WebSEAL-to-WebSEAL junctions over SSL

ISAM supports SSL junctions between a front-end WebSEAL server and a back-end WebSEAL server. Use the -C option with the create command to junction the two WebSEAL servers over SSL and provide mutual authentication.

Example:

Mutual authentication occurs in the following two stages:

Additionally, the -C option enables single signon functionality provided by the -c option. The -c option allows us to place ISAM-specific client identity and group membership information into the HTTP header of the request destined for the back-end WebSEAL server. The header names include iv-user, iv-groups, and iv-creds. See Client identity in HTTP headers (-c).

The following conditions apply to WebSEAL-to-WebSEAL junctions:

Parent topic: Advanced junction configuration

Related concepts

Related tasks