Operation for local response redirection
When WebSEAL receives a client request, it determines the appropriate operation required in response to the request.
To respond appropriately, the response handler application must be informed of the required response operation, as determined by WebSEAL. Example operations include serving a standard login form, a change password form, or an access denied error message.
The required operation is provided as an argument in the query string of the HTTP 302 Location URI header. The label for the operation argument is TAM_OP.
The following table lists the valid values for the TAM_OP query string argument:
| Values for TAM_OP Operation Argument | Description |
|---|---|
acct_inactivated |
User has provided correct authentication details, but nsAccountLock is set to true for the user in Sun Java™ System Directory Server. |
acct_locked |
User authentication failed due to a locked (invalid) account. |
cert_login |
User must login with a certificate when accept-client-certs = prompt_as_needed. |
cert_stepup_http |
User tried to step-up to certificate authentication over HTTP, which is not allowed (HTTPS is required). |
eai_auth_error |
External authentication interface information returned to WebSEAL is invalid. |
error |
An error occurred. Check the ERROR_CODE macro for the hexadecimal error code. See the Error messages section of the IBM Knowledge Center. |
failed_cert |
An attempt to authenticate with a client certificate failed. Client failed to authenticate with a certificate when accept-client-certs = required. A valid client certificate is required to make this connection. User's certificate is invalid. |
help |
User performed an action that makes no sense, such as requesting /pkmslogout while logged in using basic authentication. |
login |
User needs to authenticate. |
login_success |
User successfully authenticated, but there is no last cached URL to redirect to. |
logout |
User has logged out. |
passwd |
User requests password change. |
passwd_exp |
User's password has expired. |
passwd_rep_failure |
Password change request failed. |
passwd_rep_success |
Password change request succeeded. |
passwd_warn |
Password is soon to expire. |
passwd_warn_failure |
Password change not performed after notification that the password is soon to expire. |
stepup |
User must step-up to another authentication level. Check the AUTHNLEVEL macro for the required authentication level. |
switch_user |
User requested the switch user login page. |
too_many_sessions |
User has reached or exceeded the maximum number of allowed sessions. |
The following example header shows a Location URI with a password change operation indicated in the query string:
Location: https://webseal/jct/handler-svr/handler?TAM_OP=passwd