Set single sign-on capability with Tivoli Access Manager or WebSEAL


 

+

Search Tips   |   Advanced Search

 

Either Tivoli Access Manager WebSEAL or TAM plug-in for Web servers can be used as reverse proxy servers to provide access management and SSO capability to WAS resources.

WebSEAL or the plug-in authenticates users and forwards the collected credentials to WAS in the form of an IV Header. Two types of single sign-on are available...

With TAI, the end-user name is extracted from the HTTP header and forwarded to embedded TAM where the end-user name is used to construct the client credential information and authorize the user.

With TAI++, all of the user credential information is available in the HTTP header and not just the user name. The TAI++ is the more efficient of the two solutions because an LDAP call is not required. TAI functionality is retained for backwards compatibility.

Complete the following tasks to enable single sign-on to WAS using either WebSEAL or the plug-in for Web servers.

  1. Configured embedded TAM on appserver
  2. Create a trusted user account for TAM in the shared LDAP user registry.

  3. Set either WebSEAL or the TAM plug-in for Web servers to work with WAS...

  4. Set single sign-on using either the TAI or TAI++ interface.

 

Related tasks

Implementing single sign-on to minimize Web user authentications
Single sign-on settings
com.tivoli.pd.jcfg.PDJrteCfg utility for TAM single sign-on
com.tivoli.pd.jcfg.SvrSslCfg utility for TAM single sign-on
Create a trusted user account in TAM
Set WebSEAL for use with WAS
Set TAM plug-in for Web servers for use with WAS
Set single sign-on using trust association
Set single sign-on using trust association interceptor ++
Set global sign-on principal mapping