Skip to main content

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. Select information in your developerWorks profile is displayed to the public, but you may edit the information at any time. Your first name, last name (unless you choose to hide them), and display name will accompany the content that you post.

All information submitted is secure.

  • Close [x]

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

  • Close [x]

Select a language:

  • Close [x]
  • Close [x]

Toughen Web application security

Build a multiphased authentication system with WebSEAL

Christopher Hockings (hockings@au1.ibm.com), Advanced Customer Engineering Team Member, IBM
Christopher Hockings is a member of the Advanced Customer Engineering team working in the Tivoli Security Business Unit (part of the IBM Software Group). He specializes in providing architecture and integration solutions for customers using the Tivoli Access Manager product suite. This includes building specialized development modules for customers based on the Access Manager product suite. Chris was a member of the DASCOM team when it was acquired by IBM. He has attained a bachelor's degree in engineering and bachelor's degree in information technology from Queensland University of Technology.

Summary:  Carelessly chosen passwords have made many password-protected systems vulnerable to outside attack. This tutorial shows you how you can use Tivoli Access Manager WebSEAL to build a multiphased authentication system that locks Web applications down more tightly. The tutorial includes sample C code that you can use as a basis for your own applications.

Date:  01 May 2003
Level:  Intermediate
PDF:  A4 and Letter (120 KB | 19 pages)Get Adobe® Reader®

Activity:  5456 views
Comments:  

Summary

The solution presented here was an implementation of a multiphased authentication system based on generic hardware. This allows an organization to leverage existing hardware carried by the majority of its customers to provide multiphased authentication functionality.

WebSEAL provides a CDAS interface that can be readily used to support such an authentication scheme. The example code in this tutorial prototypes this ability. It should be noted that this implementation could also be applied to the Web plug in technology developed as part of the Access Manager Web solutions.

After taking this tutorial, you should be familiar with the implementation of such a system, and be able to implement basic CDAS code for other purposes.

6 of 8 | Previous | Next

Comments

Back to top

Close [x]

Help: Update or add to My dW interests

What's this?

This little timesaver lets you update your My developerWorks profile with just one click! The general subject of this content (AIX and UNIX, Information Management, Lotus, Rational, Tivoli, WebSphere, Java, Linux, Open source, SOA and Web services, Web development, or XML) will be added to the interests section of your profile, if it's not there already. You only need to be logged in to My developerWorks.

And what's the point of adding your interests to your profile? That's how you find other users with the same interests as yours, and see what they're reading and contributing to the community. Your interests also help us recommend relevant developerWorks content to you.

View your My developerWorks profile

Return from help

Close [x]

Help: Remove from My dW interests

What's this?

Removing this interest does not alter your profile, but rather removes this piece of content from a list of all content for which you've indicated interest. In a future enhancement to My developerWorks, you'll be able to see a record of that content.

View your My developerWorks profile

Return from help

static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Tivoli
ArticleID=136141
TutorialTitle=Toughen Web application security
publish-date=05012003
author1-email=hockings@au1.ibm.com
author1-email-cc=

Table of contents

6 of 8 | Previous | Next

Next steps from IBM

Tags

Help
Use the search field to find all types of content in My developerWorks with that tag.

Use the slider bar to see more or fewer tags.

Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere).

My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).

Use the search field to find all types of content in My developerWorks with that tag. Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere). My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).

 

Dig deeper into Tivoli on developerWorks

Try IBM PureSystems. No charge.

IBM PureSystems on a kaleideoscope background

Experience today!

Get started with the cloud-based trial and pattern development kit.

Share this page:

  • Close [x]

Follow developerWorks:

  • Close [x]