WebSEAL can provide authentication and authorization services and protection to a WebSphere® Application Server environment. WebSphere Application Server provides support for the cookie-based lightweight third-party authentication mechanism (LTPA). To achieve a single sign-on solution to one or more WebSphere Application Server instances across WebSEAL junctions, you can configure WebSEAL junctions to support LTPA.
When a user makes a request for a resource, the user must first authenticate to WebSEAL. After successful authentication, WebSEAL generates an LTPA cookie on behalf of the user. The LTPA cookie, which serves as an authentication token for WebSphere, contains the user identity, key and token data, buffer length, and expiration information. This information is encrypted using a password-protected secret key shared between WebSEAL and the WebSphere Application Server.
WebSEAL inserts the cookie in the HTTP header of the request that is sent across the junction to WebSphere Application Server. The back-end WebSphere Application Server receives the request, decrypts the cookie, and authenticates the user based on the identity information supplied in the cookie.
Lotus® Quickr™ must be configured to use an LDAP user registry; this can be the same LDAP server that Tivoli® Access Manager (TAM) uses or a replicated or synchronized copy.
Parent topic: Configure Single SignOn for ECM Services: qp85