Chapter 4. Configuration and customization 129
You can create WebSEAL junctions with the pdadmin command-line utility or
with the Web Portal Manager. To create WebSEAL junctions, use the pdadmin
server task create command:
pdadmin> server task instance_name-webseald-host_name create options
You must address the following two concerns when creating any junction:
Decide where to junction (mount) the Web application server in the WebSEAL
Choose the type of junction.
You can create the following Standard WebSEAL junction types:
WebSEAL to back-end server over TCP connection
WebSEAL to back-end server over SSL connection
WebSEAL to back-end server over TCP connection using HTTP proxy server
WebSEAL to back-end server over SSL connection using HTTPS proxy
WebSEAL to WebSEAL over SSL connection
WebSEAL junction information is stored in XML-formatted database files. The
location of the junction database directory is defined in the [junction] stanza of
the WebSEAL configuration file.
The directory is relative to the WebSEAL server root (server-root stanza entry in
the [server] stanza):
junction-db = jct
Each junction is defined in a separate file with an .xml extension. The XML format
allows you to manually create, edit, duplicate, and back up junction files, but the
best approach is to manage junctions with WPM or the pdadmin tool.
4.5.1 WebSEAL object space and authorization configuration
Every installation and initial configuration of WebSEAL creates a new object
container in the Policy Server object space. /WebSEAL/host-instance_name
represents the beginning of the Web space for a particular WebSEAL instance.
Along with the object space, default ACLs are created. The ACLs are attached to
the /WebSEAL container and named default-webseal. Default ACL entries for
this ACL are:
Group iv-admin Tcmdbsvarxl
Group webseal-servers Tgmdbsrxl
User sec_master Tcmdbsvarxl