• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA Server and IBM WebSEAL/WebSphere publishing

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> ISA Server and IBM WebSEAL/WebSphere publishing Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA Server and IBM WebSEAL/WebSphere publishing - 20.Oct.2006 5:59:14 AM   
fjonga

 

Posts: 3
Joined: 19.Sep.2006
Status: offline
We are in the process of integrating new authentication methods and other features to the ISA Server, and one of our use cases envolve integration to the IBM WebSphere. Now... WebSphere uses HTTP Headers for integration, so my questions is:

- Has someone successfully published WebSphere services through ISA Server? How did you do that?
- Did you write your own Interceptor component, or was this possible with out-of-the-box configuration?

Any info would be highly appreciated. Thanks.

< Message edited by fjonga -- 20.Oct.2006 6:03:24 AM >
Post #: 1
RE: ISA Server and IBM WebSEAL/WebSphere publishing - 20.Oct.2006 10:56:10 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi F,

What specifically do you need to do for Websphere support?

Is there a protocol requirement?

What HTTP headers do you need specific support for?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to fjonga)
Post #: 2
RE: ISA Server and IBM WebSEAL/WebSphere publishing - 23.Oct.2006 1:10:19 PM   
jpv

 

Posts: 3
Joined: 23.Oct.2006
Status: offline
I have a similar situation.  I have implemented an ISA 2006 server for our IIS environment and would like to extend authentication to our websphere environment.
Websphere is connected to a Sun LDAP server, the active directory has the same users and passwords as the LDAP.
I am currently authenticating users on the ISA server using forms authentication, then I authenticate to the IIS server using integrated auth.

It seems from the link below that it must be BasicAuth, LTPA or Client Certs, is there any other way? Does federation work yet?
http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//topic/com.ibm.websphere.base.doc/info/aes/ae/csec_aumech.html

Thanks for any advice

< Message edited by jpv -- 23.Oct.2006 1:12:08 PM >

(in reply to fjonga)
Post #: 3
RE: ISA Server and IBM WebSEAL/WebSphere publishing - 25.Oct.2006 6:02:00 AM   
fjonga

 

Posts: 3
Joined: 19.Sep.2006
Status: offline
Thanks for the replies. In our situation, when we are creating new authentication options and therefore integrating ie SAML Service Provider functionality to the ISA Server, we need to build our own integration for the back-end, or integrate our solution for the ISA Server so that we can use the integration options offered by ISA.

It seems that in our case we need to use client certs for the ISA Server authentication for the WebSphere TAI, so that the WebSphere users won't have to create custom TAIs in their setups and can use the existing ones that are basically "TAI using trusted user" -> Basic authentication or "TAI using trusted connection" -> client certs.

As for federation, I'm not sure how ISA Server supports WS-Federation... Haven't got that far yet. SAML SP functionality that we are building enables our customers to use Identity Providers that use SAML protocol with ISA Servers (federation).

(in reply to jpv)
Post #: 4
RE: ISA Server and IBM WebSEAL/WebSphere publishing - 25.Oct.2006 5:18:50 PM   
jpv

 

Posts: 3
Joined: 23.Oct.2006
Status: offline
Your solution sounds very complex, maybe rightly so.
I have tried to implement an Active Directory Federation server before with no luck.
Why not replace the forms authentication of ISA with code that can accept saml and map it to an active directory user.
have you looked at sxip.com before? They can use logins from a number of providers, including infocards.

(in reply to fjonga)
Post #: 5
RE: ISA Server and IBM WebSEAL/WebSphere publishing - 26.Oct.2006 9:51:04 AM   
fjonga

 

Posts: 3
Joined: 19.Sep.2006
Status: offline
Our Identity Provider (Ubilogin) product supports over dozen different authentication mechanisms from passwords and OTPs to mobile PKI and smart cards along standards such as SAML 2.0, WS-Federation and ID-WSF 2.0 etc, so basically we are covered in that end.

WebSphere integration will be the first deployment for our new ISA based Security Proxy product, and I wasn't quite 100% sure how to authenticate ISA to the WebSphere using the easiest possible way. Now I know

(in reply to jpv)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> ISA Server and IBM WebSEAL/WebSphere publishing Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts