IPv6: Compatibility support

Before you enable IPv6 support, you must understand how IP version compatibility is maintained for previous versions of Security Access Manager.

• If the ipv6-support is set to no, then WebSEAL provides support for IPv4 as it did in previous releases, but does not support IPv6.

  For example, the iv-remote-address-ipv6 HTTP header and XAUTHN_IPADDR_IPV6 identifier, which is used with the external authentication C API are not available. For more information, see the References for Access Manager for Web topics in the IBM® Knowledge Center.

• If ipv6-support is set to yes, IPv6 is supported. Attributes containing IPv4 addresses continue to hold IPv4 addresses. Custom modules that are written for previous releases still continue to work.

  However, if WebSEAL passes an IPv6-only address to an older custom module that is not written to support IPv6 format, the older module might require updating to handle the IPv6 address format.

  The address range for IPv6 is larger than the range available to IPv4. With older modules, WebSEAL maps an IPv6 address to an IPv4 format when possible. For example, the IPv6 address ::c0a8:1 maps to the IPv4 address 192.168.0.1.

  If the IPv6 address exceeds the range for IPv4, WebSEAL maps the address by default to 0.0.0.0 in IPv4 format. For example, the IPv6 address fec0::1 has no IPv4 equivalent and therefore is mapped to the IPv4 address 0.0.0.0.