is soon to expire.
passwd_warn_failure	Password change not performed after notification the password is soon to expire.
stepup	User must step-up to another authentication level. Check the AUTHNLEVEL macro for the required authentication level.
switch_user	User requested the switch user login page.
too_many_sessions	User has reached or exceeded the maximum number of allowed sessions.