Issue fixed: dynamic-addresses = {yes|no}

This is an issue of webseal junction not able to come up when there is a restart of backend server.
Usually, where there is a restart of backend server., Junction server state changes to not running when the backend server is down. When the backend is available, the junction still remains down., we need to create the junction again to make it up. This issue can be resolved by enabling dynamic-addresses = {yes|no}to yes in the webseald.conf. The default value is no.

Syntax: dynamic-addresses = {yes|no}

Description

Indicates when the junction server host name is resolved to its corresponding IP address and used in communication with the junction server.

You can customize this configuration item for a particular junction by adding the adjusted configuration item to a [junction:{junction_name}] stanza.

where {junction_name} refers to the junction point for a standard junction (including the leading / character) or the virtual host label for a virtual host junction.

Options
yes
    The junction server host name is resolved to its corresponding IP address immediately before any communication with the junction server.
no
    The junction server host name is resolved to its corresponding IP address and this address is used for subsequent communication with the junction server.

Usage
This stanza entry is required.

Default value
no

Example

dynamic-addresses = no

Use of -J onfocus,trailer to fix session expiry issues with java applets

For some of the applet based java applications, there will be a problem with session expiry all of a sudden
when user navigates from one page to other or different tab in the same application..
This is because the session cookie is set inside a java script and there could be also embedded redirects that endsthe session and forc the user to login again inside the new/same window. You would see an error similar to this in the browser.

To fix this issue we need  to add -J onfocus,trailer while creating junction. This enables redirects to be parsed better inside the javascript.

This command controls the JavaScript block that sets a junction identification cookie.

Command Syntax:   junction-cookie-js-block { none | trailer | inhead | onfocus | xhtml10 }

Parameters if

1) none
    Disables the function. This setting is the default value.
2) trailer
    Appends the JavaScript block to the HTML page that is returned from the junctioned server.
3) inhead
    Inserts the JavaScript block between <head></head> tags for HTML 4.01 compliance.
4) onfocus
    Uses the onfocus event handler in the JavaScript to ensure that the correct junction cookie is used in a multiple-junction or multiple-browser-window scenario.
5) xhtml10
    Inserts a JavaScript block that is HTML 4.01 and XHTML 1.0 compliant.

The junction-cookie-js-block command controls the JavaScript block that sets a junction identification cookie. This command is relevant only when the type set by the junction-type command is standard.

For more details please refer the following tech note:
https://www.ibm.com/support/knowledgecenter/en/SSPREK_6.1.0/com.ibm.itame.doc_6.1/am61_webseal_admin585.htm

IBM Tivoli Access Manager and Oracle E-Business Suite Integration

This is an Abstract from the Integration Adapter provided by IBM.
There are two ways to achieve this Integration:
1) Using the out of the box adapter provided by IBM 2) Using Cross domain SSO.
This post covers first method, I will post the second method in upcoming posts.

1) Using the out of the box adapter provided by IBM:

This integration provides Single Sign-On (SSO) between Tivoli Access Manager and Oracle E-Business Suite by deploying WebSEAL in front of the E-Business Suite and the Oracle Application Server 10g (Oracle AS) Single Sign-On (OSSO) server.

To achieve SSO, the Oracle E-Business Suite delegates user authentication to the OSSO, which in turn delegates user authentication to WebSEAL.

WebSEAL acts as a security gateway between the client browser and both the OSSO server and the E-Business Suite.

Adapter provided by IBM is well explained. Please follow the instructions in given in the below link.

http://www-01.ibm.com/support/docview.wss?uid=swg24016388