Extended Tivoli Access Manager Trust Association Interceptor Plus (ETAI)

Downloadable files


This extension to the embedded Trust Association Interceptor component provides single sign-on to WebSphere Application Server by Tivoli Access Manager WebSEAL and WebPlugins.

Download Description

This adapter enables single sign-on (SSO) to WebSphere Application Server by configuring WebSphere Application Server to allow trust associations. Currently the embedded Trust Association Interceptor++ (tai++) accepts an iv-creds header from WebSEAL or WebPlugins and a trust password in a Basic Authentication header. The embedded tai++ authenticates the trust password and dismantles the iv-creds header to create the credential of the original user.

The extended version of the Trust Association Interceptor++ (ETAI) has following additional capabilities:

  • ETAI removes the need for any Tivoli Access Manager configuration on WebSphere Application Server.
  • ETAI can be configured to map the credential attributes of the original user to different registry formats or you can elect not to add credentials at all.
  • ETAI also has additional support for the processing of Tivoli Federated Identity Manager security tokens.
  • ETAI has support for additional trust mechanism based on mutual authentication over SSL and validation of incoming certificate chain.
  • ETAI is also capable to work with iv-user only, in the absence of iv-creds.
  • ETAI can propagate rich identity to JAX-WS, LTPA, RMI/IIOP in the form of Tivoli Access Manager binary security token.
  • ETAI can propagate Tivoli Access Manager security attributes to the JAAS authorization token using a login module.


IBM Tivoli Access Manager, version 6.0 
IBM Tivoli Access Manager, version 6.1 
IBM Tivoli Access Manager, version 6.1.1 and
IBM WebSphere Application Server, versions 6.0.x, 6.1.x, 7.0.x and 8.0.x

Ensure that the underlying products such as IBM Tivoli Access Manager and IBM WebSphere Application Server are compatible with each other when you configure the Tivoli Access Manager Trust Association Interceptor Plus.

See the PDF document in the download package for any more prerequisites.

Installation Instructions

See the PDF document in the download package for installation instructions.

Download package

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is DD?
Integration Adapter 4 Apr 2012 English 1600215 FTP DD

Technical support

This download is offered free of charge to existing Tivoli Access Manager customers. Support for this download is available through the normal Tivoli Access Manager support channels. This integration has been tested and is supported on the platforms and product versions listed in this document. When accessing support for this download, please quote the component ID as TIVOIAM00.

Rate this page:

(0 users)Average rating

Add comments

Document information

More support for:

IBM Security Access Manager for Web
WebSphere Application Server

Software version:

6.0, 6.1, 6.1.1

Operating system(s):

All Platforms

Reference #:


Modified date:


Translate my page

Machine Translation

Content navigation