Extended Tivoli Access Manager (ETAI)

Overview

The embedded Trust Association Interceptor++ (tai++) accepts an iv-creds header from WebSEAL or WebPlugins, and a trust password in a Basic Authentication header. The embedded tai++ authenticates the trust password and dismantles the iv-creds header to create the credential of the original user

The extended version of the Trust Association Interceptor++ (ETAI)...

• Does not require Tivoli Access Manager configuration on WebSphere Application Server.
• Can be configured to map the credential attributes of the user to different registry formats.
• Supports processing of Tivoli Federated Identity Manager security tokens.
• Supports trust mechanisms based on mutual authentication over SSL and validation of incoming certificate chain.
• Can work with iv-user only, in the absence of iv-creds.
• Can propagate rich identity to JAX-WS, LTPA, RMI/IIOP in the form of TAM binary security token.
• Can propagate TAM security attributes to the JAAS authorization token using a login module.

Prerequisites...

• IBM Tivoli Access Manager, v6.0, v6.1, or v6.1.1
• IBM WebSphere Application Server, versions 6.0.x, 6.1.x, 7.0.x and 8.0.x

More information

1. IBM Tivoli Access Manager for e-business: Installation Guide, GC23-6502
2. IBM Tivoli Access Manager for e-business: Administration Guide, SC23-6504
3. IBM Tivoli Access Manager for e-business: WebSEAL Administration Guide, SC23-6505
4. IBM Tivoli Access Manager for e-business: Web Security Developer Reference, SC23-6516

Parent: Set up a portal site