Topic
  • 2 replies
  • Latest Post - ‏2013-02-07T02:48:31Z by j.roberts
j.roberts
j.roberts
2 Posts

Pinned topic IBM Security Access Manager for IBM Worklight now available

‏2013-02-05T05:06:48Z |
The IBM Security Access Manager for IBM Worklight integration secures IBM Worklight applications using IBM Security Access Manager as a reverse proxy to authenticate to IBM Worklight Server using HTTP headers or LTPA tokens.

The integration package includes a sample application to validate successful integration, single sign-on to backend data sources using a Worklight HTTP Adapter and can be used as a reference for developing your own Worklight client application integration.

Please see http://www-01.ibm.com/support/docview.wss?uid=swg24034222 for free download, and more information
  • SystemAdmin
    SystemAdmin
    2327 Posts

    Re: IBM Security Access Manager for IBM Worklight now available

    ‏2013-02-06T15:08:40Z  
    Is this (IBM Security Access Manager) a different product?

    Does it support SPNEGO protocol?

    How about the worklight? Must it be installed inside WebSphere?
  • j.roberts
    j.roberts
    2 Posts

    Re: IBM Security Access Manager for IBM Worklight now available

    ‏2013-02-07T02:48:31Z  
    Is this (IBM Security Access Manager) a different product?

    Does it support SPNEGO protocol?

    How about the worklight? Must it be installed inside WebSphere?
    Since the release of IBM Security Access Manager 7.0, IBM's Access Manager product now falls under the IBM Security banner rather than IBM Tivoli.

    Unfortunately SPNEGO is supported for neither Client nor Server...

    Client:
    The client code (Worklight client) will only authenticate to a challenge from a WebSEAL or WebSphere/Jetty (j_security_check) login form.
    It may be possible to write your own custom Challenge Handler to respond to a challenge from WebSEAL, or if the client device already has the SPNEGO token, it could be inserted into the Worklight client init payload to authenticate to WebSEAL up front (without waiting for a challenge response).

    Server:
    SSO Authentication from WebSEAL to Worklight must be performed using one of the supported Login Modules and Authenticators for Worklight (it doesn't use container security). You could find a list of Authenticators and Login Modules on the IBM Worklight V5.0.5 Information Center in the Authentication configuration section.
    Neither Kerberos nor SPNEGO are listed, so WebSEAL must provide authentication data that the Worklight server can extract (e.g. LTPA or HTTP Header).

    According to the Worklight 5.0 education, Worklight works with IBM WebSphere Application Server Liberty Profile, IBM WebSphere Application Server Network Deployment and Apache Tomcat.