|
|
|
The SiteMinder Trust Association Interceptor module is a SiteMinder security module that plugs into the WebSphere TAI public security interface to provide a Web Trust Association (WTA) between WebSphere and SiteMinder. In this WTA, WebSphere assigns the SiteMinder TAI the responsibility of validating HTTP requests for Web container resources and creating principals that establish identity and can be used for authorization by the SiteMinder JACC Provider.
The SiteMinder TAI handles requests for HTTP resources:
The SiteMinder TAI always validates requests which contain SiteMinder session cookies; you must configure it to challenge other requests for credentials.
If SiteMinder authentication is successful, the SiteMinder TAI populates a JAAS Subject with a SiteMinder Principal that contains the username of the authenticated user and associated SiteMinder session data. Additionally, the SiteMinder TAI propagates the identity of the authenticated user to WebSphere, which then creates its own principal and adds it to the Subject for use by other, non-SiteMinder security modules.
Note: If the SiteMinder TAI is configured to support environments in which the Policy Server and WebSphere have separate user stores, the SiteMinder TAI propagates to WebSphere a mapped user identity that matches an entry in the WebSphere user store.
| Copyright © 2010 CA. All rights reserved. | Email CA Technologies about this topic |