IBM Security Access Manager Extended Trust Association Interceptor Plus (ETAI)

Downloadable files


Abstract

This extension to the embedded Trust Association Interceptor component provides single sign-on to WebSphere Application Server by IBM Security Access Manager for Web.

Download Description

This adapter enables single sign-on (SSO) to WebSphere Application Server by configuring WebSphere Application Server to allow trust associations.

The embedded Trust Association Interceptor++ (tai++) accepts an iv-creds HTTP request header from IBM Security Access Manager for Web and a trust password in a Basic Authentication header. The embedded tai++ authenticates the trust password and dismantles the iv-creds HTTP request header to build the credential of the original user.

The extended version of the Trust Association Interceptor++ (ETAI) includes additional capabilities:

  • Removes the need for any Security Access Manager configuration on WebSphere Application Server.
  • Map the credential attributes of the original user to different registry formats or add no credentials at all.
  • Process Tivoli Federated Identity Manager security tokens.
  • Additional trust mechanism based on mutual authentication over SSL and validation of incoming certificate chain.
  • Works with iv-user only, in the absence of iv-creds.
  • Propagate rich identity to JAX-WS, LTPA, RMI/IIOP in the form of Security Access Manager binary security token.
  • Propagate Security Access Manager security attributes to the JAAS authorization token using a login module.
  • Consume SAML 2.0 assertions from TFIM enable junctions generated by Tivoli Federated Identity Manager without the need for iv-user or iv-creds.
  • Signature validation of SAML 2.0 assertions using a local keystore and remote Security Token Service (STS) such as Tivoli Federated Identity Manager.

Prerequisites


One of the following versions:

  • IBM Security Access Manager for Web Version 7.0.x
  • IBM Security Access Manager Version 7.0.x
  • IBM Tivoli Access Manager for e-business Version 6.1.x

and

one of the following versions:
  • IBM WebSphere Application Server version 7.0.19 and above
  • IBM WebSphere Application Server version 8.0.x

    Ensure that the underlying products such as IBM Security Access Manager and IBM WebSphere Application Server are compatible with each other when you configure the Security Access Manager Trust Association Interceptor Plus.

See the PDF document in the download package for any more prerequisites.

Installation Instructions

See the PDF document in the download package for installation instructions.

Download package

Refer to the following support table to assist in deciding which version of the integration to download.
Existing ETAI v2.5 installations do not require upgrading unless the SAML feature set is required.

Primary Features
ETAI Version
ETAI
ETAI (SAML support)
ETAI v2.5
Y
-
ETAI v2.6
Y
Y

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is DD?
ETAI v2.5 4 Apr 2012 English 1600215 FTP DD
ETAI v2.6 15 Sep 2014 English 2040917 FTP DD

Technical support

This download is offered free of charge to existing IBM Security Access Manager customers. Support for this download is available through the normal IBM Security Access Manager support channels.
This integration has been tested and is supported on the platforms and product versions listed in this document.
When accessing support for this download, quote the component ID as TIVOIAM00 or 5724C0800.

Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Security Access Manager for Web
WebSphere Application Server

Software version:

6.1, 6.1.1, 7.0

Operating system(s):

All Platforms

Reference #:

4016601

Modified date:

2014-09-15

Translate my page

Machine Translation

Content navigation