server task add

Syntax

server task instance_name-webseald-host_name add –h host_name [options] junction_point

Options

–h host_name

Specifies the DNS host name or IP address of the target application server. Valid values for host_name include any valid IP host name. For example:

www.example.com

instance_name-webseald-host_name

Specifies the full server name of the installed WebSEAL server instance. You must specify this full server name in the exact format as displayed in the output of the server list command.

The instance_name specifies the configured name of the WebSEAL server instance. The webseald designation indicates that the WebSEAL service performs the command task. The host_name is the name of the physical computer where the WebSEAL server is installed.

For example, the configured name of a single WebSEAL server instance is default. The host computer name where the WebSEAL server is installed is abc.ibm.com. Then, the full WebSEAL server name is default-webseald-abc.ibm.com.

If an additional WebSEAL server instance is configured and named web2, the full WebSEAL server name is web2-webseald-abc.ibm.com.

junction_point

Specifies the name of the directory in the WebSEAL protected object space where the document space of the server is mounted.

options

Specifies the options that you can use with the server task add command. (Optional) These options include:

–D "dn"

Specifies the distinguished name of the server certificate. This value, matched with the actual certificate DN, enhances authentication and provides mutual authentication over SSL. For example, the certificate for www.example.com might have the following DN:

"CN=WWW.EXAMPLE.COM,OU=Software,O=example.com\, Inc,L=Austin,
ST=Texas,C=US"

This option is valid only with junctions that were created with the type of ssl or sslproxy.

–H host_name

Specifies the DNS host name or IP address of the proxy server. Valid values for host_name include any valid IP host name. For example:

www.example.com

This option is used for junctions that were created with the type of tcpproxy or sslproxy.

–i

Indicates that the WebSEAL server does not treat URLs as case-sensitive. This option is used for junctions that were created with the type of tcp or ssl.

–p port

Specifies the TCP port of the server. The default value is 80 for TCP junctions and 443 for SSL junctions. This option is used for junctions that were created with the type of tcp or ssl.

–P port

Specifies the TCP port of the HTTP proxy server. The default value is 7138. Use this option for junctions that were created with the type of tcpproxy or sslproxy.

For port, use any valid port number. A valid port number is any positive number that is allowed by TCP/IP and that is not currently being used by another application. Use the default port number value, or use a port number that is greater than 1000 that is not being used.

This option is also valid for mutual junctions to specify the HTTPS port of the back-end third-party server.

–q url

Specifies the relative path for the query_contents script. By default, Security Verify Access looks for this script in the /cgi_bin subdirectory. If this directory is different or the query_contents file is renamed, use this option to indicate to WebSEAL the new URL to the file. Required for Windows servers.

This option is used for junctions that were created with the type of tcp or ssl.

–u uuid

Specifies the UUID of this server when connected to WebSEAL over a stateful junction that was using the –s option. This option is used for junctions that were created with the type of tcp or ssl.

–v virtual_hostname

Specifies the virtual host name that is represented on the server. This option supports a virtual host setup on the server. Use this option when the junction server expects a host name header, because you are junctioning to one virtual instance of that server.

The default HTTP header request from the browser does not know that the server has multiple names and multiple virtual servers.

You must configure WebSEAL to supply that extra header information in requests that are destined for a server that is set up as a virtual host.

This option is used for junctions that were created with the type of tcp or ssl.

–V virtual_hostname

Specifies the virtual host name that is represented on the back-end server. This option:

• Supports a virtual host setup on the back-end server.
• Is used only for mutual junctions.
• Corresponds to the virtual host that is used for HTTPS requests.

You can use –V when the back-end junction server expects a host name header and you are junctioning to one virtual instance of that server. The default HTTPS header request from the browser does not know that the back-end server has multiple names and multiple virtual servers. You must configure WebSEAL to supply that extra header information. This header information applies to requests destined for a back-end server that is set up as a virtual host.

–w

Indicates Microsoft Windows 32 bit (Win32) file system support.

This option is used for junctions that were created with the type of tcp or ssl.

Authorization

Users and groups that require access to this command must be given the c (control) permission in the ACL that governs the /WebSEAL/host_name-instance_name/junction_point object. For example, the sec_master administrative user is given this permission by default.

Return codes

0

The command completed successfully. For WebSEAL server task commands, the return code is 0 when the command is sent to the WebSEAL server without errors. However, even after the command was successfully sent, the WebSEAL server might not be able to successfully complete the command, and returns an error message.

1

The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the Security Verify Access error messages by decimal or hexadecimal codes.

See also