Custom TAM TAI++ Interceptor to detect step-up authentication

DetectStepup TAM TAI++ Interceptor

From the developerWorks archives

Subbu Cherukuwada and Kerry Gunn

Date archived: December 19, 2016 | First published: November 21, 2007

It is a common practice to externalise the authentication from Web application servers like IBM® WebSphere® Application Server (WAS) to dedicated single sign on (SSO) servers like IBM Tivoli® Access Manager for eBusiness (TAMeB). The SSO server, for example, TAMeB, offers enhanced security features like strong authentication and step-up authentication In order to externalise the authentication from WAS to TAMeB, a trust association interceptor (TAI) should be installed and configured on the WebSphere Application Server (WAS). However, the TAI shipped with the default WAS 6.x servers cannot detect the authentication level of the user, that is, whether the user used password or a security token. This additional information about the authentication level might be needed to the applications running on WAS to make authorization decisions. A custom TAM TAI++ interceptor should be developed and installed on the WebSphere Application Server to determine the authentication level of the user. This article explains the procedure to develop and install such a custom TAM TAI++ interceptor.

This content is no longer being updated or maintained. The full article is provided "as is" in a PDF file. Given the rapid evolution of technology, some steps and illustrations may have changed.



static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Security, Tivoli
ArticleID=260783
ArticleTitle=Custom TAM TAI++ Interceptor to detect step-up authentication
publish-date=11212007