Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0

146 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0

Example interface definition:

[interfaces]

support = https-port=444;certificate-label=WS6;

worker-threads=16;network-interface=9.0.0.8

This example (entered as one line) creates an interface named

support with the

following properties:

򐂰 Allows WebSEAL to listen for requests at IP address 9.0.0.8.

򐂰 Listens on HTTPS port 444.

򐂰 The HTTP port defaults to

disabled.

򐂰 WebSEAL authenticates to SSL clients using a server-side certificate named

WS6 stored in the WebSEAL key database file.

򐂰 The interface uses its own pool of 16 worker threads to service requests.

򐂰 The interface defaults to never requiring (prompting for) client-side certificates

during authentication.

4.7 Transparent path junctions

In order to combine the benefits of both a single URL space for session

management (which uses fewer certificates) and single sign-on, without the

problems of path filtering, Access Manager for e-business uses the concept of a

transparent path junction.

Transparent path junctions are really the same as standard junctions except that

the junction name, instead of being an addition to the URL path, is based on the

path already present on the back-end application. The junction creation

command is the same as for a standard junction and just includes one additional

option, -x.

Transparent path junctions allow WebSEAL to route requests to a junction based

on the URL path of the back-end server resources rather than based on a

junction name added to the path.

For example, if the configured junction name is /docs, all resources controlled by

this junction must be located on the back-end server under a subdirectory called

/docs.

The transparent path junction mechanism prevents WebSEAL from filtering the

path portion of links to the resources protected by this junction. The junction

name has now become part of the actual path expression describing the location

of a resource and no longer requires filtering. The junction name is not added to

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 by Axel Buecker, Vladimir Jeremic