• 1 reply
  • Latest Post - ‏2013-04-29T14:19:33Z by aanoufal
3 Posts

Pinned topic Using Virtual Host Junctions for EAI Trigger URLs

‏2013-04-25T08:18:11Z | eai host junctions virtual

Hi All,

I want to try configuring the EAI trigger URLs with Virtual Host Junctions.

Can anyone please guideline the detail steps as how to approach this scenario.

I am a newbie to SAM. 

One more question related to the same, how can i use the virtual host junction for configuring with Federations using FIM for SAML2.0 Federations.

Any help and pointers regarding the above will be quite helpful.

  • aanoufal
    10 Posts

    Re: Using Virtual Host Junctions for EAI Trigger URLs


    You can provide the eai trigger url under the [eai-trigger-urls] stanza. When your application configured to a Virtual Host junction, you have to make the necessary configuration changes in the WebSEAL where EAI is deployed. PFB a sample stanza.


    # Enable EAI authentication.
    # One of <http, https, both, none>
    eai-auth = both

    #A hidden configuration option enables you to give priority to an EAI header to redirect a
    #successful login to a URL. To enable this feature, add the following option and value to the [eai] stanza:

    eai-redir-url-priority = yes

    # An appropriate authentication library must be configured to handle
    # EAI authentication to complete this configuration.  Please
    # refer to the "authentication mechanisms and libraries" subsection
    # at the end of the authentication section.


    # If eai-auth is not 'none', and WebSEAL has received a trigger URL
    # in a request, WebSEAL will examine the corresponding server response for
    # the following headers.  These are the headers that will contain authentication
    # data used to authenticate the user.

    # EAI PAC header names
    eai-pac-header = am-fim-eai-pac
    eai-pac-svc-header = am-eai-pac-svc

    # EAI USER ID header names
    eai-user-id-header = am-eai-user-id
    eai-auth-level-header = am-eai-auth-level
    eai-xattrs-header = am-eai-xattrs

    # EAI COMMON header names
    eai-redir-url-header = am-fim-eai-redir-url

    # The session identifier from a distributed session can also be supplied
    # through the EAI interface.  Upon receiving a header which contains the
    # distributed session identifier, WebSEAL will retrieve the corresponding
    # session and use this session for subsequent requests.  This header
    # provides the mechanism by which distributed sessions (aka SMS sessions)
    # can be shared across multiple DNS domains.
    eai-session-id-header = am-eai-session-id

    # If an already-authenticated EAI client authenticates via an EAI a second
    # time, the existing session and cache entry are completely replaced by
    # default.  If retain-eai-session = yes, then the existing session and
    # cache entry will be retained, and the credential and relevant data will
    # be updated in the existing cache entry.
    retain-eai-session = yes

    # If eai-auth is not 'none', then WebSEAL will examine the URLs of incoming
    # requests to determine if they match one of the entries in this list.
    # If they do, then WebSEAL will examine the corresponding server response to
    # determine if it contains authentication data.
    # NOTE: If eai-auth is not 'none', there must be at least one entry in this list
    # The URL string patterns are case-insensitive wild card patterns.
    # Format for regular WebSEAL junctions is:
    #   trigger = <URL pattern of EAI server response>
    # Format for Virtual Host junctions is:
    #   trigger = HTTP[S]//virtual-host-name[:port]/<URL pattern of EAI server response>
    # For Virtual Host junctions to match a trigger they must also have the same
    # protocol (HTTP[S] = TCP/SSL) and have the same virtual-host-name & port as
    # the trigger.  The virtual-host-name match is case-insensitive.
    # Regular WebSEAL junction triggers are not used by Virtual Host junctions.
    # Virtual Host junction triggers are not used by regular WebSEAL junctions.

    #trigger = /eailogin/*.aspx
    #trigger =*.aspx
    trigger =*.aspx