Use the following information to enable single sign-on to WebSphere
Application Server using either WebSEAL or the plug-in for Web servers.
About this task
Either Tivoli Access Manager WebSEAL or Tivoli Access Manager plug-in
for Web servers can be used as reverse proxy servers to provide access management
and single sign-on (SSO) capability to WebSphere Application Server resources.
With such an architecture, either WebSEAL or the plug-in authenticates users
and forwards the collected credentials to WebSphere Application Server in
the form of an IV Header. Two types of single sign-on are available, the TAI
interface and the TAI++ interface, so named as both use WebSphere Application
Server trust association interceptors (TAI). With the TAI, the end-user name
is extracted from the HTTP header and forwarded to embedded Tivoli Access
Manager where the end-user name is used to construct the client credential
information and authorize the user. With the TAI++, all of the user credential
information is available in the HTTP header and not just the user name. The
TAI++ is the more efficient of the two solutions because a Lightweight Directory
Access Protocol (LDAP) call is not required. TAI functionality is retained
for backwards compatibility.
Complete the following tasks to enable single
sign-on to WebSphere Application Server using either WebSEAL or the plug-in
for Web servers. These tasks assume that embedded Tivoli Access Manager is
configured for use.