Hi Scott,
thanks for your reply.
We indeed use external users on Webseal 1 and thus don't rely on registry for that.
However, my concern was more related to the BA header supplied by W1 to W2, for which I suspect the shared registry is needed.
It seems BA header contains default Webseal user and password contained in the LDAP, and W2 will not know about them, except if it is shared.
Maybe there is a way to specify manually the BA data, or extract the data which W1 will use.
I am not familiar how that would be done, or if there is anything else that could be done to go around that.
Thanks!
Dean
------------------------------
Dean Ivosevic
------------------------------
Original Message:
Sent: Mon August 08, 2022 04:18 PM
From: Scott Exton
Subject: Webseal to Webseal junction without shared registry
Dean,
WebSEAL will use the iv-creds header (which is a streamed version of the user credential) to pass the user identity from the front-end WebSEAL to the back-end WebSEAL. So, the back-end WebSEAL must be able to consume the supplied iv-creds, hence the requirement for a shared registry.
Having said this, in recent times WebSEAL has introduced the concept of external users (allowing an EAI to authenticate a user which does not exist in the ISVA user registry). So, if the user credential was established as an external user I don't believe that the registries would need to be shared.
I hope that this helps.
Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor
Original Message:
Sent: 8/8/2022 4:16:00 AM
From: Dean Ivosevic
Subject: Webseal to Webseal junction without shared registry
Hi everybody,
Does anyone have an advice or idea what would be the easiest and best approach to build W2W junction on 2 independent webseals without having the shared registry?
In the official docs it is stated as mandatory requirement, however I am interested to explore if there are any easy workarounds worthwhile exploring and implementing.
Thank you in advance for your feedbacks.
Best,
Dean
------------------------------
Dean Ivosevic
------------------------------