Defining a junction that points to Verify Identity Governance Server

Edit online

Create a WebSEAL junction that points to the Verify Identity Governance Server with the pdadmin utility.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To obtain access to this task or to have someone complete it for you, contact your system administrator.

IBM® Security Verify Access must be installed.

Procedure

  1. Start the utility by typing pdadmin at a command line.
  2. Log in to a secure domain as the sec_master administration user to use the utility.
    1. At the command line, type the text as login.
    2. Type the ID as sec_master when prompted for a user ID.
    3. Specify the associated password at the Enter Password prompt.
    For example:
    pdadmin> login
Enter User ID: sec_master
Enter Password: password
pdadmin>
  3. Locate the name of the WebSEAL server to create the junction.
    To determine the name of the WebSEAL server that is defined in IBM Security Verify Access, issue the server list command. The information that is returned contains the name in the following format:
    webseald-server_hostname
    where server_hostname is the WebSEAL server name.
    Note: If you install multiple WebSEAL server instances on the same workstation, the name format is server_ instancename-webseald-server_ hostname. For example:
    pdadmin sec_master> server list
        amwpm-tam60-server
        ivacld-tam60-server
        default-webseald-tam60-server
pdadmin sec_master>
  4. Issue the server task create command to create the junction.
    The command format is as follows.
    server task webseal_server_name create options /junction_name
    webseal_server_name
    Name of the WebSEAL server.
    options
    The following options are needed:
    -b supply
    Defines how the WebSEAL server passes the HTTP BA authentication information to the backend server.
    -c iv-creds
    Specify a value client_identity_options, such as iv-creds to instruct WebSEAL to insert the iv-creds HTTP header variable.
    -e utf8_uri
    Specifies the encoding to use when it generates HTTP headers for junctions. This encoding applies to headers that are generated with both the -c junction option and tag-value. The value utf8_uri specifies that WebSEAL sends the headers in UTF-8 but that URI also encodes them. This behavior is the default behavior.
    -h hostname
    Specify the fully qualified host name of the Verify Identity Governance Server.
    -j
    Supplies junction identification in a cookie to handle script-generated server-relative URLs. This option is valid for all junctions except for the type of local.
    -s
    Specifies that the junction supports stateful applications. By default, junctions are not stateful. This option is valid for all junctions except for the type of local.
    -p port_number
    Specify the port number for the Verify Identity Governance Server.
    -t tcp
    Defines the type of junction type.
    -x
    Creates a transparent path junction. This option is valid for all junctions except for the type of local.
    junction_name
    Specify a name for the junction point. Each junction point must have a unique name.

    For example, to define a TCP junction, type the following command on one line:

    server task default-webseald-tam60-server create -b supply -t tcp -s -x 
-e utf8_uri -c iv_creds -p 9080 -h ITIMServer.example.com /itim/ui
  5. Create two junctions, one for IVIG Service Center and the other for IBM Verify Identity Governance REST.
    See the example in Step 4.
    • The junction name for IVIG Service Center REST must be /itim/ui as shown in the example of Step 4.
    • The junction name for IBM Verify Identity Governance REST must be /itim/rest.