Chapter 4. Configuration and customization 145
Additional junction options
Almost all junction functionality (SSO options, and so on) that is available for
traditional junctions is also available for virtual host junctions. The only
exceptions to this are the junction cookie options (-j , -J) and the cookie/path
modification options (-I, -n). They are not available for virtual host junctions
because they are not required. The problems that these options were introduced
to solve are no longer an issue when using virtual host junctions.
4.6.2 Defining interfaces for virtual host junctions
The multiple interface capability is important when setting up certificate support
(SSL) for multiple virtual host junctions. A digital certificate contains the name of
the host being accessed. Therefore, it is necessary to have a unique certificate
exchange for each virtual host configured for SSL. Browsers produce a warning
message when there is a name mismatch between certificate and host.
A default network interface is defined as the combined set of values for a specific
group of settings that include HTTP or HTTPS port setting, IP address, worker
threads setting, and certificate handling setting. The single default interface for a
WebSEAL instance is defined by the values for the following stanza entries in the
WebSEAL configuration file:
[server]
http
http-port
https
https-port
worker-threads
network-interface
[ssl]
webseal-cert-keyfile-label
[certificate]
accept-client-certs
WebSEAL can be configured to listen on multiple interfaces. To configure
additional interfaces, you define each custom-named interface within the
[interfaces] stanza of the WebSEAL configuration file. A custom interface
specification uses the following format:
[interfaces]
interface-name = property=value[;property=value[;...]]

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.