03
Configuring TAI in WebSphere Application Server
Posted by | Posted in WebSphere | Posted on 03-07-2008
Tagged Under : TAI, WAS, WebSphere, WebSphere Application Server
Configuring TAI in WebSphere Application Server.
Yesterday I posted about how to create a custom Trust Association Interceptor for WAS. Today I will be explaining how to configure the TAI in WAS. In order to configure the TAI in WebSphere Application Server, export the TAI project as a jar file. (Creating and exporting a jar is very easy in RAD. Right click on the project and select Export. From the export wizard window select ‘JAR file’. It will show all the projects available with the one we right clicked as selected. Enter the destination where we want to save our generated jar file and enter a name for the jar file say tai.jar and click on Finish. Our jar file is ready).
Once we completed generation of jar file for TAI, we need to copy the same jar file to WAS_INSTALL_DIR\lib\ext folder. Now we need to make an entry for our TAI inside the admin console. The steps for configuring a TAI in WebSphere are given below.
1. Login to WebSphere admin console.
2. Click on Global Security under Security menu.
3. From the page opened up expand Authentication Mechanisms and click on LTPA
4. The LTPA configuration page opens up. Click on Trust Association links.
5. Select the “Enable trust association” check box. And save the changes.
6. Come back to the same page if you are not there already.
7. Click on Interceptors
8. Click on New
9. Enter the fully qualified name of your TAI inside “Interceptor class name” text box.
10. Save the changes
We are done. Restart the server and our new custom TAI will be ready for use.
Hi,
I’m new in this TAI thing.
So, theres something that I stil don’t understand. In your example, how do you define the http requests for which the TAI Interceptor is called?
It’s called for all the requests made to the application server?
Thanks in Advance
I guess the TAI is called for all the requests to the secured resources.
hi
so what would be the interceptor class name in step 9 in this example would it be tai.jar or would it be com.ibm.wsspi.security.tai.TrustAssociationInterceptor
Thanks
It will be the name of your TAI class which you have created after following my first tutorial. (TestInterceptor)
Hi, Great post. Once the trust is established for a user, say user1, how would custom TAI/WAS will handle a second user request? Suppose the second user, say user2, opens a new window on the same machine and logged in user2. user1 is still logged on another window. Can TAI/WAS support this scenario?
Sorry. I don’t know. We need to try it out I guess. WAS reads the session with the help of an LTPA Cookie. So if the browser shares the same cookie, I guess it will be the same session even if the windows are different.
Thank you, Joseph for the step by step explanation of TAI configuration process. Just one quick question. Is it possible that some users logon with normal process (by supplying both userID & password) and some users logon with modified process [TAI] (by supplying just userID)? We use WC6.
I think it is possible by passing some extra parameter. If there is an additional parameter, TAI can redirect the user to the normal login. (Never tried this).