Chapter 4. Configuration and customization 153
Stateful junctions allow requests from a specific session to always be sent to
the same server on a junction. If the junctioned server being used is throttled,
the stateful session is allowed to continue accessing that server. However,
new stateful sessions are blocked from using that server. If a junctioned
server is taken offline, then stateful sessions are no longer allowed to access
the server. These sessions must choose a new junctioned server and
possibly loose the original state information.
Step-up authentication does not create a new session. The session creation
time is therefore not affected, and the ability of the session to access a
throttled junction does not change.
Junction modification with Web Portal Manager (WPM)
When you modify a throttled junction using Web Portal Manager, you always
Throttled at time. A throttled junction modified by WPM is returned to
an online state. Because WPM has no ability to perform junction throttle
operations, you must use the pdadmin utility to return the junction to a
throttled state again.
4.8.5 Supporting not case-sensitive URLs
By default, Tivoli Access Manager treats URLs as case-sensitive when
performing checks on access controls. The –i junction option is used to specify
that WebSEAL treat URLs as not case-sensitive when performing authorization
checks on a request to a junctioned back-end server.
To correctly authorize requests for junctions that are not case sensitive,
WebSEAL does the authorization check on a lowercase version of the URL. That
means, object names must be lower case in order for WebSEAL to be able to find
any ACLs or POPs attached to those objects.
The –i option is also supported on virtual host junctions.
The –i option is automatically invoked if you select the –w option.
4.8.6 Junctioning to Windows file systems
When you create junctions in a Windows environments, it is important to restrict
access control to one object representation only and not allow the possibility of
“back doors” that bypass the security mechanism.