Chapter 4. Configuration and customization 163
The value is set in the default WebSEAL configuration file:
[header-names]
server-name = iv_server_name
This setting controls the name of the header used to pass the name of the server
to junctioned applications.
For example, when server-name = iv_server_name, and the WebSEAL instance
is default-webseald-seal1.itso.ibm.com, WebSEAL passes the following
header to the junction:
iv-server-name:default-webseald-seal1.itso.ibm.com
4.9.5 Using LTPA authentication with WebSEAL
WebSEAL can provide authentication and authorization services and protection
to an IBM WebSphere or Lotus Domino environment. When WebSEAL is
positioned as a protective front end to WebSphere or Lotus Domino, accessing
clients are faced with two potential login points. Therefore, WebSEAL supports a
single sign-on solution to one or more IBM WebSphere or Lotus Domino servers
across WebSEAL junctions.
WebSphere provides the cookie-based lightweight third-party authentication
(LTPA) mechanism. You can configure WebSEAL junctions to support LTPA and
provide a single sign-on solution for clients.
When a user makes a request for a WebSphere or Lotus Domino resource, the
user must first authenticate to WebSEAL. Upon successful authentication,
WebSEAL generates an LTPA cookie on behalf of the user. The LTPA cookie,
which serves as an authentication token for WebSphere or Lotus Domino,
contains user identity and password information. This information is encrypted
using a password-protected secret key shared between WebSEAL and the
WebSphere or Lotus Domino server.
WebSEAL inserts the cookie into the HTTP header of the request that is sent
across the junction to WebSphere or Lotus Domino. The back-end WebSphere
or Lotus Domino server receives the request, decrypts the cookie, and
authenticates the user based on the identity information supplied in the cookie.
To improve performance, WebSEAL can store the LTPA cookie in a cache and
use the cached LTPA cookie for subsequent requests during the same user
session. You can configure lifetime timeout and idle (inactivity) timeout values for
the cached cookie using parameters in the WebSEAL configuration file.
The creation, encryption, and decryption of LTPA cookies basically introduces
processing overhead. The LTPA cache functionality enables you to improve the