128 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
This group of unauthenticated users generally is used to define public Web
access. WebSEAL can force unauthenticated users to use another
authentication method when selecting certain protected URLs.
All users who can reach WebSEAL might already have enough permissions to
contact certain junctioned Web servers. For example, if WebSEAL is connected
to a VPN gateway, only authorized VPN users will be able to reach that server,
and additional authentication might not be needed. In this situation, you can
probably treat unauthenticated users as you would a group of
password-authenticated Internet users.
4.5 Standard junctions
A WebSEAL junction is an HTTP or HTTPS connection between a front-end
WebSEAL server and a back-end Web application server. Junctions logically
combine the Web space of one or more back-end servers with the Web space of
the WebSEAL server, resulting in a unified view of the entire Web object space.
Figure 4-5 WebSEAL junction
A junction allows WebSEAL to provide protective services on behalf of the
back-end server. WebSEAL performs authentication and authorization checks on
all requests for resources before passing those requests across a junction to the
back-end server. Junctions also allow a variety of single sign-on solutions
between a client and the junctioned back-end applications.
In addition, the junctions provide a scalable, secure environment that allows load
balancing, high availability, and centralized, state management capabilities—all
performed transparently to clients.
protected object space
WebSEAL Application Server