© Copyright IBM Corp. 2006. All rights reserved. 235
Appendix A. WebSEAL junction options
This appendix gives a list of all available options for your junction configuration.
Table A-1 defines the options you can utilize when setting up WebSEAL junctions
using either the pdadmin command line pdadmin> server task <webseal> create
...... /junction (for example, pdadmin> server task web1-webseald-cruz create -t
tcp -h doc.ibm.com /pubs) or the Web Portal Manager GUI.
Table A-1 Junction options
A
Junction types
–t type Type of junction. One of:
- tcp
- ssl
- tcpproxy
- sslproxy
- local. .
Host name
-h host-name The DNS host name or IP address of the target
back-end server.
236 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
General options
TCP and SSL junction types
–f Forces the replacement of an existing junction.
–i WebSEAL server treats URLs as case insensitive.
–p port TCP port of the back-end third-party server.
Default is 80 for TCP junctions;
443 for SSL junctions.
–q location Provides WebSEAL with the correct name of the
query_contents program file and where to find the file.
By default, the Windows file is called
query_contents.exe and the UNIX file is called
query_contents.sh. By default, WebSEAL looks for the
file in the cgi_bin directory of the back-end Web server.
–R Allows denied requests and failure reason information
from authorization rules to be sent in the Boolean Rule
header (AM_AZN_FAILURE) across the junction.
–T resource/resource-group Name of GSO resource or resource group. Required
for and used only with –b gso option.
–w Windows 32-bit (Win32®) file system support.
Stateful junctions
–s Specifies that the junction should support stateful
applications. By default, junctions are not stateful.
–u UUID Specifies the UUID of a back-end server connected to
WebSEAL using a stateful junction (–s).
Mutual authentication over Basic Authentication and SSL certificates
–B WebSEAL uses BA header information to authenticate
to back-end server. Requires –U, and –W options.
–D “DN” Specifies the distinguished name of back-end server
certificate. This value, matched with actual certificate
DN enhances authentication.
–K “key-label” Key label of WebSEALs client-side certificate, used to
authenticate to back-end server.
–U “username” WebSEAL user name. Use with –B to send BA header
information to back-end server.
–W “password” WebSEAL password. Use with –B to send BA header
information to back-end server.
Appendix A. WebSEAL junction options 237
Proxy junction (requires –t tcpproxy or –t sslproxy).
–H host-name The DNS host name or IP address of the proxy server.
–P port The TCP port of the proxy server.
Supply identity information in
HTTP headers
–b BA-value Defines how the WebSEAL server passes client
identity information in HTTP basic authentication (BA)
headers to the back-end server. One of:
- filter (default),
- ignore,
- supply,
- gso
–c header-types Inserts Tivoli Access Manager-specific client identity
information in HTTP headers across the junction. The
header-types argument can include any combination
of the following Access Manager HTTP header types:
iv-user
iv-user-l
iv-groups
iv-creds
all
–e encoding-type Specifies the encoding to use when generating HTTP
headers for junctions. This encoding applies to
headers that are generated with both the –c junction
option and tag-value. Possible values for encoding are:
v utf8_bin v utf8_uri v lcp_bin v lcp_uri
–I Cookie handling: -I ensures unique Set-Cookie header
name attribute.
–j Supplies junction identification in a cookie to handle
script generated server-relative URLs.

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.