The following discussion is a quick and dirty introduction to TAMeb junction configuration. There are several chapters covering standard, transparent path, and virtualhost junctions in the WebSEAL Administration Guide. In addition, there are a variety of switches not in the samples below, such as -s and -u for stateful junctions, and behaviors controlled via configuration files, such as inactivity and connection timeouts. I recommend a thorough reading of the product documentation if you will have serious involvement with TAMeb. Coming in at over 1100 pages for the WebSEAL Administration Guide alone, acceptance of my recommendation is not for the faint-of-heart.
Sample commands to create and manipulate server junctions follow.
server task <instance>-webseald-<servername>.company.com create -t tcp -A -F /opt/pdweb/etc/<name>.ltpa -Z <password> -x -h <host servername>.company.com -p 80 -c iv-creds,iv-groups /sampleapp/secure –f
‘<instance>’ is the WebSEAL instance. Unless changed, the first instance created is 'default'.
‘<servername>’ is the WebSEAL server.
'-t' is the type of junction (tcp, ssl)
‘-A’ and ‘-F’ are used for the LTPA key and password.
‘-x’ indicates this is a transparent path junction.
‘-h’ is for the host / target server.
‘-p’ is for the port.
‘-c iv-creds,iv-groups’ sets the TAMeb headers to be sent to the backend servers for fine-grained access decisions handled by the applications.
‘/<sampleapp>/secure’ is the junction, which for a transparent path junction must match the application server context.
‘-f’ is to force creation of the junction even if it already exists.
To add additional servers to a junction, follow the pattern of this command:
server task <instance>-webseald-<servername>.company.com add -h <host servername>.company.com /sampleapp/secure
Creation of a virtualhost junction is similar:
server task <instance>-webseald-<servername>.bcbsnc.com virtualhost create -t tcp -h <host servername>.company.com -p 80 -z default -c iv-creds,iv-groups -v support.ibm.com vhost-ibm –f
Also similar is adding additional servers to the virtualhost junction:
server task <instance>-webseald-<servername>.company.com virtualhost add -h <host servername>.company.com vhost-ibm
Junction information can be viewed with ‘server task … show …’ and ‘object show …’ commands.
server task <instance>-webseald-<servername>.company.com show /sampleapp
object show /WebSEAL/<servername>.company.com-default/sampleapp
