Information gathering

Configuring WebSEAL to use the distributed session cache requires that you gather information.

You need the following details:

• The host name and port number of the distributed session cache server.
• A key database and stash file for SSL communication with the distributed session cache. The database must contain the SSL certificate that the distributed session cache uses.

  You can find this certificate in the local management interface of the distributed session cache server. Go to the cluster configuration page under System > Network Settings > Cluster Configuration and select the Session Cache tab. There is an SSL Certificates link that you can use to access the key database for the distributed session cache and manage the certificates.

  Update the following entries in the WebSEAL configuration file with the key file details so that WebSEAL can access the SSL certificate for the distributed session cache: [dsess-cluster], ssl-keyfile, [dsess-cluster], ssl-keyfile-label, and [dsess-cluster], ssl-keyfile-stash. These stanza entries and values appear in the configuration file as follows:

  [dsess-cluster]
  ssl-keyfile = default-webseald.kdb
  ssl-keyfile-label = dsc_cert
  ssl-keyfile-stash = default-webseald.sth

  Note: If the [dsess-cluster] entries are not set in a software-based WebSEAL environment, WebSEAL uses the corresponding values in the [ssl] stanza. That is, the following entries in the [ssl] stanza are used if the [dsess-cluster] values are not available:

  [ssl]
  ssl-keyfile = /var/pdweb/keytab-default/default-webseald.kdb
  ssl-keyfile-label = dsc_cert
  ssl-keyfile-stash = /var/pdweb/keytab-default/default-webseald.sth