The authentication service is a part of the Advanced Access Control module and is a powerful and flexible way to authenticate users in either a first factor or step-up scenario. This post will cover the basics of setting up the authentication service as well as a advanced configuration options to facilitate hardening and horizontal scaling in high availability deployments.
Before you start:
You will need:
This blog post should take 15-20 minutes to complete.
Key Terms:
-
WebSEAL: ISAM’s Reverse proxy and the backbone of all Identity/Access Managment solutions
-
AAC: Advanced Access Control. Component of ISAM responsible for configuring Access Policies and Risk-Based Access
-
AuthSvc: Part of AAC which covers ISAM’s native authentication capabilities
-
Runtime Server: The Liberty server which hosts AAC’s API’s
-
Cookieless: In this article Cookieless or Stateless refers to the operation of a Runtime server without requiring a user to maintain a session cookie.
Configuring the Authentication Service:
In IBM Security Access Manager 9.0.6.0 a convenient wizard was added to the WebSEAL Module to simplify configuration of the authentication service (AuthSvc). This blog post will guide you through this configuration wizard as well as detail a few advanced features you can use to tune the AuthSvc to your specific deployment needs.
First off, use the LMI to navigate to and select the reverse proxy instance you wish to configure to use the AuthSvc.