Configuring Tivoli Access Manager plug-in for Web servers for use with WebSphere Application Server

Tivoli Access Manager plug-in for Web servers can be used as a security gateway for your protected WebSphere Application Server resources.

About this task

With such an arrangement the plug-in authorizes all user requests before passing the credentials of the authorized user to WebSphere Application Server in the form of an iv-creds header. Trust between the plug-in and WebSphere Application Server is established through use of basic authentication headers containing the single sign-on (SSO) user password.

Procedure

  1. The Tivoli Access Manager plug-in for Web servers configuration shows IV headers configured for post-authorization processing, and basic authentication that is configured as the authentication mechanism and for post-authorization processing, as shown in the example below.
  2. After a request is authorized, the basic authentication header is removed from the request (strip-hdr=always) and a new one is added (add-hdr=supply).
  3. Included in this new header is the password that is set when the SSO user is created in Creating a trusted user account in Tivoli Access Manager.
  4. Specify this password in the supply-password parameter and it is passed in the newly created header. This basic authentication header enables trust between WebSphere Application Server and the plug-in.
  5. An iv-creds header is also added (generate=iv-creds), which contains the credential information of the user passed onto WebSphere Application Server. Session cookies are used to maintain session state.

Example

[common-modules]
authentication = BA
session = session-cookie
post-authzn = BA
post-authzn = iv-headers

[iv-headers]
accept = all
generate = iv-creds

[BA]
strip-hdr = always
add-hdr = supply
supply-password = sso_user_password

What to do next

Configuring single sign-on using the trust association interceptor or Configuring single sign-on using trust association interceptor ++




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Feb 19, 2011 5:25:36 AM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v610web&product=was-nd-mp&topic=tsec_step3_plugin_config
File name: tsec_sso_ws_step3_plugin_config.html