Hi Marek,
you need to tell your webseal reverse proxy what to do when protected resources are requested. So 1 option is to use the local-response-redirect mechanism.
You can configure it specifically for your virtual host junction, or for the complete reverse proxy instance (like below).
[acnt-mgt]
enable-local-response-redirect = yes
[local-response-redirect]
local-response-redirect-uri = <your logininitial url>
------------------------------
Tom Bosmans
------------------------------
Original Message:
Sent: Sun December 14, 2025 03:32 AM
From: Marek Kembrowski
Subject: SAML authentication on virtual junction
Hi I'm struggling on IBM Verify Identity Access 11 with something that probably should be super straightforward.
I have Federation with entra, which, I think based on the logs, seems to work. I want to force, on accessing virtual junction, SAML authentication and after successful sign in - start sending IV-user header to target backend.
I cannot neither trigger this sign in (I always get the standard forms login.html) nor after triggering sps logininitial URL - the correct header / access backend server.
Please help with guidance.
------------------------------
Marek Kembrowski
------------------------------