38 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
Single sign-on (SSO)
The concept of single sign-on (SSO) is fairly straightforward: When a user
accesses a Web application, the user is challenged for a password only once,
and from that point forward in the user experience with all Web content, no
additional passwords are requested. Tivoli Access Manager provides SSO
capabilities through WebSEAL with a software library that authenticates the
user-provided name and password against information stored within a user
registry. Access Manager for e-business SSO can be provided through several
authentication methods: Basic Authentication (BA), as provided via an HTML
standard authentication mechanism, X.509 certificates, biometrics, and so on.
Once authenticated via WebSEAL, there are techniques to configure the Access
Manager framework to pass certificate information to back-end Web resources
transparently to the user.
Multiple instances of WebSEAL can be created on a single machine using the
WebSEAL configuration utility. Also, a single WebSEAL instance can listen to
multiple interfaces and multiple ports. Different IP and SSL configuration
information can be associated with each interface.
2.2.4 Plug-In for Web servers
The Plug-In for Web servers architecture provides a solution where the customer
has decided to deploy a Web plug-in architecture rather than taking a reverse
Figure 2-5 shows an architectural overview of the Plug-In for Web servers