Chapter 4. Configuration and customization 143
of the server where the requested resource is located. WebSEAL uses the value
of the HTTP Host header, rather than the URL of the request, to select the
appropriate virtual host junction for dispatching the request. If the HTTP Host
header is present in the request and its value matches the host name of a
configured virtual host junction, then the virtual host junction is used. Otherwise,
a standard WebSEAL junction is used, based on the URL of the request.
In a case where there is no Host header in the HTTP request (such as in an
HTTP 1.0 request), WebSEAL again uses a standard junction.
Using virtual host junctions, a user can access resources directly using the host
name of the junctioned server (http://protected-server/resource), rather than
indirectly using the host name of the WebSEAL server with a potentially modified
resource path (http://webseal/junction/resource). Direct access to the resource
using the host name of the junctioned server does not require URL filtering.
Virtual host junctions preserve the content of response pages in the same form
as originally found on the junctioned Web servers. Clients can use the
unmodified absolute and server-relative URL links on these response pages to
successfully locate the resources. Configuration for virtual host junctions requires
that the external DNS maps all virtual host names to the IP address (or
addresses) of the WebSEAL server. When the user makes a request to the host
name of the junctioned server, the request is actually routed to WebSEAL.
This also has great value in the larger organizations that already have traditional
Web address space. By using virtual host junctions you can preserver this Web
address space from the user standpoint, just changing DNS mappings to point to
WebSEAL instead of real Web Servers. For example, a company may have
www.myhr.com for their HR system and www.mypayroll.com for their payroll
system. Since these applications already exist and their Web addresses are
known throughout the user community, application of the traditional WebSEAL
junction method would not benefit the corporation. Instead, resolving
www.myhr.com and www.mypayroll.com to WebSEALs IP address and allowing
it to decipher which server to direct traffic to would be the most beneficial.
4.6.1 Creating a remote type virtual host junction
Creating a virtual host junction is similar to creating a standard junction. A virtual
host junction can be created using either WPM or the standard server task
command in the pdadmin CLI. The following example specifies the syntax for the
pdadmin command for creation of a virtual host junction (entered as one line):
pdadmin> server task instance_name-webseald-host_name virtualhost
create options vhost-label
The virtual host label (vhost-label) is simply a name for the virtual host junction.
The junction label is used to indicate the junction in the display of the protected

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.