The IBM Security Access Manager for IBM Worklight integration secures IBM Worklight applications using IBM Security Access Manager as a reverse proxy to authenticate to IBM Worklight Server using HTTP headers or LTPA tokens.
The integration package includes a sample application to validate successful integration, single sign-on to backend data sources using a Worklight HTTP Adapter and can be used as a reference for developing your own Worklight client application integration.
Please see http://www-01.ibm.com/support/docview.wss?uid=swg24034222 for free download, and more information
This topic has been locked.
2 replies Latest Post - 2013-02-07T02:48:31Z by j.roberts
Pinned topic IBM Security Access Manager for IBM Worklight now available
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
SystemAdmin 110000D4XK2327 PostsACCEPTED ANSWER
Re: IBM Security Access Manager for IBM Worklight now available2013-02-06T15:08:40Z in response to j.robertsIs this (IBM Security Access Manager) a different product?
Does it support SPNEGO protocol?
How about the worklight? Must it be installed inside WebSphere?
j.roberts 270003RJ262 PostsACCEPTED ANSWER
Re: IBM Security Access Manager for IBM Worklight now available2013-02-07T02:48:31Z in response to SystemAdminSince the release of IBM Security Access Manager 7.0, IBM's Access Manager product now falls under the IBM Security banner rather than IBM Tivoli.
Unfortunately SPNEGO is supported for neither Client nor Server...
The client code (Worklight client) will only authenticate to a challenge from a WebSEAL or WebSphere/Jetty (j_security_check) login form.
It may be possible to write your own custom Challenge Handler to respond to a challenge from WebSEAL, or if the client device already has the SPNEGO token, it could be inserted into the Worklight client init payload to authenticate to WebSEAL up front (without waiting for a challenge response).
SSO Authentication from WebSEAL to Worklight must be performed using one of the supported Login Modules and Authenticators for Worklight (it doesn't use container security). You could find a list of Authenticators and Login Modules on the IBM Worklight V5.0.5 Information Center in the Authentication configuration section.
Neither Kerberos nor SPNEGO are listed, so WebSEAL must provide authentication data that the Worklight server can extract (e.g. LTPA or HTTP Header).
According to the Worklight 5.0 education, Worklight works with IBM WebSphere Application Server Liberty Profile, IBM WebSphere Application Server Network Deployment and Apache Tomcat.