Does using TAI++ allow WebSphere Portal to avoid doing group membership retrieval?

Technote (FAQ)


Tivoli Access Manager Trust Association Interceptor (TAI++) is the latest trust association interface supported by WebSphere Application Server 5.1 and later. You plan to implement TAI++ in your environment and want to know if it will save IBM WebSphere® Portal from having to contact the user registry to determine group membership for the authenticated user. Ideally, you would like the Portal server to use the groups that are already identified in the request. Is this possible?


WebSphere Portal 6.0 does not take full advantage of the TAI ++ capabilities. Thus, WebSphere Member Manager (WMM) will still connect to the back-end user registry to determine group membership for the authenticated user.

However, WebSphere Portal 6.1 can leverage the group membership information available in the WebSphere Subject to avoid additional group membership queries to the user registry. This capability is available regardless of whether the TAI ++ is being used or the standard login method is used for WebSphere Application Server.

Further details on updating the configuration to take advantage of this functionality can be found in the topic, "Reusing group information", in the WebSphere Portal Information Center.

Related information

Reusing group information

    Cross Reference information
    Segment Product Component Platform Version Edition
    Organizational Productivity- Portals & Collaboration WebSphere Portal End of Support Products HP-UX, i5/OS, Linux, Solaris, Windows, z/OS,,,, 5.1.0, 5.1 Enable, Extend

Document information

Translate my page

Content navigation