In a Web-based network, these services are best provided by one or more front-end WebSEAL servers that integrate and protect Web resources and applications located on back-end Web servers.
The connection between a WebSEAL server and a back-end Web application server is known as a WebSEAL junction. A WebSEAL junction is a TCP/IP connection between a front-end WebSEAL server and a back-end server.
The back-end server can be another WebSEAL server or, more commonly, a third-party Web application server. The back-end server Web space is "connected" to the WebSEAL server at a specially designated junction (mount) point in the WebSEAL Web space.
Real Terms#WebSEAL normally acts as a reverse Web proxy by receiving HTTP/HTTPS requests from a Web browser and delivering content from its own Web server or from "junctioned" (Connected) back-end Web application servers. Requests passing through WebSEAL are evaluated by the Tivoli Access Manager authorization service to determine whether the user is authorized to access the requested resource.
WebSEAL provides the following features:
- WebSEAL supports multiple authentication methods Both built-in and plug-in architectures allow flexibility in supporting a variety of authentication mechanisms.
- Accepts HTTP and HTTPS requests Integrates and protects back-end server resources through WebSEAL junction technology Manages fine-grained access control for the local and back-end server Web space Supported resources include URLs, URL-based regular expressions, CGI programs, HTML files, Java servlets, and Java class files.
- WebSEAL performs as a reverse Web proxy WebSEAL appears as a Web server to clients and appears as a Web browser to the junctioned back-end servers it is protecting.
- WebSEAL provides WEB Single Sign-On
- Cross-domain authentication