About this task
Either Tivoli
® Access
Manager WebSEAL or Tivoli Access Manager plug-in
for web servers can
be used as reverse proxy servers to provide access management and
single sign-on
(SSO) capability to WebSphere Application Server
resources. With such
an architecture, either WebSEAL or the plug-in authenticates users
and forwards
the collected credentials to WebSphere Application Server
in the form of an
IV Header. Two types of single sign-on are available, the TAI interface
and
the TAI++ interface, so named as both use WebSphere Application
Server trust
association interceptors (TAI). With the TAI, the end-user name is
extracted
from the HTTP header and forwarded to embedded Tivoli Access
Manager where the end-user
name is used to construct the client credential information and authorize
the user. With the TAI++, all of the user credential information is
available
in the HTTP header and not just the user name. The TAI++ is the more
efficient
of the two solutions because a Lightweight Directory Access Protocol
(LDAP)
call is not required. TAI functionality is retained for backwards
compatibility.
Complete
the following tasks to enable single sign-on to WebSphere Application
Server using
either WebSEAL or the plug-in for web servers. These tasks assume
that embedded Tivoli Access
Manager is configured for use.