Use this topic to set the SSO password in WebSEAL for single
sign-on to WebSphere® Application Server.
About this task
A junction must be created between WebSEAL and WebSphere Application
Server. This junction carries the iv-credentials (for TAI++) or iv-user
(for TAI) and the HTTP basic authentication headers with the request.
You can configure WebSEAL to pass the end user identity in other ways,
the iv-credentials header is the only one supported by the TAI++ and
the iv-user is the only one supported by TAI.
Communications over
the junction should use Secure Sockets Layer (SSL) for increased security.
Setting up SSL across this junction requires that you configure the
HTTP Server used by WebSphere Application Server,
and WebSphere Application Server itself, to
accept inbound SSL traffic and route it correctly to WebSphere Application
Server. This activity requires importing the necessary signing certificates
into the WebSEAL certificate keystore, and possibly also the HTTP
Server certificate keystore.
Create the junction
between WebSEAL and WebSphere Application Server
using the
-c iv_creds option for TAI++ and
-c iv_user for
TAI. Enter either of the following commands as one line using the
variables that are appropriate for your environment:
TAI++
server task webseald-server create -t ssl -b supply -c iv_creds
-h host_name -p websphere_app_port_number junction_name
TAI
server task webseald-server create -t ssl -b supply -c iv_user
-h host_name -p websphere_app_port_number junction_name
Notes:
- If warning messages are displayed about the incorrect setup of
certificates and key databases, delete the junction, correct problems
with the key databases, and recreate the junction.
- The junction can be created as -t tcp or -t ssl,
depending on your requirements.
For single sign-on ( SSO) to WebSphere Application
Server the SS) password must be set in WebSEAL. To set the password,
complete the following steps:
What to do next
For more details and options about how to configure junctions
between WebSEAL and WebSphere Application Server,
including other options for specifying the WebSEAL server identity,
refer to the
Tivoli® Access Manager WebSEAL Administration
Guide as well as to the documentation for the HTTP Server you
are using with your WebSphere Application Server. Tivoli Access
Manager documentation is available at
http://publib.boulder.ibm.com/tividd/td/tdprodlist.html.