The IBM Security Access Manager for IBM Worklight integration secures IBM Worklight applications using IBM Security Access Manager as a reverse proxy to authenticate to IBM Worklight Server using HTTP headers or LTPA tokens.
The integration package includes a sample application to validate successful integration, single sign-on to backend data sources using a Worklight HTTP Adapter and can be used as a reference for developing your own Worklight client application integration.
Please see http://www-01.ibm.com/support/docview.wss?uid=swg24034222 for free download, and more information
This topic has been locked.
Pinned topic IBM Security Access Manager for IBM Worklight now available
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
SystemAdmin 110000D4XK2327 Posts
Re: IBM Security Access Manager for IBM Worklight now available2013-02-06T15:08:40ZThis is the accepted answer. This is the accepted answer.Is this (IBM Security Access Manager) a different product?
Does it support SPNEGO protocol?
How about the worklight? Must it be installed inside WebSphere?
j.roberts 270003RJ262 Posts
Re: IBM Security Access Manager for IBM Worklight now available2013-02-07T02:48:31ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin 110000D4XK
Unfortunately SPNEGO is supported for neither Client nor Server...
The client code (Worklight client) will only authenticate to a challenge from a WebSEAL or WebSphere/Jetty (j_security_check) login form.
It may be possible to write your own custom Challenge Handler to respond to a challenge from WebSEAL, or if the client device already has the SPNEGO token, it could be inserted into the Worklight client init payload to authenticate to WebSEAL up front (without waiting for a challenge response).
SSO Authentication from WebSEAL to Worklight must be performed using one of the supported Login Modules and Authenticators for Worklight (it doesn't use container security). You could find a list of Authenticators and Login Modules on the IBM Worklight V5.0.5 Information Center in the Authentication configuration section.
Neither Kerberos nor SPNEGO are listed, so WebSEAL must provide authentication data that the Worklight server can extract (e.g. LTPA or HTTP Header).
According to the Worklight 5.0 education, Worklight works with IBM WebSphere Application Server Liberty Profile, IBM WebSphere Application Server Network Deployment and Apache Tomcat.