Standard WebSEAL junctions
A WebSEAL junction is a TCP/IP connection between a front-end WebSEAL server and a back-end server. ISAM provides authentication, authorization, and management services for a network. In a web-based network, these services are best provided by one or more front-end WebSEAL servers that integrate and protect web resources and applications on back-end web servers. The connection between a WebSEAL server and a back-end web application server is known as a standard WebSEAL junction. WebSEAL also supports virtual hosting through another form of junctions called virtual host junctions. The back-end server can be another WebSEAL server or, more commonly, a third-party web application server. The back-end server web space is connected to the WebSEAL server at a specially designated junction (mount) point in the WebSEAL web space.
A junction allows WebSEAL to provide protective services on behalf of the back-end server. WebSEAL authenticates and authorizes all requests before it passes those requests on to the back-end server. If the back-end server requires fine-grained access control on its objects, Perform additional configuration steps, using the query_contents CGI program, to describe the third-party web space to the ISAM security service. Junctions provide a scalable, secure environment that allows load balancing, high availability, and state management capabilities, all performed transparently to clients. As an administrator, we can benefit from this centralized management of the web space. WebSEAL junctions provide the added value of logically combining the web space of a back-end server with the web space of the WebSEAL server. Junctions between cooperating servers result in a single, unified, distributed web space that is seamless and transparent to users. The client never needs to know the physical location of a web resource. WebSEAL translates logical URL addresses into the physical addresses that a back-end server expects. Web objects can be moved from server to server without affecting the way the client can access those objects. A unified web space simplifies the management of all resources for the system administrator. Additional administrative benefits include scalability, load balancing, and high availability.
- Introduction to IBM Security Verify Access
- WebSEAL introduction
- ISAM appliance
- WebSEAL functionality on the appliance
- Security concepts for a WebSEAL deployment
- Authorization process
- Security policy planning
- Content types and levels of protection
- WebSEAL authentication
- Web space scalability
Most commercial web servers cannot define a logical web object space. Instead, their access control is connected to the physical file and directory structure. WebSEAL junctions can transparently define an object space that reflects organizational structure rather than the physical machine and directory structure that is commonly encountered on standard web servers. With WebSEAL junctions, we can create single signon solutions. A single signon configuration allows a user to access a resource, regardless of the resource's location, by using only one initial login. Any further login requirements from back-end servers are handled transparently to the user. We can respond to increasing demands on a website by attaching additional servers.
Parent topic: IBM Security Verify Access WebSEAL overview
Related concepts