Specify the WebSEAL host name

Typically, the name of the WebSEAL host computer is automatically determined when this information is required. There are situations, such as with virtual host junctions, where the WebSEAL host can use several names. On systems with many host names, interfaces, or WebSEAL instances, the automatic determination might not be correct for a specific situation. We can specify the correct one.

Host name in the configuration file

The name uniquely identifies a WebSEAL server process. We can configure multiple WebSEAL servers on one computer system. Therefore, each WebSEAL server process must have a unique name. Each WebSEAL server process is known as an instance. Each WebSEAL instance has its own configuration file. The server-name stanza entry in the [server] stanza of the configuration file for each WebSEAL instance specifies the unique name for that WebSEAL instance. The server-name stanza entry is a combination of the host name of the physical computer where WebSEAL is installed and the WebSEAL instance name. Both names are specified during WebSEAL configuration.

[server]
server-name = host_name-instance_name

A computer host name always has a fully qualified name, for example, abc.ibm.com). It also can have a short name, for example, abc. When prompted for the host name during WebSEAL configuration, we can specify either the fully qualified name or the short name. In the following example, the WebSEAL instance name web1 is on a computer with a fully qualified host name of abc.ibm.com, as specified during WebSEAL configuration.

[server]
server-name = abc.ibm.com-web1

The initial WebSEAL server is automatically assigned an instance name of default, unless we modify this name during WebSEAL configuration. For example:

[server]
server-name = abc.ibm.com-default

Host name in the pdadmin server list command

The instance name also affects how the WebSEAL server is listed with the pdadmin server list command. Because the pdadmin command serves the entire Security Verify Access family, a product component name is required in the command syntax. The component name for WebSEAL is webseald. For the pdadmin server list command, the WebSEAL server name has the following format.

instance-webseald-host

The following example shows the output from pdadmin server list for the instance web1 installed on the host abc.ibm.com:

web1-webseald-abc.ibm.com

The following pdadmin server list command output displays an initial default WebSEAL server and a second WebSEAL instance named web1:

pdadmin> server list
web1-webseald-abc.ibm.com
default-webseald-abc.ibm.com

Host name in the protected object space

Each WebSEAL instance is represented as a member of the /WebSEAL container object in the protected object space. Two WebSEAL instances (default and web1), on the host abc.ibm.com, appear in the protected object space in the following format:

/WebSEAL/abc.ibm.com-web1
/WebSEAL/abc.ibm.com-default

We can manually specify the host name in the web-host-name stanza entry in the [server] stanza of the WebSEAL configuration file. The value must be the fully qualified name. This manual setting resolves any conflicts in determining the host name used, for example, by WebSEAL HTTP/HTTPS responses and authentication mechanisms in a traditional junction environment.

By default, web-host-name is not enabled and has no value. When required, WebSEAL attempts to automatically determine the host name.

Steps

1. Stop the WebSEAL server process.
2. Manually edit the WebSEAL configuration file to provide a value for the stanza entry.
3. Uncomment the line.
4. Restart WebSEAL.

Example

[server]
web-host-name = abc.ibm.com

Notice the difference in syntax between the server-name and the web-host-name values. For example:

[server] server-name = abc.ibm.com-default
web-host-name = abc.ibm.com

Parent topic: Web server configuration

Related concepts

• Content caching
• Communication protocol configuration
• IPv4 and IPv6 overview
• IPv6: Compatibility support
• IP levels for credential attributes
• LDAP directory server configuration
• WebSEAL worker thread configuration
• WebSEAL worker threads
• Global allocation of worker threads for junctions
• Per-junction allocation of worker threads for junctions
• HTTP data compression
• WebSEAL data handling by using UTF-8
• UTF-8 dependency on user registry configuration
• UTF-8 data conversion issues
• UTF-8 impact on authentication
• UTF-8 impact on authorization (dynamic URL)
• Encoding type usage
• UTF-8 support for uniform resource locators
• UTF-8 support in POST body information (forms)
• UTF-8 support in query strings
• UTF-8 encoding of tokens for cross domain single signon
• UTF-8 encoding of tokens for e-community single signon
• UTF-8 encoding of cookies for failover authentication
• UTF-8 encoding of cookies for LTPA authentication
• UTF-8 encoding in junction requests
• Validation of character encoding in request data
• Set system environment variables
• Cross-Origin Resource Sharing (CORS) Support

Related tasks

• Modify the configuration file settings
• Configure WebSEAL for IPv6 and IPv4 requests

Related reference

• IPv6: Upgrade notes
• Allocation view of worker threads for junctions
• Supported wildcard pattern matching characters