Introduction to Trust Association Interceptor

You can use an external authentication proxy to protect the portal by intercepting all requests targeted for portal destinations. An authentication proxy can be implemented as a proxy server such as WebSeal in ITCAM Or it can be implemented as a plug-in to the web server or to the IBM Edge server. Ex Webagent in Netegrity siteminder.

An external authentication component authenticates users by whatever means the external authentication component considers apporpriate. You will have to use Trust Association interceptor (TAI) registered with WAS to establish a trust relationship between WAS and authentication proxy. The authentication proxy passes authenticated users ID based on establish trust.

A Trust Association Interceptor (TAI) is a mechanism by which WebSphere Application Server enables an external component to authenticate the user and to assert the identity to the WebSphere Application Server Web container.

WebSphere Application Server provides functions which the TAI uses to indicate that it is able to handle a request and that the request is already authenticated. You could think of a TAI as an adapter, which communicates with the authentication component in an unspecified way and makes the authentication decisions accessible to WebSphere Application Server through the specified TAI interface.

Whenever a request attempts to access a secured resource, WebSphere Application Server invokes the TAI, which validates that the request comes from a legitimate third-party authentication proxy and returns the user's authenticated identity to WebSphere Application Server. The TAI should return either a distinguished name (DN) or a short name. WebSphere Application Server performs a registry lookup to verify the distinguished name or convert the short name to a distinguished name before searching for group memberships for that user. If the registry lookup fails, WebSphere Application Server refuses to trust the user. If the registry lookup succeeds, WebSphere Application Server generates a Lightweight Third-Party Authentication (LTPA) token for the user and stores it as a cookie for subsequent authentication during the user's session.

Photobucket

Figure shows the detailed flow of control for a request that passes through an external authentication proxy. The interactions shown are the same for authentication proxies implemented as separate servers, or for proxies implemented as plug-ins for the Web server or the Edge component.

A TAI is not necessary if the third-party authentication proxy provides native WebSphere Application Server identity tokens, such as a LTPA tokens. Currently, only Tivoli Access Manager WebSEAL and Tivoli Access Manager Plugin for Edge Server provide native WebSphere Application Server identity tokens.

The authentication proxy determines the challenge mechanism, and WebSphere Portal relies on the authentication proxy to relay success or failure of the user identifier through the TAI or LTPA token. WebSphere Application Server sees all requests from the TAI as authenticated, but WebSphere Application Server and WebSphere Portal still perform a user and group lookup on each request. Even if the authentication proxy has successfully authenticated, WebSphere Application Server and WebSphere Portal deny access if they cannot query the user in the registry. For example, it is possible to have a user in an External Security Manager (ESM) who is not accessible from WebSphere Portal because WebSphere Portal is configured to one user registry, which may not be the same registry or have the same registry configuration properties as the ESM has

13 comments:

VENKAT said...

good artical.

Venkat
+91-9962897111

Unknown said...

A web agency would be able to help you in that regard. Although it might cost you a little bit extra, they would be able to suggest various marketing campaigns that will cater to your target audience.

agence web Lyon

shalinipriya said...

Thanks for one marvellous posting! I enjoyed reading it; you are a great author. I will make sure to bookmark your blog and may come back someday. I want to encourage that you continue your great posts.

Data Science Training in Chennai

Data science training in bangalore

online Data science training

Data science training in pune

Data science training in kalyan nagar

Data science training in Bangalore

Data science training in tambaram

nilashri said...

Thank you a lot for providing individuals with a very spectacular possibility to read critical reviews from this site.
Devops training in Chennai

Devops training in Bangalore

Devops training in Pune

Devops training in Online

Devops training in Pune

Devops training in Bangalore"

Devops training in tambaram"

Unknown said...

Really you have done great job,There are may person searching about that now they will find enough resources by your post

java training in chennai | java training in bangalore

java online training | java training in pune

selenium training in chennai

selenium training in bangalore

Mounika said...

Woah this blog is wonderful i like studying your posts. Keep up the great work! You understand, lots of persons are hunting around for this info, you could help them greatly.
python training in chennai
python training in Bangalore
Python training institute in chennai

Anonymous said...

I'm here representing the visitors and readers of your own website say many thanks for many remarkable

angularjs Training in marathahalli

angularjs interview questions and answers

angularjs Training in bangalore

angularjs Training in bangalore

angularjs online Training

angularjs Training in marathahalli

fastcashforcars said...

Thanks for the informative and useful information shared on the blog. I really enjoyed reading the article.
junk car removal

Softgen Infotech said...

Such a great information for blogger i am a professional blogger thanks…

Softgen Infotech is a leading training institute for all kind of the Best Software Training in Bangalore with real-time experienced trainers with 100% Placement Assistance.

Tableau Training in Hyderabad said...


Nice article and thanks for sharing with us. Its very informative


AI Training in Hyderabad

Python said...

Very useful information, the post shared was very nice.
Data Science Online Training
Python Online Training

Realtime Experts said...

Thank you for your post. This is excellent information. It is amazing and wonderful to visit your site
Websphere Application Server Training in Bangalore

Viswa said...

Nice Blog

Struts Training in Chennai