Resolving machine names in IBM Security Verify Access for Web

Resolving machine names

CDSSO can be unintentionally disabled upon WebSEAL startup because the machine itself is not adequately configured to resolve machine names.

The machine on which WebSEAL is located needs to be able to fully resolve an IP address. We can use the LMI to configure the DNS.
The following general information is provided only as an example:
Goal: Configure the machine to first look to DNS before checking the local /etc/hosts file for DNS information.
Steps

Make sure that /etc/resolv.conf has valid DNS server entries.
Edit /etc/nsswitch.conf so the hosts line indicates the correct order for checking DNS information:
hosts dns files

Alternative goal: Configure the machine to first use local DNS information (/etc/hosts) before checking DNS.

Configure the machine to check /etc/hosts before looking to DNS. Edit /etc/nsswitch.conf so the hosts line indicates the correct order for checking DNS information:
hosts files dns

Enter appropriate DNS information in /etc/hosts:
webseal1.fully.qualified.com 1.11.111.111
webseal2.fully.qualified.com 2.22.222.222

Parent topic: CDSSO conditions and requirements