Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0

114 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0

򐂰 Target-based authorization

Perform a resource-based authorization by deciding whether a user should be

allowed to contact a certain Web application.

򐂰 Single sign-on

If user authentication and authorization was successful, forward the user’s

request and user’s credentials to a certain Web application server for further

processing.

򐂰 Use of a separate component for authentication

It might be necessary to allow a separate and already existing authentication

application and repository to perform the initial user authentication. These

additional authentication methods should be usable without having to rewrite

any of the applications.

4.2.1 Authentication and single sign-on mechanisms

Authentication describes the process of exchanging credentials to identify the

communication partners. Authentication can be directional or mutual.

Single

sign-on

is the process of forwarding information about a user’s identity in a

secure way to another system. WebSEAL can enforce certain types of user

authentication and can use several single sign-on mechanisms to forward user

requests together with user information to a Web application server.

WebSEAL provides enough flexibility to support multiple authentication and

single sign-on mechanisms to act as a reverse Web proxy between different user

groups and different types of Web application servers in a secure way.

4.3 Supported WebSEAL authentication mechanisms

This section describes the authentication mechanisms that are supported by

WebSEAL to protect access to a Web environment. Some mechanisms in this

section can be combined with some of the single sign-on mechanisms in 4.9,

“WebSEAL single sign-on mechanisms” on page 154 to make the connection

between a user and a Web application. When WebSEAL examines a client

request, it searches for authentication data using some of the available

authentication methods in the following order:

1. Failover cookie

2. CDSSO ID token

3. Client-side certificate

4. Token passcode

5. Forms-based authentication (username and password)

6. SPNEGO (Kerberos)

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 by Axel Buecker, Vladimir Jeremic