Guidelines for creating WebSEAL junctions

Guidelines for creating WebSEAL junctions

We can add a junction anywhere in the primary WebSEAL object space.
We can junction multiple replica back-end servers at the same mount point.
Multiple replica back-end servers mounted to the same junction point must be of the same type.
ACL policies are inherited across junctions to back-end Web servers.
The junction name should not match any directory name in the Web space of the back-end server if HTML pages from that server contain programs (such as JavaScript or applets) with server-relative URLs to that directory. For example, if pages from the back-end server contain programs with a URL of form /path, do not create a junction name using /path.
Create multiple WebSEAL junctions that point to the same back-end application server/port is not a secure junction configuration. Each junction can be controlled by unique ACLs. One junction secured with more permissive ACLs can compromise another junction secured with less permissive ACLs. This type of configuration can cause unintended control of access to resources and is therefore not a supported configuration strategy for ISAM.
WebSEAL supports HTTP/1.1 and HTTP/2 across junctions.

Parent topic: Technical notes for using WebSEAL junctions