Before you begin
The following steps are required when setting up security for the first time. Ensure that Lightweight Third Party Authentication (LTPA) is the active authentication mechanism:Why and when to perform this task
This task is performed to enable single signon using the trust association interceptor. The steps involve setting up trust association and creating the interceptor properties.Steps for this task
Option | Description |
---|---|
com.ibm.websphere.security. trustassociation.types |
Ensure that webseal is listed. |
com.ibm.websphere.security. webseal.loginId |
The WebSEAL trusted user as created in Creating a trusted user account in Tivoli Access Manager The format of the username is the short name representation. This property is mandatory. If the property is not set in the WebSphere Application Server, TAI initialization fails. |
com.ibm.websphere.security. webseal.id |
The iv-user header, which is com.ibm.websphere.security.webseal.id=iv-user |
com.ibm.websphere.security. webseal.hostnames |
Do not set this property if using Tivoli Access Manager
plug-in for Web servers. The host names (case sensitive) are trusted and expected
in the request header. For example: com.ibm.websphere.security.webseal.hostnames=host1 This includes the proxy host names unless the com.ibm.websphere.security.webseal.ignoreProxy is set to true. Obtain a list of servers using the server list pdadmin command. |
com.ibm.websphere.security. webseal.ports |
Do not set this property if using Tivoli Access Manager Plug-in for Web Servers. The corresponding port number of the host names that are expected are in the request header. This includes the proxy ports unless the com.ibm.websphere.security.webseal.ignoreProxy is set to true. For example: com.ibm.websphere.security.webseal.ports=80,443 |
com.ibm.websphere.security. webseal.ignoreProxy |
An optional property that if set to true or yes ignores the proxy host names and ports in the IV header. By default this property is set to false. |
Related concepts
Single signon using WebSEAL or the Tivoli Access Manager plug-in for
Web servers
Trust associations
Related tasks
Creating a trusted user account in Tivoli Access Manager
Configuring trust association interceptors
Related reference
Trust association interceptor support for Subject creation