166 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
򐂰 The use of TAI++ needs to be configured/enabled in WebSphere. The easiest
way to perform this is by using the WebSphere Administrative console and
selecting Global Security LTPA Trust Association Interceptors.
For additional information on how to configure TAI++, see:
http://www.ibm.com/developerworks/websphere/techjournal/0406_botzum/0406_bo
tzum.html
4.10 SSO across Access Manager domains
In a large environment, or in a segmented organization, it may be desirable to
have multiple Access Manager domains with separate user registries and
authorization databases. In this type of environment, it may be a requirement that
users can move between these domains without having to re-authenticate each
time they enter a different domain. This kind of domain crossing depends on trust
between the domains because one domain needs to accept the authenticated
entities being passed from another.
The ability for a user to access resources in a secure domain depends on the
user acquiring a credential in that domain. Normally a credential is built after the
user authenticates. In the cross-domain environment, some other way has to be
found for WebSEAL to build a credential for the user. WebSEAL supports two
types of cross-domain authentication to address such scenarios:
򐂰 Cross-domain single sign-on (CDSSO)
򐂰 e-community single sign-on (ECSSO)
For both of these types of single sign-on mechanisms to work, it is necessary
that the users participating in the single sign-on exist in the user registries of both
security domains.
4.10.1 Cross-domain mapping framework
The cross-domain mapping framework (CDMF) is a programming interface that
can be used in conjunction with WebSEAL e-community single sign-on and
cross-domain single sign-on. It enables a developer to customize the mapping of
user identities and the handling of user attributes when single sign-on functions
are used. You can use the cross-domain mapping framework C API to customize
the handling of user attributes and the mapping of user identities from different
secure domains.

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.