Configureing a trust association so that all the elements that are returned from the LDAP server are transferred all the way up to the EJB Container
 Technote (FAQ)
 
Problem
Customer uses WebSEAL 4.1 as reverse proxy and the web requests goes through WebSEAL.

If the user is not authenticated before it authenticates against a LDAP server and after successful SSL handshake, it brings almost about 10-15 elements from the LDAP servers. The session cookie is also created for any subsequent requests.

Once the authentication is done, the trust association has almost 10-15 elements in the HTTP header requests. But when this requests goes to EJB™ Container, there is only one element "iv-user" that has user's info in the header's info. The customer tries to find a way to configure the trust association in such a way that all the elements that are returned from the LDAP are transferred all the way up to EJB Container in the header.
 
Solution
The functionality that customer wants may be accomplished in WebSphere® Application Server V5.1.1+ and V6.0.x (it is not possible in V5.0.x and V5.1.0) by exploiting "Security attribute propagation" feature.

WebSphere Application Server V5.1.1+
Security attribute propagation

WebSphere Application Server V6.0.x:
Security attribute propagation
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): AIX
Software version: 5.1
Software edition:
Reference #: 1205266
IBM Group: Software Group
Modified date: Apr 30, 2005