114 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
򐂰 Target-based authorization
Perform a resource-based authorization by deciding whether a user should be
allowed to contact a certain Web application.
򐂰 Single sign-on
If user authentication and authorization was successful, forward the user’s
request and user’s credentials to a certain Web application server for further
processing.
򐂰 Use of a separate component for authentication
It might be necessary to allow a separate and already existing authentication
application and repository to perform the initial user authentication. These
additional authentication methods should be usable without having to rewrite
any of the applications.
4.2.1 Authentication and single sign-on mechanisms
Authentication describes the process of exchanging credentials to identify the
communication partners. Authentication can be directional or mutual.
Single
sign-on
is the process of forwarding information about a user’s identity in a
secure way to another system. WebSEAL can enforce certain types of user
authentication and can use several single sign-on mechanisms to forward user
requests together with user information to a Web application server.
WebSEAL provides enough flexibility to support multiple authentication and
single sign-on mechanisms to act as a reverse Web proxy between different user
groups and different types of Web application servers in a secure way.
4.3 Supported WebSEAL authentication mechanisms
This section describes the authentication mechanisms that are supported by
WebSEAL to protect access to a Web environment. Some mechanisms in this
section can be combined with some of the single sign-on mechanisms in 4.9,
“WebSEAL single sign-on mechanisms” on page 154 to make the connection
between a user and a Web application. When WebSEAL examines a client
request, it searches for authentication data using some of the available
authentication methods in the following order:
1. Failover cookie
2. CDSSO ID token
3. Client-side certificate
4. Token passcode
5. Forms-based authentication (username and password)
6. SPNEGO (Kerberos)

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.