If you are using one of the three network security applications that Web Express Logon supports IBM Tivoli Access Manager, Netegrity Siteminder, or Microsoft Active Directory you may not need any additional configuration. This tutorial assumes that you already have a network security application (opens new browser) in place and have configured any additional steps needed to allow Web Express Logon's Network Security plug-in to acquire the user's network ID. Recall that once Host On-Demand acquires the user's network ID, the HCM database maps it to the user's host ID and password in order to acheive logon automation. If the plug-in cannot acquire this network ID, single sign-on capability will be lost.
In this scenario, the administator has already installed IBM Tivoli Access Manager but needs to perform some additional configuration in order for the Network Security plug-in to acquire the user's network ID successfully. This additional configuration involves WebSEAL, the resource manager component of Tivoli Access Manager that is responsible for inserting the user's network ID into the HTTP header as it passes the request on to the destination host.
In order for WebSEAL to insert the
user's network ID into the HTTP header, the administrator must create a junction
(opens new browser) with a -c all option
included. To create the junction, he logs in as the sec_master
administration user and issues the following pdadmin> server task
command:
pdadmin> server task webseald-cruz create -f -c all -w -t tcp
-h
where
webseald-cruz
is the name of the Tivoli Access Manager server host name,
dtawg.raleigh.ibm.com
is the fully qualified domain name of the back-end server,
80
is the port number (the default), and
junction
is the name of the junction point.
For more information about Tivoli Access Manager, WebSEAL, and creating WebSEAL junctions, refer to the following Web site:
http://publib.boulder.ibm.com/tividd/td/IBMAccessManagerfore-business4.1.html (opens new browser)