Stepup authentication problem with EAI

Troubleshooting

Problem

During step-up authentication the EAI app is returing a eai-auth-level-header header, but this does not do the actual step-up for the user.

Symptom

A typical symptom is that the user is unable to see the requested page due to not having the correct authentication level.

Diagnosing The Problem

A pdweb.debug header trace can help to understand if WebSEAL is either using the EAI header data, or if it is streaming the data to the client. In case it is streaming the data to the browser, it indicates a header containing the authentication data is missing.

Resolving The Problem

Make sure that in addition to the eai-auth-level-header there is also a header returned to WebSEAL which identifies the user, either the PAC header or the user identity header

Related Information

Extracting authentication data from special HTTP header

[{"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"WebSEAL","Platform":[{"code":"PF033","label":"Windows"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

TAMeB ISAMforWeb

Was this topic helpful?

Document Information

More support for:
Tivoli Access Manager for e-business

Software version:
Version Independent

Operating system(s):
Windows

Document number:
488167

Modified date:
16 June 2018

UID

swg21632616

IBM Support

Tips