Using WebSeal in a CLM environment

IBM Tivoli Access Manager WebSEAL is a high performance, multi-threaded Web server that applies fine-grained security policy to the Tivoli Access Manager protected Web object space. WebSEAL can provide single sign-on solutions and incorporate back-end Web application server resources into its security policy.It can be used to provide an extra layer of security in front of a CLM application.

Setting up WebSeal in a CLM environment

Need more information.

Managing CLM cookies in WebSeal

By default WebSeal will rename cookies coming from the server to the web browser to contain the WebSeal junction. When the cookies are sent back to the server WebSeal will remove the junction name so the server receives the cookie that it sent. From version 5.0 onwards there is a new cookie sent from the CLM server to the web browser and there is new JavaScript code that reads the value of this cookie. As WebSeal renames the cookie this JavaScript raises an exception that prevents the CLM application from being displayed in the browser.

Symptoms are:

1. The web pages shos a message "Loading..." that never finishes
2. A popup window with a Error "Invalid template ..." message, see below.
   
   Note the name of the cookie on the line "document.cookie = " contains "IV_JCT" which is a sign that the cookie has been renamed.
3. CLM in the web browser does not work but CLM in the Eclipse client does.

Resolution:

The following page in the WebSeal documentation explains how WebSeal renames cookies and how to prevent the renaming:

http://www-01.ibm.com/support/knowledgecenter/api/content/SSPREK_6.1.0/com.ibm.itame.doc_6.1/am61_webseal_admin591.htm#preserve-cookie-name?locale=en

The known cookies used by CLM are (they may be others):

1. x-com-ibm-team-scenario

Single Sign on

Need more data

Further Information

Related topics: Deployment web home,

External links:

• IBM Tivoli Access Manager WebSEAL overview

Additional contributors: SimonWashbrook