146 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
Example interface definition:
support = https-port=444;certificate-label=WS6;
This example (entered as one line) creates an interface named
support with the
Allows WebSEAL to listen for requests at IP address 18.104.22.168.
Listens on HTTPS port 444.
The HTTP port defaults to
WebSEAL authenticates to SSL clients using a server-side certificate named
WS6 stored in the WebSEAL key database file.
The interface uses its own pool of 16 worker threads to service requests.
The interface defaults to never requiring (prompting for) client-side certificates
4.7 Transparent path junctions
In order to combine the benefits of both a single URL space for session
management (which uses fewer certificates) and single sign-on, without the
problems of path filtering, Access Manager for e-business uses the concept of a
transparent path junction.
Transparent path junctions are really the same as standard junctions except that
the junction name, instead of being an addition to the URL path, is based on the
path already present on the back-end application. The junction creation
command is the same as for a standard junction and just includes one additional
Transparent path junctions allow WebSEAL to route requests to a junction based
on the URL path of the back-end server resources rather than based on a
junction name added to the path.
For example, if the configured junction name is /docs, all resources controlled by
this junction must be located on the back-end server under a subdirectory called
The transparent path junction mechanism prevents WebSEAL from filtering the
path portion of links to the resources protected by this junction. The junction
name has now become part of the actual path expression describing the location
of a resource and no longer requires filtering. The junction name is not added to