Tivoli SecureWay Policy Director WebSEAL...
Transcript of Tivoli SecureWay Policy Director WebSEAL...
![Page 1: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/1.jpg)
Tivoli SecureWayPolicy Director WebSEAL\m8O
f> 3.8
![Page 2: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/2.jpg)
![Page 3: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/3.jpg)
Tivoli SecureWayPolicy Director WebSEAL\m8O
f> 3.8
![Page 4: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/4.jpg)
Tivoli SecureWay Policy Director WebSEAL \m8O
f(yw
© Copyright IBM Corporation 2001. All rights reserved. vI@U Tivoli Systems m~mI$-i
(;V IBM m~mI$-i)9C,r_w* IBM M'-irmI$-iPX Tivoli z7D=<9C#4- IBM +>BHifmI,{9TNNN=rNNVN(gSD"z5D"E'D"
b'D"/'D"K$DHH)T>iDNN?VxP4F"+%"*<"f"Zlw53Pr-kINNFczoT#IBM +>ZhzFwv)zT:9CD2=4rNNICFcz&mDD5DP^mI,0aG?vbyD4F7y&XP IBM +>Df(yw#4- IBM +>BHifmI,;Zhf(PDd|({#>D5;G*zz<8D,"RGT0vK4,1Dy!a)D,;PNNN=D#$#XKywb}PX>D5DyP#$,|(JzTMJCZ3X(C>D#$#
U.S. Government Users Restricted Rights—Use, duplication or disclosure restricted by GSA ADPSchedule Contract with IBM Corporation.
Lj
IBM" IBM Uj"Tivol i"Tivol i Uj"AIX"Cross -S i te"NetView"OS/2"Plane tTivoli"RS/6000"Tivoli Certified"Tivoli Enterprise"Tivoli Enterprise Console"Tivoli Ready M TMEGzJL5zw+>r Tivoli Systems Inc. Z@zM/rd|zRrXxDLjr"aLj#
Microsoft"Windows"Windows NT M Windows UjG Microsoft Corporation Z@zM/rd|
zRrXxDLj#
UNIX G The Open Group Z@zMd|zRrXxD"aLj#
Java MyPyZ Java DLjG Sun Microsystems, Inc. Z@zM/rd|zRrX
xDLj#
yw
>vfoPya=D Tivoli Systems r IBM Dz7"Lrr~q";5>b)z7"Lrr~q+ZyPP Tivoli Systems r IBM 5qDzRrXxPa)#NNTb)z7"Lrr~qD}
C"GbZ5>v\9C Tivoli Systems r IBM Dz7"Lrr~q#;*;V8 Tivoli Systemsr IBM DP'*6z(rd|\(I#$D({,NN,H&\Dz7"Lrr~q,<ITC
4zfya=Dz7"Lrr~q#Zkd|z7aO9C1,}KG)I Tivoli Systems r IBMw78(Dz7.b,d@@Mi$yIC'TP:p#Tivoli Systems r IBM +>I\Q5Pr}Zjkk>D5Z]PXDwn({#a)>D5"4ZhC'9Cb)({DNNmI$#
PXmI$i/DBK,C'ITk IBM Director of Licensing, IBM Corporation, North Castle Drive,Armonk, New York 10504-1785, USA if*5#
![Page 5: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/5.jpg)
?<
0T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
>8ODA_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
>8ODZ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Ve<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
`XD Policy Director D5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
CJZ_D5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
):D5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
a)XZz7D5D4! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
*5M''V. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Z1B WebSEAL Ev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
9C WebSEAL #$ Web Ud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
j6#$DZ]`MM6p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
f.M5V2+T_T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Kb WebSEAL O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
O$?D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Kb>$q! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
)9X(tT$i(EPAC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Kb WebSEAL *a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
WebSEAL *aM Web >cIluT . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Z2B WebSEAL ~qwdC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
;c~qwE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
webseald.conf dCD~ri. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
WebSEAL 20Dy?< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
WebSEAL ~qwy?< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
t/M#9 WebSEAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
dC(EN} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
* HTTP ksdC WebSEAL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
iiiTivoli SecureWay Policy Director WebSEAL \m8O
![Page 6: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/6.jpg)
* HTTPS ksdC WebSEAL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
^F4TX( SSL f>D,S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
dC HTTP M HTTPS $wLr_L . . . . . . . . . . . . . . . . . . . . . . . . . . 22
HTTP/HTTPS (ED,1N} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
=S WebSEAL ~qw,1N} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
\m Web Ud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Web D5wDy?< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
dC?<w} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Windows:CGI LrDD~|{<( . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
dC Web D5_Y:f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
dC HTTP ms{" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
j'V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
\m(FD HTML 3f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
(F3fN}M5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
(F HTML 3fhv. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
\mM'zKM~qwKD$i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Kb GSKit \?}]bD~`M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
dC WebSEAL D\?}]bN} . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
9C iKeyman $i\m5CLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
dC CRL li . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
dC1!#$6p. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
*%@wzMxgdC QOP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
dCZ(}]b|BMV/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
dC|B(*l}. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
dCZ(}]bV/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
4F0K WebSEAL ~qw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
dCj< HTTP G< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
tCM{C HTTP G<U> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
8(1dAGD`M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
8(U>D~*fP5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
8("BU>D~:exD5J. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
iv f> 3.8
![Page 7: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/7.jpg)
dC request.log PG<DZ]$H . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
HTTP +2U>q=(CZ request.log) . . . . . . . . . . . . . . . . . . . . . . . . 48
T> request.log D~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
T> agent.log D~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
T> referer.log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Z3B WebSEAL 2+T_T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
X(Z WebSEAL D ACL _T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
/WebSEAL/<host> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
/WebSEAL/<host>/<file>. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
WebSEAL ACL mI(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
1! /WebSEAL ACL _T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
}N%wG<_T. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
|no( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
\k?H_T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
I pdadmin 5CLrhCD\k?H_T . . . . . . . . . . . . . . . . . . . . . . . 55
|no( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
P'M^'D\k>} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
X(C'M+VhC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
O$?H POP _T(]}). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
dC]}O$D6p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
tC]}O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
]}G<m% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
]}O$c( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
]}O$"bBnM^F. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
yZxgDO$ POP _T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
dCO$6p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
8( IP X7M6' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
y] IP X7{C]}O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
yZxgDO$c( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
yZxgO$"bBnM^F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
vTivoli SecureWay Policy Director WebSEAL \m8O
![Page 8: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/8.jpg)
#$6p POP _T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
&m4O$DC'(HTTP/HTTPS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
&m4Td{M'zDks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
?FC'G< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
4O$ HTTPS D&C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
9C ACL/POP _TXF4O$C' . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Z4B WebSEAL O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
KbO$}L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
\'VDa0}]`M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
\'VDO$=(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
j8dCE"N<. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
\ma04, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
GSKit M WebSEAL a0_Y:f . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
dC WebSEAL >$_Y:f. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
dC GSKit SSL a0j6_Y:f. . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Ca0 cookie ,$4, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
7(P'Da0j6}]`M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
dCJO*F cookie. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
O$dCEv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
>XO$N} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
b?(F CDAS O$N} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
WebSEAL O$D1!dC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
dC`vO$=(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
a>G< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
"zM|D\k|n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
dCy>O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
tCM{Cy>O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
hCr{F. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
dCy>O$zF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
dCu~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
vi f> 3.8
![Page 9: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/9.jpg)
dCm%O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
tCM{Cm%O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
dCm%O$zF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
dCu~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
(F HTML l&m%. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
dCM'zK$iO$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
s(:(}$i`%O$. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
WebSEAL bT$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
tCM{C$iO$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
dC$iO$zF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
dCu~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
dC HTTP 7O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
tCM{C HTTP 7O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
8(7`M. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
dC HTTP 7O$zF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
dCu~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
dC IP X7O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
tCM{C IP X7O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
dC IP X7O$zF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
dCjGO$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
tCM{CjGO$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
dCjGO$zF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
'V`74C/Pzm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
P'Da0}]`MMO$=(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
MPA M`vM'zDO$xLw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
tCM{C MPA O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
4( MPA DC'J' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
+ MPA J'mS= webseal-mpa-servers i . . . . . . . . . . . . . . . . . . . . 102
MPA O$^F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Z5B gr"abv=8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
viiTivoli SecureWay Policy Director WebSEAL \m8O
![Page 10: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/10.jpg)
dC CDSSO O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
/I(F CDMF 2mb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
9C CDMF D CDSSO O$xLw . . . . . . . . . . . . . . . . . . . . . . . . . . 104
tCM{C CDSSO O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
dC CDSSO O$zF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
S\O$jG}] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
dCjG1dAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
mo CDSSO HTML 4S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
#$O$jG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
dCgSgx%;"a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
gSgxXwM*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
gSgxxLw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
mbgSgx Cookie . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
mb0$51ksM&p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
mb0$51jG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
S\0$51jG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
dCgSgx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Z6B WebSEAL *a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
WebSEAL *aEv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
*a}]b;CMq= . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
&CV#HCJXF:** . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
&C8#HCJXF:** . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
4( WebSEAL *aD8< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
WebSEAL ;'V HTTP 1.0 ;f*a. . . . . . . . . . . . . . . . . . . . . . . . . 127
WebSEAL *aD=SN< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
9C0pdadmin server task14(*a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
dCy> WebSEAL *a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
TCP `M*a. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
SSL `M*a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
`%O$D SSL *a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
viii f> 3.8
![Page 11: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/11.jpg)
WebSEAL i$sK~qw$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
(P{F(DN)%d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
9CM'z$iD WebSEAL O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
9C BA 7D WebSEAL O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
&m(}*aDM'zm]E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
4( TCP M SSL zm*a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
(} SSL D WebSEAL A WebSEAL *a. . . . . . . . . . . . . . . . . . . . . . . . . 136
=S*a!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
?FB*a(–f) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Z HTTP 7Pa)M'zm](–c) . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Z HTTP 7Pa)M'z IP X7(–r) . . . . . . . . . . . . . . . . . . . . . . . 140
+a0 Cookie "M=*aDE'x>~qw(–k) . . . . . . . . . . . . . . . 141
'V;xVs!4D URL(–i) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
&m4TE>MM'zK&CLrD URL(–j). . . . . . . . . . . . . . . . . . 142
9C*a3d&m`TZ~qwD URL . . . . . . . . . . . . . . . . . . . . . . . . 146
4,#fac'V(–s"–u). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
*4,#fac8(sK~qw UUID(–u) . . . . . . . . . . . . . . . . . . . . 148
*a= Windows D~53(–w) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
9C WebSEAL *aD<u"M: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Z,;*aO20`v~qw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
}K4T*a~qwD2, HTML URL . . . . . . . . . . . . . . . . . . . . . . . 153
g}*a4PmI(Dl# . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
g}*aD$iO$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
ZZ}=~qwO9C query_contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
20 query_contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
ZZ}= UNIX ~qwO20 query_contents. . . . . . . . . . . . . . . . . . . . 156
ZZ}= Win32 ~qwO20 query_contents . . . . . . . . . . . . . . . . . . . 157
(F query_contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
#$ query_contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Z7B Web %;"abv=8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
ixTivoli SecureWay Policy Director WebSEAL \m8O
![Page 12: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/12.jpg)
dC%;"abv=8D BA 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
%;"a(SSO)En . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Z BA 7Pa)M'zm] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
a)M'zm]M;c\k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
*"-<M'z BA 7E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
}%M'z BA 7E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
S GSO a)C'{M\k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
9C+V"a(GSO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
3dO$E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
dCtC GSO D WebSEAL *a . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
dC GSO _Y:f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
%;"aA IBM WebSphere(LTPA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
dC LTPA *a. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
dC LTPA _Y:f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
LTPA %;"aD<u"M: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Z8B &CLr/I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
'V CGI `L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Windows:'V WIN32 73d? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
'VsK~qwK&CLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
tC/,LqJq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
S LDAP }]4(LqJq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
9((FvT/~q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
*vT/~qdC WebSEAL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
vT/~q>} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
a)T/, URL DCJXF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
/, URL i~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
+ ACL Ts3dA/, URL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
*/, URL |B WebSEAL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
bvTsUdPD/, URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
T POST ksdC^F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
x f> 3.8
![Page 13: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/13.jpg)
\aM<u"M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
/, URL >}:Travel Kingdom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
&CLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
SZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
2+T_T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
2+M'z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
CJXF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
a[ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
=<A. webseald.conf N< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
=<B. WebSEAL *aN< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
9C0pdadmin server task14(*a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
*a|n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
*u<~qw4(B*a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
+=S~qwmS=VPD*a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
=<C. 9C iKeyman \m$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
t/ iKeyman 5CLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
r*1! WebSEAL \?}]b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
4(B\?}]b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
4(BT)}V$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
mSBy CA $i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
>}y CA $i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Z}]bd4F$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
+$ii!=D~;SD~mS$i . . . . . . . . . . . . . . . . . . . . . . . . . . 226
S}]b1S<k$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
+$i1S<v=}]b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
ks~qw$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
SU}V$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
>}}V$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
xiTivoli SecureWay Policy Director WebSEAL \m8O
![Page 14: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/14.jpg)
8(B1!$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
|D}]b\k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
w} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
xii f> 3.8
![Page 15: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/15.jpg)
0T
6-9C6Tivoli SecureWay Policy Director WebSEAL \m8O7#
Tivoli SecureWay Policy Director WebSEAL GyZ Web DJ4D Policy
Director J42+\mw#WebSEAL G_T\"`_LD Web ~qw,
T\#$D Web TsUd&C8#HD2+T_T#WebSEAL \a)
%;"abv=8,"+sK Web &CLr~qwJ4O"=d2+T
_TP#
>\m8Oa)\m2+ Web rJ4D+?}L0N<E"#>8O2
a)XZwV6'D WebSEAL &\DP[5D30MEnE"#
>8ODA_
>8ODA_|(:
¶ 2+\m1
¶ 5320M?p\m1
¶ xg53\m1
¶ IT hFK1
¶ &CLr*"_
xiiiTivoli SecureWay Policy Director WebSEAL \m8O
![Page 16: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/16.jpg)
>8ODZ]
¶ Z 1 B:WebSEAL Ev
>Bi\ WebSEAL DX*EnM&\,}g:i/M#$TsU
d"O$">$q!M WebSEAL *a#
¶ Z 2 B:WebSEAL ~qwdC
>BG WebSEAL #fdCNqD<uN<,|(:\m Web U
d",1N}"\m$i"&m4O$C'MX(Z WebSEAL D
ACL M POP _T#
¶ Z 3 B:WebSEAL 2+T_T
>Ba)Z WebSEAL O(F2+T_TDj8<u}L,|(:
ACL M POP _T"#$6p"]}O$_T"yZxgDO$_
T"}N%wG<_TM\k?H_T#
¶ Z 4 B:WebSEAL O$
>Ba)hC WebSEAL T\mwVO$=(Dj8<u}L,|
,:C'{M\k"M'K$i"SecurID jG(PzkMXb HTTP
7}]#
¶ Z 5 B:gr"abv=8
>BV[ WebSEAL zmdCb?Dgr"abv=8 — ZM'z
M WebSEAL ~qw.d#
¶ Z 6 B:WebSEAL *a
>BGhCM9C WebSEAL *aD+f<uN<#
¶ Z 7 B:Web %;"abv=8
>BV[ WebSEAL zmdCZ?D%;"abv=8 — Z
WebSEAL ~qwMsK*aD&CLr~qw.d#
¶ Z 8 B:&CLr/I
>BP?`VCZ/IZ}=&CLr&\D WebSEAL \&#
¶ =< A:webseald.conf N<
¶ =< B:WebSEAL *aN<
¶ =< C:9C iKeyman \m$i
xiv f> 3.8
![Page 17: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/17.jpg)
Ve<(
>8OTXbuoMYw9CK8VVe<(#b)<(D,egB:
VeV |n{FM!n"X|VMd|Xkj+4U-D9CDE
",TVeVT>#
1eV d?"|nTd?MzXka)D5,T1eVT>#vfo
DjbMy?wDXbJrLo2T1eVT>#
HmVe zk>}"|nP"A;dv"D~M?<{,T053{"
yTHmVeT>#
xvTivoli SecureWay Policy Director WebSEAL \m8O
![Page 18: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/18.jpg)
`XD Policy Director D5Bm\aK;)ICD Policy Director D5,b)D5;Z Tivoli
SecureWay Policy Director 'V>cO:
Tivoli SecureWay Policy Director <uD5
208O
6Tivoli SecureWay Policy Director Base 208O7
6Tivoli SecureWay Policy Director WebSEAL 208O7
\m8O
6Tivoli SecureWay Policy Director Base \m8O7
6Tivoli SecureWay Policy Director WebSEAL \m8O7(>D5)
6Tivoli SecureWay Policy Director Edge Server e~\m8O7
6Tivoli SecureWay Policy Director Web Portal Manager \m8O7
*"_N<s+
Tivoli SecureWay Policy Director Authorization ADK Developer Reference
Tivoli SecureWay Policy Director Authorization API Java Wrappers Developer
Reference
Tivoli SecureWay Policy Director Administration API Developer Reference
6Tivoli SecureWay Policy Director WebSEAL *"_N<s+7
9dD5
6Tivoli SecureWay Policy Director "P5w7
Tivoli SecureWay Policy Director Performance Tuning Guide
Tivoli SecureWay Policy Director Capacity Planning Guide
CJZ_D5Tivoli Customer Support Web >c(http://www.tivoli.com/support/)a)
BPD5E"D4S:
¶ <uE",|("P5w"20MdC8O"\m8OM*"_N
<s+#
¶ #{Jbbp(FAQ)
¶ m~BXE"
xvi f> 3.8
![Page 19: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/19.jpg)
IZ:http://www.tivoli.com/support/getting/ iR Customer Support
Handbook('V~q8O)#
IZ http://www.tivoli.com/support/documents/ CJZ_ Tivoli v
foDw}#%w Master Index IiRX(z7D'V3f#
I Z :
https://www.tivoli.com/secure/support/Prodman/html/AB.html#SecurityO(}z7f>(; Policy Director <uD5#
;)z7DD5a) PDF M HTML q=#3)z79a)-k}DD
5#
CJs?VDD5h*j6M\k#*q!Z'V Web >cO9CDj
6,k*A http://www.tivoli.com/support/getting/#
XZq! Tivoli <uD5M'VD|`E",-zL&N<
http://www.tivoli.com/support/smb/index.html#
XZq! Tivoli <uD5D|`E",L5oi&N<Zxviii3D:):
D5;#
xviiTivoli SecureWay Policy Director WebSEAL \m8O
![Page 20: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/20.jpg)
):D5I ( } C J
http://www.tivoli.com/support/Prodman/html/pub_order.html Z_)
: Tivoli D5r&rTBg0.;I): Tivoli D5:
¶ @zM':(800) 879-2755
¶ SCsM':(800) 426-4968
a)XZz7D5D4!
RGG#Vbc}z9C Tivoli z7MD5DP\,"RG#6-za
)Dx(i#gPNNPXz7MD5Db{M(i,kTBP==.
;*5RG:
¶ "MgSJ~A [email protected]#
¶ Z http://www.tivoli.com/support/survey/ n4KM4!wim#
*5M''VTivoli Customer Support Handbook ;Z:
http://www.tivoli.com/support/handbook/
|a)XZ Tivoli M''VDw=fE",|(:
¶ "aMJq
¶ gNy]JbDOXT*5<u'V
¶ g0EkMgSJ~X7(!vZzyZDzRrXx)
¶ *5<u'V0&CQ/DE"
xviii f> 3.8
![Page 21: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/21.jpg)
WebSEAL Ev
Tivoli SecureWay Policy Director WebSEAL G_T\"`_LD Web
~qw,T\#$D Web TsUd&C8#HD2+T_T#WebSEAL
\a)%;"abv=8,"+sK Web &CLr~qwJ4O"=d
2+T_TP#
>BEv+i\ WebSEAL ~qwDw*&\#
wbw}:
¶ :9C WebSEAL #$ Web Ud;
¶ Z43D:Kb WebSEAL O$;
¶ Z63D:Kb>$q!;
¶ Z83D:Kb WebSEAL *a;
9C WebSEAL #$ Web Ud
Tivoli SecureWay Policy Director WebSEAL GyZ Web DJ4D Policy
Director J42+\mw#
WebSEAL G_T\"`_LD Web ~qw,T\#$D Web TsU
d&C8#HD2+T_T#WebSEAL \a)%;"abv=8,"+
sK Web &CLr~qwJ4O"=d2+T_TP#
WebSEAL a)TB&\:
¶ 'V`VO$=(
1
1Tivoli SecureWay Policy Director WebSEAL \m8O
1.W
ebS
EA
LE
v
![Page 22: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/22.jpg)
ZC=Me~=e5a9<a)'V`VO$zFDinT#
¶ S\ HTTP M HTTPS ks
¶ (} WebSEAL *a<u/IM#$sK~qwJ4
¶ \mCZ>XMsK~qw Web UdD8#HCJXF
y'VDJ4|(:URL"yZ URL D}rmo="CGI Lr"
HTML D~"Java !~qLrM Java `D~#
¶ w*fr Web zm4P
TZM'z,WebSEAL Iw* Web ~qw,xTZ}\d#$D
*asK~qw,WebSEAL Iw* Web /@w#
¶ a)%;"a&\
< 1. 9C WebSEAL #$ Web Ud
2 f> 3.8
![Page 23: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/23.jpg)
j6#$DZ]`MM6pw* Web UdD2+\m1,zXk}7j6;,C'`MICDZ]
`M#;)Z]Xk\_H#$,;ICZX(DC';d|Z]IS
\#fD+2i4#?v2+T=8P;,D#$*sMX*D
WebSEAL dC#
zD0p*:
¶ Kb Web Z]
¶ j6*sCJCZ]DC'`M
¶ KbICZ#$KZ]D WebSEAL dC!nDEcMuc
Web Z]#$IV* 3 vs`:
1. +2Z] * CJ;h*#$
¶ (} HTTP D4O$M'zCJ
¶ TZJ4DCJXF9C4O$D>$
¶ y>D WebSEAL dC*s
2. +2Z] * CJ*s#\(S\)
¶ (} HTTPS D4O$M'zCJ
¶ #$&CLr~qw*sDtP}](}gEC(EMC'J'
E")h*S\
¶ TZJ4DCJXF9C4O$D>$
¶ WebSEAL dCh*#\
3. (CZ] * CJh*O$
¶ (} HTTP r HTTPS DQO$M'zCJ
¶ \m17(Gqh*S\
¶ TZJ4DCJXF9CQO$D>$;M'zXkZC'"a
mP(eJ'
¶ WebSEAL dC\4S,XkP8<GyP!nT7(2+T_T
D0l
3Tivoli SecureWay Policy Director WebSEAL \m8O
1.W
ebS
EA
LE
v
![Page 24: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/24.jpg)
f.M5V2+T_Ts5D2+T_T7(K:
1. h*#$D Web J4
2. #$6p
Policy Director 9C Web J4Dibm>,4y=D\#$TsUd#
\#$TsUd|,m>xgP5JomJ4DTs#
(}Th*#$DTs&CJ1D2+zF,IT5V2+T_T#
2+zF|(:
¶ CJXFm(ACL)_T
ACL _T7(K;O*ITxPCJDC'`M,"8(JmTCT
sxPDYw#
¶ \#$Ts_T(POP)
POP 8(=Su~T\mT\#$TsDCJ,}g#\T"j{
T"sFM?U1dDCJ#
¶ )9tT
)9tTGCZTs"ACL r POP D=S5,IIZ}=&CLr
(}gb?Z(~q)A!MbM#
Policy Director DKDi~GZ(~q * |yZC'D>$MCZTs
DCJXF,Jmr\xT\#$Ts(J4)DCJ#
*I&5V2+T_T,Xk_-i/;,DZ]`M(g:f.M5
V2+T_T;Pyv)"&CJ1D ACL M POP _T#CJXF\
mI\G#4S,+Z]`MP8V`+9CYwdC]W;)#
Kb WebSEAL O$
O$G;V7("TG<=2+rD%vxLr5eD=(#1~qw
MM'z<*sO$1,C;;}LMGy=D`%O$#
4 f> 3.8
![Page 25: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/25.jpg)
WebSEAL I*s?vM'za)m]$w,Sx5V2+rPD_H2
+T#1 WebSEAL XFT2+rP?vJ4DCJ1,WebSEAL D
O$MZ(*sIa)+fDxg2+T#
Z2+e5a9P,O$;,ZZ(#Z(7(;O$DC'GqP(
TX(J44PYw#O$7#vem]Df5T,+;TdTJ44
PYwD\&vNNPO#
TBu~&CZ WebSEAL O$:
¶ WebSEAL 'V;ij<DO$=(#
IT(F WebSEAL 'Vd|O$=(#
¶ WebSEAL }L@"ZO$=(#
¶ WebSEAL ;*sM'zm]#WebSEAL SKm]qCQO$D(r
4O$D)>$,Z(~qI9CC>$Jmr\xTJ4DC
J#
bVinDO$>6Jm2+T_TTL5hs"x;GTomxgX
Ka9*y!#
O$?Dd; WebSEAL @"ZO$}L,+|*sPO$Da{ * M'zm
]#O$}L+<BTBYw:
1. O$=(zzM'zm]
< 2. `%O$
5Tivoli SecureWay Policy Director WebSEAL \m8O
1.W
ebS
EA
LE
v
![Page 26: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/26.jpg)
;P1C'_PZ Policy Director C'"amP(eDJ'1,M'
zO$EaI&#qr+8(C'*4qO$#
2. WebSEAL 9Cm]*CM'zq!>$
WebSEAL +QO$DM'zm]kQ"aD Policy Director C'`
%d#;s WebSEAL q!JCZKC'D>$#bMG>$q!#
>$|(C'{MC'_PdI1JqDNNi#
g{C'd{,WebSEAL +9(4O$D>$#
b)>$ICZZ(~q,C~qJmr\xCJ WebSEAL \#$
TsUdPQksDTs#
NN*sM'zE"D Policy Director ~q<I9C>$#>$Jm
Policy Director 2+X4P`V~q,}gZ("sFM/I#
PX'VX(O$=(Dx;=E",kNDZ693D:WebSEAL O
$;#
Kb>$q!
O$}LDw*?D.;MGq!hvM'zC'D>$E"#C'>
$GNk2+rn/Dw**s.;#
Policy Director xVC'O$M>$q!#C'm]@6G#?#+>$
* (eC'NkDirG+ * 4Gd?#X(ZOBDD>$If1
d|D#}g,1C'z}1,>$Xk43BD0p6p#
O$}L+zIX(Z=(DC'm]E"#+TU$tZ Policy
Director C'"am(1!ivB* LDAP)DC'J'E"TKE"x
Pli#WebSEAL +C'{MiDE"3d*+2r6'Dm>==,
dq=*0)9X(tT$i1(EPAC)#
6 f> 3.8
![Page 27: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/27.jpg)
X(Z=(Dm]E",}g\k"jGM$i,m>C'Domm]
tT#KE"ICZ("k~qwD2+a0#
zID>$m>C'Z2+rPDX(,hvX(OBDPDC',R
vZa0P'ZZP'#
Policy Director >$|,C'm]MC'_PdI1JqDi#
)9X(tT$i(EPAC)>$INNh*XZM'zDE"D Policy Director ~q9C#
}g,Z(~q9C>$T7(GqQZ(C'T2+rPD\#$J
44PX(Yw#
EPAC |,0(;+Vj6{1(UUID),Policy Director h*|4&
mCJXFPm(ACL)#
Policy Director +>$CZd|~q,}g:
¶ sF~q
¶ WebSEAL *aPD/I\&
TB EPAC VNJCZ Policy Director:
tT hv
2+rj6 weDw2+rj6
< 3. +m]E"3d=>$
7Tivoli SecureWay Policy Director WebSEAL \m8O
1.W
ebS
EA
LE
v
![Page 28: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/28.jpg)
tT hv
we UUID weD UUID
i UUID weytiD UUID
Kb WebSEAL *aPolicy Director a)xgDO$"Z(M\m~q#ZyZ Web Dxg
P,b)~qnCI;vr`v0K WebSEAL ~qwa),b)~q
w/IM#$;ZsK Web ~qwOD Web J4M&CLr#
WebSEAL ~qwMsK Web &CLr~qw.dD,SFw WebSEAL
*ar*a#WebSEAL *aG0K WebSEAL ~qwMsK~qw.
dD TCP/IP ,S#
sK~qwITGm;v WebSEAL ~qw,r_|#{X,GZ}=
Web &CLr~qw#sK~qw Web UdGZ WebSEAL {FUd
DXp8(D*a(20)ck WebSEAL ~qw0,S1D#
*aJm WebSEAL zmsK~qwa)#$~q#ZrsK~qw+
]ks.0,WebSEAL \T+?ks4PO$MZ(li#g{sK~
< 4. ,S WebSEAL MsK~qwD*a
8 f> 3.8
![Page 29: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/29.jpg)
qwh*TTsD8#HCJXF,Xk4P=SDdC=h,r Policy
Director 2+~qhvZ}= Web Ud(kNDZ1553D:ZZ}=~
qwO9C query_contents;)#
*aa)IluD"2+D73,C73Ia):X=b"_ICTM
4,\m\& * +?TM'z8w4P#w*\m1,zIqfZbV
{FUdD/P\m#
WebSEAL *a(}_-X+sK~qwD Web UdM WebSEAL ~
qwD Web UdiOZ;pTa)=S5#-w~qwdD*azz%
@D"3;D"V<= Web Ud,|TC'G^lM8wD#
M'S;h**@ Web J4Dom;C#WebSEAL +_- URL X7
*;IsK~qwZ{DomX7#I+ Web TsS;v~qwF/=
m;v~qw,x;a0lM'zCJb)TsD==#
3;D Web Udr/K53\m1TyPJ4D\m#d|D\mEc
|(IluT":X=bM_ICT#
9Tivoli SecureWay Policy Director WebSEAL \m8O
1.W
ebS
EA
LE
v
![Page 30: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/30.jpg)
s?VL5 Web ~qw;_P(e_- Web TsUdD\&#!kz
.,|GDCJXFGkomD~M?<a9,SD#WebSEAL *aI
w7(eTsUd,|43Ki/a9x;Gj< Web ~qwOv=D
omzwM?<a9#
WebSEAL *a2Jm4(%;"abv=8#%;"adCJmC'v
9C;Nu<G<CJJ4(kJ4D;C^X)#TNN4TsK~
qwDx;=G<*sD&mTC'<G8wD#
WebSEAL *aG9zD Web >cIluDX*$_#*aJmz(}
mS=SD~qw4l&T Web >cDv$D*s#
< 5. WebSEAL *azz3;D Web Ud
10 f> 3.8
![Page 31: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/31.jpg)
WebSEAL *aM Web >cIluT9C WebSEAL *aI4(IluD Web >c#fET Web >c*
sDv$,I=cXmS|`D~qw,)d>cD]?#
IZTB-r,ImS=SD~qw:
¶ C=SZ])d>c
¶ *K:X=b"JO*FM_ICT\&x4FVPZ]
Q4FD0K WebSEAL ~qw
TsK~qwD*a'VCAY;v0K WebSEAL ~qw4t/#Q
4FD0K WebSEAL ~qwZs?hsZdr>ca):X=b#:
X=bzFIg, IBM Network Dispatcher r Cisco Local Director b
yDzF4&m#
0K4F9r>ca)JO*F&\ * g{~qwIZ3v-r'\,
#`D1>~qw+Lxa)T>cDCJ#I&D:X=bMJO*
F\&*>cC'x4_ICT#
11Tivoli SecureWay Policy Director WebSEAL \m8O
1.W
ebS
EA
LE
v
![Page 32: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/32.jpg)
Z4F0K WebSEAL ~qw1,?v~qwXk|, Web UdM*
a}]bD+71>#
CZO$DJ'E"$tZ@"Z0K~qwDC'"amP#
'VsK~qw
Web >cZ]ITI WebSEAL ~qw>m"sK~qwr~_DiO
a)~q#WebSEAL *a'VsK~qw,Jm(}=SDZ]MJ4
lu Web >c#
?v(;DsK~qwXkk%@D*a(20)c*a#fET=S
Z]*sDvS,I(}*amS|`D~qw#K=8*ZZ}= Web
~qwOPO`VP6JDxga)Kbv=8#
< 6. Q4FD0K WebSEAL ~qw
12 f> 3.8
![Page 33: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/33.jpg)
B<5w*agNa)3;D"_-DTsUd#C Web UdTZC'
G8wD,"RJm/P\m#
< 7. *asK~qw
13Tivoli SecureWay Policy Director WebSEAL \m8O
1.W
ebS
EA
LE
v
![Page 34: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/34.jpg)
gB;Zyv,Q4FDsK~qwk`,D*ac*a#
4FDsK~qw
*+IluT&\)9=sK~qwdC,zIT4FsK~qw#g
,1>0K~qw,1>sK~qwXk|,%*5sD Web Ud#
WebSEAL 9C0nUP1wHc(Zw1>~qwPxP:X=b#K
c(+?vBDks(r=QP,S}nYD~qw#
1~qw1z1,WebSEAL 2+}7XxPJO*F;;)XBt/~
qw,WebSEAL 2+*<XB9CC~qw#
g{sK&CLr*s4,,$Z8v3fP,9C4,#facI7
#?va0<5XA,;vsK~qw#
< 8. 3;D Web Ud
14 f> 3.8
![Page 35: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/35.jpg)
< 9. 4FDsK~qw
15Tivoli SecureWay Policy Director WebSEAL \m8O
1.W
ebS
EA
LE
v
![Page 36: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/36.jpg)
16 f> 3.8
![Page 37: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/37.jpg)
WebSEAL ~qwdC
>B|,hv#f\mMdCNqDE",zIT4Pb)Nq*xg
(F WebSEAL ~qw#
wbw}:
¶ Z183D:;c~qwE";
¶ Z203D:dC(EN};
¶ Z253D:\m Web Ud;
¶ Z313D:dC HTTP ms{";
¶ Z343D:\m(FD HTML 3f;
¶ Z353D:\mM'zKM~qwKD$i;
¶ Z403D:dC1!#$6p;
¶ Z423D:dCZ(}]b|BMV/;
¶ Z433D:4F0K WebSEAL ~qw;
¶ Z453D:dCj< HTTP G<;
2
17Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 38: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/38.jpg)
;c~qwE"TBwZhvXZ WebSEAL ~qwD;cE":
¶ :webseald.conf dCD~ri;
¶ Z193D:WebSEAL 20Dy?<;
¶ Z203D:WebSEAL ~qwy?<;
¶ Z203D:t/M#9 WebSEAL;
webseald.conf dCD~riIT(}dC;Z webseald.conf dCD~DN}(F WebSEAL DY
w:CD~;ZTB?<:
UNIX:
/opt/pdweb/etc/
Windows:
C:\Program Files\Tivoli\PDWeb\etc\
Bm\aKw?VMwZ:
?V Z
WEBSEAL GENERAL [server]
LDAP [ldap]
SSL [ssl]
JUNCTION [junction] [filter-url] [filter-schemes]
[script-filtering] [gso-cache] [ltpa-cache]
AUTHENTICATION [ba ] [ fo rms] [ token ] [ce r t i f i ca t e ]
[http-headers] [auth-headers] [ipaddr]
[authentication-levels] [mpa] [cdsso]
[cdsso-peers] [failover] [e-community-sso]
[ i n t e r - d o m a i n - k e y s ]
[authentication-mechanisms] [ssl-qop]
[ s s l - q o p - m g m t - h o s t s ]
[ s s l - q o p - m g m t - n e t w o r k s ]
[ssl-qop-mgmt-default]
SESSION [session]
18 f> 3.8
![Page 39: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/39.jpg)
?V Z
CONTENT [content] [acnt-mgt] [cgi] [cgi-types]
[ c g i - e n v i r o n m e n t - v a r i a b l e ]
[content-index-icons] [icons] [content-cache]
[content-mime-types] [content-encodings]
LOGGING [logging]
AUTHORIZATION API [ a z n a p i - c o n f i g u r a t i o n ]
[aznapi-entitlement-services]
POLICY DIRECTOR [policy-director]
kNDZ1953D:webseald.conf N<;#
":?N|D webseald.conf D~1,<XkV$XBt/ WebSEAL,
b y M I6p B D | D # k N D Z 2 0 3 D : t / M #9
WebSEAL;#
WebSEAL 20Dy?<WebSEAL LrD~20ZTBy?<P:
UNIX:
/opt/pdweb/
Windows:
C:\Program Files\Tivoli\PDWeb\
ITZ Policy Director Windows f20PdCC76#+;\Z Policy
Director D UNIX 20PdCC76#
>8O9C <install-path> d?zmbvy?<#
Z UNIX 20P,TB@"?<|,I)9DD~,}gsFMU>D
~:
/var/pdweb/
19Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 40: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/40.jpg)
WebSEAL ~qwy?<webseald.conf dCD~PD server-root N}(et/1 WebSEAL ~
qwYwD;C#
[server]server-root = /opt/pdweb/www
webseald.conf dCD~Pm>DyP`T76{<G`TZKy?<
D#
":(#ivB,;&1|DK76{#
t/M#9 WebSEALITZ UNIX O9C pdweb_start |nT0Z Windows O9C0~
qXFfe1t/M#9 WebSEAL ~qwxL#
UNIX:
pdweb_start {start|stop|restart|status}
}g,*#9 WebSEAL ~qw,;sXBt/~qw,k9C:
# pdweb_start restart
pdweb_start |n;ZTB?<P:
/opt/pdweb/bin/
Windows:
Z0~qXFfe1Pj6 WebSEAL ~qwxL"9CJ1DXF4
%#
dC(EN}
TBwZhvXZ WebSEAL ~qwD;cE":
¶ Z213D:* HTTP ksdC WebSEAL;
¶ Z213D:* HTTPS ksdC WebSEAL;
¶ Z223D:^F4TX( SSL f>D,S;
20 f> 3.8
![Page 41: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/41.jpg)
¶ Z223D:dC HTTP M HTTPS $wLr_L;
¶ Z233D:HTTP/HTTPS (ED,1N};
¶ Z243D:=S WebSEAL ~qw,1N};
* HTTP ksdC WebSEALWebSEAL (#&mm`4T4O$C'D HTTP ks#}g,(#J
md{C'T Web >cD+2?VOD!(D5xP;ACJ#
(} TCP &m HTTP ksDN};Z webseald.conf dCD~D
[server] ZP#
tC/{C HTTP CJ
Z WebSEAL dCZdtCr{C HTTP CJ:
http = {yes|no}
hC HTTP CJKZ5
HTTP CJD1!KZG 80:
http-port = 80
}g,*+KZ|D* 8080,khC:
http-port = 8080
* HTTPS ksdC WebSEALCZ&m SSL OD HTTP ks(HTTPS)DN};Z webseald.conf
dCD~D [server] ZP#
tC/{C HTTPS CJ
Z WebSEAL dCZdtCr{C HTTPS CJ:
https = {yes|no}
hC HTTPS CJKZ5
HTTPS CJD1!KZG 443:
https-port = 443
}g,*+KZ|D* 4343,khC:
https-port = 4343
21Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 42: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/42.jpg)
^F4TX( SSL f>D,SIT@"XtCM{C SSL f> 2"SSL f> 3 M TLS f> 1 D,
S#XFX( SSL M TLS f>,SDN};Z webseald.conf dCD
~D [ssl] ZP#1!ivB,tCyP SSL M TLS f>#
[ssl]disable-ssl-v2 = nodisable-ssl-v3 = nodisable-tls-v1 = no
dC HTTP M HTTPS $wLr_LQdCD$wLr_L}?8(K~qwy\~qD"PxkksD}
?#1yP$wLr_LHO&1,=oDd|,S+xk:ex,1
=PICD$wLr_L*9#
IThC* WebSEAL Dxk,S~qDIC_L}#k+DdC$w
Lr_LD}?,r*|I\0lT\#
CdCN}";?F*s,1,SDO^}?#KN}r%X8(K_
L}?,IT*1ZD;\F^D$wSPa)~q#
ky]TxgD(E?M(E`MDKb,!q$wLr_LDnQ}
?#
fE_L}?DvS,jIksD=y1d;cGuYD#;x,vS
_L}?I\0ld|rX,b)rXaT~qwT\zz:f0l#
WebSEAL ,$%@D;c$wLrPmM$wLr_LX,T&m4T
M'zD9C TCP"SSL r GSSAPI (@Dks#bVv?DzF9
WebSEAL \;Z&m`1sD:X1v{DOYD53J4#
IT(}hC webseald.conf dCD~PD [server] Z?VPD
worker-threads N}dC$wLr_LXs!#
[server]worker-threads = 50
":?R(i;ZTT\JbxPJOoO1E|DKN}#
22 f> 3.8
![Page 43: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/43.jpg)
HTTP/HTTPS (ED,1N}WebSEAL 9C SSL D IBM Global Security Kit(GSKit)5V#1
WebSEAL SU=4T HTTPS M'zDks1,GSKit SSL +("u
<UVEE",$a04,#
WebSEAL 'VTB HTTP M HTTPS (ED,1N}#b)N};Z
webseald.conf dCD~D [server] ZP#
¶ client-connect-timeout
;)QvVu<UVEE,rCN}+8>TZu< HTTP r
HTTPS ks,WebSEAL #V,Sr*D1d$H#1!5G 120
k#
[server]client-connect-timeout = 120
¶ persistent-con-timeout
CN}X(Z HTTP/1.1(G HTTP/1.0),S#ZZ;N HTTP/1.1
ksM~qwl&s,CN}XF WebSEAL XU.0#V HTTP/1.1
VC,Sr*Dnsk}#1!5* 5 k#
[server]persistent-con-timeout = 5
23Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 44: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/44.jpg)
=S WebSEAL ~qw,1N}TB=S,1N}IZ webseald.conf dCD~PhC:
N} hv 1!5(k)
[junction] http-timeout (} TCP *arsK~qw"
M}]MS|A!}]D,1
5#
120
[junction] https-timeout (} SSL *arsK~qw"
M}]MS|A!}]D,1
5#
120
[cgi] cgi-timeout r>X CGI xL"M}]MS
|A!}]D,15#
120
[junction] ping-time WebSEAL *?v*aD~qw
(Z4Ps( ping,T7(|G
Gq}ZKP# WebSEAL n`
? 300 k ping ;N,;a|5
1(^[h(DGN5)#
300
< 10. HTTP M HTTPS (ED,1N}
24 f> 3.8
![Page 45: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/45.jpg)
\m Web Ud
TBwZhv\m Web UdyhDNq:
¶ :Web D5wDy?<;
¶ Z263D:dC?<w};
¶ Z273D:Windows:CGI LrDD~|{<(;
¶ Z283D:dC Web D5_Y:f;
Web D5wDy?<Web D5w;CG`TZD5DD5wy?<DxT76,WebSEAL 9
b)D5I*ICD5#C76{I webseald.conf dCD~ [content]ZPD doc-root N}m>#nuZ WebSEAL 20Zd("1!;C:
UNIX:
doc-root = /opt/pdweb/www/docs
Windows:
doc-root = C:\Program Files\Tivoli\PDWeb\www\docs
C5;9C;N * 20sZ;Nt/ WebSEAL D1r#;sC5;
f"Z*a}]bP#TsZ webseald.conf PTC5Dx;=^DT
|;P0l#
20s,Xk9C pdadmin 5CLr4|DD5y?<;C5#TB>
}(~qw{F* websealA)5wKK}L:
1. G<= pdadmin:
# pdadminpdadmin> logindkC'j6:sec_masterdk\k:pdadmin>
2. 9C server task list |nT>yP10*ac:
pdadmin> server task websealA list/
3. 9C server task show |nT>*aDj8E":
25Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 46: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/46.jpg)
pdadmin> server task websealA show /*ac:/`M:>X*a2^F:0 * 9C+V5*am^F:0 * 9C+V5n/D$wLr_L:0y?<:/opt/pdweb/www/docs
4. 4(BD>X*a4f;10*ac(h* -f !n4?F2GVP*
aDB*a):
pdadmin> server task websealA create -t local -f -d /tmp/docs /Created junction at /
5. PvB*a:
pdadmin> server task websealA list/
6. T>C*aDj8E":
pdadmin> server task websealA show /*ac:/`M:>X*a2^F:0 * 9C+V5*am^F:0 * 9C+V5n/D$wLr_L:0y?<:/tmp/docs
dC?<w}ksD URL mo=T?<{ax1,zIT8(I WebSEAL 5XD
1!D~D{F#g{C1!D~fZ,WebSEAL r+D~5XM'
z#g{D~;fZ,r WebSEAL +/,zI?<w}"+Pm5X
M'z#
CZdC?<w}D~DN};Z webseald.conf dCD~D [content]ZP#
w}D~D1!5*:
[content]directory-index = index.html
g{zD>c9C;,D<(,IT|DKD~{#}g:
[content]directory-index = homepage.html
26 f> 3.8
![Page 47: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/47.jpg)
g{ksPD?<;|, directory-index N}(eDw}D~,r
WebSEAL +/,zI?<w}#zIDw}|,?<Z]Pm,xPA
?<PD?vu?D4S#v1M'zksCJTZC?<Z ACL O_
P0Pm1(l)mI(D?<1,EazIw}#
IT*zIDw}PPvD?vD~`MdCI WebSEAL 9CDX(
<N<j#webseald.conf dCD~PD [content-index-icons] Z|,
D5 MIME `MMT>DX* .gif D~DPm:
[content-index-icons]image/*= /icons/image2.gifvideo/* = /icons/movie.gifaudio/* = /icons/sound2.giftext/html = /icons/generic.giftext/* = /icons/text.gifapplication/x-tar = /icons/tar.gifapplication/* = /icons/binary.gif
ITdCKPmT*?;v MIME `M8(d|<j#2IT6L(;
<j#}g:
application/* = http://www.acme.com/icons/binary.gif
2ITdCTB=S<j5:
¶ CZm>S?<D<j:
[icons]diricon = /icons/folder2.gif
¶ CZm>8?<D<j:
[icons]backicon = /icons/back.gif
¶ CZm>4*D~`MD<j:
[icons]unknownicon = /icons/unknown.gif
Windows:CGI LrDD~|{<(|,Z webseald.conf dCD~D [cgi-types] ZPDN}Jmz8(
Windows D~)9`M,C`M+w* CGI Lr;6pM4P#
27Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 48: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/48.jpg)
UNIX Yw53;h*D~)9{#+Xk* Windows Yw53(eD
~)9`M# [cgi-types] ZPvKyPP'D)9`M,"R(ZX*
1)+?v)9{3d=J1D CGI Lr#
[cgi-types]<extension> = <cgi-program>
1!ivB,;+G)xPkZPyPD~)9{%dDD~w* CGI
Lr4P#g{PmP;|,3v CGI LrD)9{,+;4PCL
r#
xP .exe )9{DD~+I Windows 1!w*Lr4P,;h*3
d#
":+G,^[N1k*Z Windows O20 .exe D~CZBX,<X
kX|{C)9{r+D~20*i5D~D;?V(}g .zip)#
zXk*zmbME>D~D)9{a)J1DbMLr#b))9{
`MD>}|(:shell E>(.sh M .ksh)"Perl E>(.pl)M Tcl
E>(.tcl)D~#
TB>}5wK;vdMD [cgi-types] ZdC:
[cgi-types]bat = cmdcmd = cmdpl = perlsh = shtcl = tclsh76
":Z .bat M .cmd D~D9CPaf0=OXD2+TJb#kww
9Cb)D~`M#
dC Web D5_Y:fIZ Web D5lwT\;Q,M'zI\a-#v=xgf!1dMD
~BX1d}$DJb#IZ WebSEAL ~qw}ZH}S*aDsK
~qwrYH|}D>Xf"wlwD~,rKa<BT\;Q#
Web D5_Y:f&\Jm++2CJD Web D5`Mf"Z
WebSEAL ~qwDZfP#LxksQ-_Y:fZ WebSEAL ~q
wPDD51,M'z+qClC`Dl&#
28 f> 3.8
![Page 49: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/49.jpg)
_Y:fDD5I|(2,DD>D5M<N<q#+;\_Y:f/
,zzDD5,}g}]bi/a{ #
Web D5_Y:fa)KinT,ITS WebSEAL x;Gg=*aD
sK~qwqCD5#
_Y:fGZ MIME `MDy!O4PD#* Web D5_Y:fdC
WebSEAL 1,+j6TB}vN}:
¶ D5 MIME `M
¶ f"iJ`M
¶ f"iJs!
Z webseald.conf dCD~D [content-cache] ZP(e Web D5_
Y:f#&CTBo(:
<mime-type> = <cache-type>:<cache-size>
N} hv
mime-type zm HTTP0Content-Type:1l&7P+MDNNP' MIME
`M#C5IT|,(d{(*)#*/* 5zm1!DTs_Y
:f,|+#t;{OT=dCD_Y:fDNNTs#
cache-type 8(CZ_Y:fDf"iJ`M#Policy Director D>"P
f;'V0memory1_Y:f#
cache-size 8(Zy]0n|nY9C1c(}%Ts0,x(_Y:
fs!Iv$=Dns5(T KB F)#
>}:
text/html = memory:2000image/* = memory:5000*/* = memory:1000
Web D5_Y:fzF[lTBb)u~:
¶ ;Z(e_Y:f1"z_Y:f#
¶ 201;(e_Y:f#
29Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 50: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/50.jpg)
¶ g{;8(1!_Y:f,+;a_Y:fkNNT=_Y:f;
%dDD5#
¶ T;T_Y:fE"DyPks4PZ(#
"ByP_Y:f
IT9C pdadmin 5CLr4"ByPQdCD_Y:f#C5CLr
;Jm"B%v_Y:f#
ZIT9C pdadmin .0,Xkw* Policy Director \m1
sec_master G<A2+r#
*"ByP Web D5_Y:f,kdkTB|n:
UNIX:
# pdadmin server task <server-name> cache flush all
Windows:
MSDOS> pdadmin server task <server-name> cache flush all
_Y:f3FE"
IT9C pdadmin 5CLr4a)10_Y:f9CivDy>3FE
"#3FE"m>_Y:fP#tDn}?MT?nDks}?#
ZIT9C pdadmin .0,Xkw* Policy Director \m1
sec_master G<A2+r#
*qC10_Y:f9CivD3FE",kdkTB|n:
UNIX:
# pdadmin server task <server-name> cache stat
Windows:
MSDOS> pdadmin server task <server-name> cache stat
30 f> 3.8
![Page 51: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/51.jpg)
dC HTTP ms{"P1,WebSEAL ~qwT<*ks~q4'\#Pm`I\}p'\D
-r#}g:
¶ D~;fZ
¶ mI(hC{9CJ
¶ ;}7D UNIX D~mI(r`Fiv9C CGI Lr^(4P
~qks'\"z1,~qw+r/@w5Xms{",}g,Z HTML
ms3PD0403 ;{91#P8VICDms{";?v{"<f"Z
%@D HTML D~P#
b)D~f"ZTB?<P:
UNIX: <install-path>/www/lib/errors/<locale-dir>
Windows: <install-path>\www\lib\errors/<locale-dir>
errors ?<|,m`oT73S?<,|,ms{"D~D>X/f
>#
}g,@z/"o{"D?<76*:
UNIX: <install-path>/www/lib/errors/en_US
Windows: <install-path>\www\lib\errors/en_US
C?<PD{"T HTML q=#f,rK\Z/@wP}7T>#IT
`-b) HTML 3fT(F|GDZ]#D~{FGYw'\15XD
Z?mskD.yxF5#;\|Db)D~{#
Bm|,;)|Uims{"DD~{MZ]Pm:
31Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 52: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/52.jpg)
D~{ jb hv HTTP m
sk
132120c8.html O$'\ ^(*9CDM'$ilw>$#I
\D-r|(:
¶ C'a)K;}7D$i
¶ $iQ;7{
¶ O$}]b1YC'>$
1354a2fa.html GU?< ksDYw*sp6GU?<#bG
G(Yw#
1898d259.html ^("aC' ksDJ4*s WebSEAL ~qw"a
C'Am;v Web ~qw#;x,1
WebSEAL T<lwE"1"zJb#
1898d25a.html C';P%;"aE
"
WebSEAL ^(*ksDJ4(; GSO
C'#
1898d25b.html C';P%;"a?
j
WebSEAL ^(*ksDJ4(; GSO
C'#
1898d25c.html C'P`v"a?j *ksDJ4(eK`v GSO ?j#
bG;vmsdC#
1898d25d.html h*G< ksDJ4I*aDsK Web ~qw
#$,*s WebSEAL "aC'AC
Web ~qw#*K,C'XkHG<
= WebSEAL#
1898d25e.html ^("aC' ksDJ4*s WebSEAL ~qwCC
'"a=m;v Web ~qw#+C'
JED"aE";}7#
1898d25f.html bbDO$aJ WebSEAL S*aDsK Web ~qw
SU=bbDO$aJ#
1898d421.html Y1F/ ksDJ4Q;Y1F/#(#"z
ZvVms&mDX(rDiv#
302
1898d424.html msks WebSEAL SU=^'D HTTP ks# 400
1898d425.html h*G< ksDJ4I WebSEAL #$,*CJ
|,XkHG<#
1898d427.html ;{C C';_PCJksDJ4DmI
(#
403
1898d428.html R;= ^((;ksDJ4# 404
32 f> 3.8
![Page 53: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/53.jpg)
D~{ jb hv HTTP m
sk
1898d432.html ~q;IC WebSEAL yhDCTjIksD~q
10;IC#
503
1898d437.html ~qwRp WebSEAL ~qwQ;53\m1Y1
]R#Z\m1+~qw5Xx~q
0,+;&mks#
1898d439.html *'a0E" /@w/~qwD;%Gk;Yl&
D*aDsK~qwD4,a0#
WebSEAL h*C~qwOD~qTj
Iks#
1898d442.html ~q;IC WebSEAL *sD~q;Z*aDsK
~qwO,K~qwOD SSL `%O
$'\#
1898d7aa.html CGI Lr'\ CGI Lr^(}74P#
default.html ~qwms IZbbms,WebSEAL ^(jIk
s#
500
deletesuccess.html I& M'zt/D DELETE ksI&j
I#
200
putsuccess.html I& M'zt/D PUT YwI&jI# 200
relocated.html Y1F/ ksDJ4Q;Y1F/# 302
websealerror.html 400 WebSEAL ~qw
ms
WebSEAL ~qwZ?ms# 400
j'VTBjICZ(F0ZPPvD HTML ms3f#jI/,f;J1D
ICE"#
j hv
%ERROR_CODE% mskD}5#
%ERROR_TEXT% {"`?PkmskX*DD>#
%METHOD% M'zksD HTTP =(#
%URL% M'zksD URL#
%HOSTNAME% +^(wz{#
%HTTP_BASE% ~qwDy> HTTP URL0http://<host>:<tcpport>/1#
%HTTPS_BASE% ~qwDy> HTTPS URL0https://<host>:<sslport>/1#
33Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 54: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/54.jpg)
j hv
%REFERER% 4TksDN<E"7D5,g{;Pr*04*D1#
%BACK_URL% 4TksDN<E"7D5,g{;Pr*0/1#
%BACK_NAME% g{ZksPPN<E"7,5*0BACK1,g{;P,5*
0HOME1#
\m(FD HTML 3f
Policy Director |,y> HTML m%,I;(F*|,X(Z>cD{
"r4PX(Z>cDYw#s?Vm%JCZ(} HTTP r HTTPS D
m%"jGM BA O$#
b)m%DD~;CI webseald.conf dCD~D [acnt-mgt] ZPD
mgt-pages-root N}(e#
mgt-pages-root = lib/html/<lang-dir>
5J9CD?<yZ>X/#1!D@z"o?<*:
lib/html/C
UooT73+D~(;Z:
lib/html/JP
(F3fN}M5
TBXbD HTML 3fN}M5;Z webseald.conf dCD~D
[acnt-mgt] ZP#;)3fvIa)m]E"Dm%G<=(9C#
N} 3f C(
login = login.html m%G<
logout = logout.html m%G<
account-locked = acct_locked.html NN=(
passwd-expired = passwd_exp.html NN=(
passwd-change = passwd.html NN=(
passwd-change-success = passwd_rep.html NN=(
passwd-change-failure = passwd.html NN=(
help = help.html NN=(
token-login = tokenlogin.html jGG<
34 f> 3.8
![Page 55: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/55.jpg)
N} 3f C(
next-token = nexttoken.html jGG<
stepup-login = stepuplogin.html ]}O$
(F HTML 3fhv
m% hv
login.html C'{M\kDj<ksm%
logout.html I&"zsT>D3f#
acct_locked.html IZx(DJ'<BC'O$'\,xT>D3f#
passwd_exp.html IZ''\k<BC'O$'\,xT>D3f#
passwd.html |D\km%#g{\k|Dks'\,2aT>K3f#
passwd_rep.html g{\k|DksI&xT>D3f#
help.html |,AP'\m3fD4SD3f#
tokenlogin.html jGG<m%#
nexttoken.html B;vjGm%#
stepuplogin.html ]}O$G<m%#
P=vjICZb)3fP#I+b)jV{.ECZ#eD~P#j
+/,Xf;`&DD5#
j hv
%USERNAME% C'G<D{F#
%ERROR% S Policy Director 5XD2`kDms{"#
\mM'zKM~qwKD$i
>ZhvhC WebSEAL yhD\mMdCNq,Tc&mCZ(}
SSL O$DM'zKM~qwK}V$i#
WebSEAL h*$iCZTBiv:
¶ WebSEAL 9Cd~qwK$ir SSL M'zmwT:m]
¶ WebSEAL CM'zK$ir*aDsK~qw(*`%O$xd
C)mwT:m]
35Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 56: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/56.jpg)
¶ WebSEAL iDdO$PD(CA)y$i}]b,Ti$9CM'z
K$ixPCJDM'z
¶ WebSEAL iDdO$PD(CA)y$i}]b,Ti$*`%O$
xdCD*aDsK~qw#
WebSEAL 9C SSL D IBM Global Security Kit(GSKit)5V4dC
M\m}V$i#GSKit a) iKeyman 5CLr4hCM\m$i\?
}]b,C}]bP|,;vr`v WebSEAL ~qw/M'z$iM
CA y$i#
WebSEAL Z201|,TBi~,Tc(}}V$i'V SSL O$:
¶ 1!\?}]b(pdsrv.kdb)
¶ 1!\?}]bf"D~(pdsrv.sth)M\k(0pdsrv1)
¶ ;)+2D CA y$i
¶ T)DbT$i,WebSEAL IC|r SSL M'zmwT:m]
FvS*{DO$PDjk#{D$i4f;CbT$i#
WebSEAL $i&mDdC|(:
¶ Z373D:dC WebSEAL D\?}]bN};
¶ Z393D:9C iKeyman $i\m5CLr;
¶ Z403D:dC CRL li;
Kb GSKit \?}]bD~`MIBM Key Management $_(iKeyman)9CBmP\aD8VD~`
M#
CMS \?}]bI;vxP .kdb )9{DD~MI\D=vr|`d
|D~9I#4(B\?}]b1,+4( .kdb D~#.kdb D~PD
\?G<ITG$irxPdS\D(C\?E"D$i#
4(B$iks1,+4( .rdb M .crl D~#Z{v CA $iks
}LP, .rdb D~<GXhD#
36 f> 3.8
![Page 57: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/57.jpg)
D~`M hv
.kdb 0\?}]b1D~#f"vK$i"vK$iksM)p_$i#
}g,1! WebSEAL \?}]bD~G pdsrv.kdb#
.sth 0f"1D~#f"\?}]b\kDS\f>#KD~Dy{Fk
X*D .kdb D~D`,#
.rdb 0ks1}]bD~#4( .kdb \?}]bD~1,+T/4(KD
~#KD~Dy{FkX*D .kdb D~D`,#KD~|,4jID
$iks,94S CA SUXCks#1$iS CA 5X1,+Z
.rdb D~PQw%dD$iks(yZ+C\?)#g{R=%d,r
SUks"RS .rdb D~>}`&D$iks#g{R;=%d,r
\xSU$iD"T#$iksP|,+2{F"i/"V@X7M
d|ks18(DE",T0kksX*D+CM(C\?#
.crl 0$i7zPm1D~#KD~(#|,QIZ;Vrm;V-rx
!{D$iPm#;x,iKeyman ;*$i7zPma)NN'V,y
TKD~GUD#
.arm T ASCII `kD~xFD~#.arm D~|,$iT base-64 `kD
ASCII m>,|,d+C\?,+;|,(C\?#-<~xF$i}
]+*;* ASCII m>#1C'SU= .arm D~q=D$i1,
iKeyman + ASCII m>bk"+~xFm>EkJ1D .kdb D~P#
,y,1C'S .kdb D~i!$i1,iKeyman a+}]S~xF*
;* ASCII "+dEk .arm D~P#.arm D~PD ASCII }]G
$iks}LZdz"MA CA DZ]#"b:(} .arm b);*D
~>mGT Base64 `kDD~,IS\9CNND~`M#
.der 0(P`kfr1D~#.der D~|,$iD~xFm>,|,d+C
\?,+;|,(C\?#k .arm D~\`F,}Km>G~xF,
x;G ASCII#
.p12 0PKCS 121D~,dP PKCS m>0+C\?\kuj<1#.p12 D
~|,$iD~xFm>,|,d+C\?M(C\?#.p12 D~2I
\|,`v$i;}g,$i")"$iD CA D$i"CA $iD
)"_,T0{D)"_HH#r* .p12 D~|,(C\?,yT|
G\\k#$D#
dC WebSEAL D\?}]bN}WebSEAL $i\?D~:
37Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 58: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/58.jpg)
201,WebSEAL a)1!D$i\?}]b# webseal-cert-keyfileN};Z webseald.conf dCD~D [ssl] Z,|CZj6KD~D{
FM;C:
[ssl]webseal-cert-keyfile = /var/pdweb/www/certs/pdsrv.kdb
IT9C iKeyman 5CLr44(B\?}]b#;x,XkZ
webseal-cert-keyfile N}PdkKB\?D~D{FM;C,Tc
WebSEAL \;iRM9CC}]bP|,D$i#
$i\?D~\k:
201,WebSEAL 9a)|, pdsrv.kdb \?D~\kD1!f"D
~#webseal-cert-keyfile-stash N}a+f"D~D;C(*
WebSEAL:
webseal-cert-keyfile-stash = /var/pdweb/www/certs/pdsrv.sth
Z C f " D~PS\ D 1!\ k * 0 p d s r v 1# 2 I T Z
webseal-cert-keyfile-pwd N}P+\kmv*?D>#}g:
webseal-cert-keyfile-pwd = pdsrv
2 01, W e b S E A L 9C f " D~4 q ! \ ? D~\ k #
webseal-cert-keyfile-pwd Q"Mt#9Cf"D~,I\bZ
webseald.conf dCD~P+\kT>*D>#
":!{zk*9CDX(\kN}D"M#g{,18(K\kMf
"D~,r+9CC\k5#
WebSEAL bT$i:
201,WebSEAL +a)G2+DT)bT$i#w*~qwK$iD
bT$iJm WebSEAL T SSL M'zmwT:m]#
*|CXXFKbT$iD9C,4+$i20*1!$i#xG9C
webseal-cert-keyfile-label N}+$i8(*n/D~qwK$i,"
2GZ\?D~}]bP8(*01!51DyPd|$i#
webseal-cert-keyfile-label = WebSEAL
38 f> 3.8
![Page 59: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/59.jpg)
d;KbT$iJm WebSEAL TtC SSL D/@wkswvl&,+
;\I/@w(;|,J1Dy CA $i)i$$i#IZ?N
WebSEAL V"P<|,K1!$iD(C\?,K$i;a)f}D2
+(E#
Xk9C iKeyman 5CLr4zII;"MAO$PD(CA) D$i
ks#9C iKeyman 20"*5XD~qw$iSj)#
g{Td|=8(}g –K *a)9C;,D$i,rIT9C
iKeyman 5CLr4("20$i"*b)$iSj)#C\?D~j
);\|,Uq#
WebSEAL(1!ivBT user ivmgr KP)XkTb)\?}]bD
~_PA(r)mI(#
kND Z2173D:9C iKeyman \m$i;#
Z? Policy Director ~qw SSL (E:
webseald.conf dCD~D [ssl] Z|,Dv=SN},CZdC
WebSEAL CZkd| Policy Director ~qwxPZ? SSL (Ey9C
D\?D~#v&1(} pdconfig dCE>^Db)N}#
[ssl]ssl-keyfile =ssl-keyfile-pwd =ssl-keyfile-stash =ssl-keyfile-label =
9C iKeyman $i\m5CLriKeyman 5CLrG GSKit a)D$_,IC4\m WebSEAL 9C
D}V$i#+ iKeyman CZ:
¶ 4(;vr`v\?}]b
¶ |D\?}]b\k
¶ 4(B WebSEAL $i
¶ hCB1! WebSEAL $i
¶ 4(CZbTDT)$i
39Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 60: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/60.jpg)
¶ ksMSU CA y$i
¶ r}]bmS$irS}]b>}$i
¶ +$iS;v}]b4F=m;v}]b
XZ9C iKeyman 4Pb)|nDj88>E",kNDZ2173D
:9C iKeyman \m$i;#
dC CRL li$i7zPm(CRL)G;V@9^C$iDi$D=(# CRL |,;
O*;IED$iDj6#WebSEAL 9CD SSL D GSKit 5V'V
CRL li# GSKit Jm WebSEAL TM'zK$iM4T SSL *a
D$i4P CRL li#
WebSEAL Xk*@CPmD;C,Tc4P CRL li#LDAP ~qw
;CDN}(IZ$iO$ZdN<KN}CZ CRL li)IZ
webseald.conf dCD~D [ssl] ZPR=:
[ssl]#ssl-ldap-server = <server-name>#ssl-ldap-server-port = <port-id>#ssl-ldap-user = <webseal-admin-name>#ssl-ldap-user-password = <admin-password>
1!ivB,CRL liG{CD(N};"Mt)#*Z$iO$Zdt
C CRL li,k!{?vN}D"b"dkJ1D5#
ssl-ldap-user DU5m> SSL O$zF&w*d{C's(= LDAP
~qw#
dC1!#$6p
(}dC#$6p(QOP)ITXF(} SSL(HTTPS)CJ WebSEAL
yhD1!S\6p#I9C webseald.conf dCD~D0SSL
QUALITY OF PROTECTION MANAGEMENT1?VPDN}XF1!
#$6p\m:
¶ 9C ssl-qop-mgmt N}tCM{C QOP \m
¶ Z [ssl-qop-mgmt-default] ZP8(JmDS\6p
40 f> 3.8
![Page 61: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/61.jpg)
1. tC#$6p\m:
[ssl-qop]ssl-qop-mgmt = yes
2. 8( HTTPS CJD1!S\6p:
[ssl-qop-mgmt-default]# default = ALL | NONE | <cipher-level># ALL (enables all ciphers)# NONE (disables all ciphers and uses an MD5 MAC check sum)# DES-40# DES-56# DES-168# RC2-40# RC2-128# RC4-40# RC4-128default = ALL
":z2IT8(!(DS\==i:
[ssl-qop-mgmt-default]default = RC4-128default = RC2-128default = DES-168
*%@wzMxgdC QOPssl-qop-mgmt = yes N}2ItCvVZ [ssl-qop-mgmt-hosts] M
[ssl-qop-mgmt-networks] ZPDyPhC#b)ZJm(}X(wz
/xg/xgZk IP X7xxPD#$6p\m#
[ssl-qop-mgmt-default] ZPvKCZk [ssl-qop-mgmt-hosts] M
[ssl-qop-mgmt-networks] ZPDX7;%dDyP IP X7DS\=
=#
wzDdCo(>}:
[ssl-qop-mgmt-hosts]# <host-ip> = ALL | NONE | <cipher-level># ALL (enables all ciphers)# NONE (disables all ciphers and uses an MD5 MAC check sum)# DES-40# DES-56# DES-168# RC2-40# RC2-128
41Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 62: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/62.jpg)
# RC4-40# RC4-128xxx.xxx.xxx.xxx = ALLyyy.yyy.yyy.yyy = RC2-128
xg/xgZkDdCo(>}:
[ssl-qop-mgmt-networks]# <network/netmask> = ALL | NONE | <cipher-level># ALL (enables all ciphers)# NONE (disables all ciphers and uses an MD5 MAC check sum)# DES-40# DES-56# DES-168# RC2-40# RC2-128# RC4-40# RC4-128xxx.xxx.xxx.xxx/255.255.255.0 = RC4-128yyy.yyy.yyy.yyy/255.255.0.0 = DES-56
a) [ssl-qop-mgmt-hosts] M [ssl-qop-mgmt-networks] ZvCZ
rsf]T#;Fv9C|GCZ Policy Director 3.8 dC#
dCZ(}]b|BMV/\m~qwCZ\mwZ(_T}]b,"R,$XZ2+rPd|
Policy Director ~qwD;CE"#Policy Director \m1IZNN1r
T2+rw2+T_T|D#^[N15V2+T_T|D1,\m~
qw<+TwZ(}]bwvX*Dw{#
1\m~qwTwZ(}]bw|D1,|I"vC|DD(*x2+
rP'V%@_T5)Lr(g WebSEAL)DyP1>}]b#;s_
T5)LrXkSwZ(}]bks5J}]b|B#
w*J4\mwM_T5)LrD WebSEAL _P}v!n,CZq!
XZZ(}]b|DDE":
¶ l}4T\m~qw|B(*(IdC"Z1!ivBtC)#
¶ T;(D1ddtli(V/)wZ(}]b(IdC"Z1!i
vB{C)#
¶ ,1tCl}MV/#
42 f> 3.8
![Page 63: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/63.jpg)
webseald.conf dCD~D [aznapi-configuration] Z|,CZdC|
B(*l}M}]bV/DN}#
A WebSEAL D>X1>Z(_T}]bD76I db-file N}(e:
[aznapi-configuration]db-file = /var/pdweb/db/webseald.db
dC|B(*l}listen-flags N}CZtCM{CI WebSEAL 4PD|B(*l}#1
!ivB,+tCl}#*{Cl},kdk0disable1#
[aznapi-configuration]listen-flags = enable
tcp-port N}CZdCl}wD TCP KZ:
[aznapi-configuration]tcp-port = 12056
udp-port N}CZdCl}wD TCP KZ:
[aznapi-configuration]udp-port = 0
dCZ(}]bV/ITdC W e b S E A L (ZV/wZ(}]bTq!|BE"#
cache-refresh-interval N}IThC*0default1"0disable1rTkhC
X(1ddt#0default1hCHZ 600 k#1!ivB{CV/#
[aznapi-configuration]cache-refresh-interval = disable
4F0K WebSEAL ~qw
":TBE"If;ZT0D Policy Director Df>P9CDT0D
pdadmin server modify baseurl |n#
Z_:X73P,4F0K WebSEAL ~qwGP{D,Ia)|CD
:X=bMJO*F\F0K WebSEAL ~qw1,?v~qw
Xk|, Web Ud"*a}]bM dynurl }]bD+71>#
43Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 64: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/64.jpg)
Policy Director DKf>'V4F0K WebSEAL ~qwDV$dC}
L#KNq;Y9C pdadmin |n#
TB>}P0WS11Gw WebSEAL ~qwDwz{#0WS21G1>
WebSEAL ~qwDwz{#
1. Z WS1 M WS2 ~qwO,120MdC WebSEAL#
2. Z WS2 O#9 WebSEAL#
3. Z WS2 O,+ webseald.conf dCD~PD server-name N}5
S0WS21|D*0WS11#
[server]server-name = WS1
4. Z WS2 OXBt/ WebSEAL#
WS2 ~qwVZ9CTs /WebSEAL/WS1 w*Z(@@Dy!#WS2 ~
qw2IT*$tZ /WebSEAL/WS1 BDTsl& object list M objectshow |n#
pdadmin 5CLrTa+ /WebSEAL/WS2 Tsw*TsUdD;?VP
v#KTsVZQ^be,IT}%|:
pdadmin> object delete /WebSEAL/WS2
u~:
¶ 3;DTsUd\m:d;%;TscNa9TZ\m1GI{
D,+yP4FD WebSEAL ~qw<*\=&CZCTscNa9
D\m|nD0l"RyP~qw<\l&b)|n#
¶ 3;DZ(@@:g{+~qw WS2 dC*~qw WS1 D1>,
r~qw WS2 +9C /WebSEAL/WS1 w*Z(@@Dy!#
¶ 3;DdC:*K90K WebSEAL 4F}75Vd&\,?(~q
wOD Web Ud"*a}]bM dynurl }]bdCXkG`,D#
44 f> 3.8
![Page 65: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/65.jpg)
dCj< HTTP G<
WebSEAL ,$}v#fD HTTP U>D~,|GG<n/x;G{":
¶ request.log
¶ agent.log
¶ referer.log
1!ivB,b)U>D~,$ZTB?<B:
UNIX:/var/pdweb/www/log/
Windows: C:\Program Files\Tivoli\PDWeb\www\log\
dCj< HTTP G<U>DN};Z >webseald.conf dCD~D
[logging] ZP#
Bm5wK HTTP U>D~MdCD~N}dDX5:
U>D~ ;CN} tC/{CN}(= yesr no)
request.log requests-file requests
referer.log referers-file referers
agent.log agents-file agents
}g,request.log D~D1!;Cu?gB:
UNIX:
requests-file = /var/pdweb/www/log/request.log
Windows:
requests-file = \Program Files\Tivoli\PDWeb\www\log\request.log
tCM{C HTTP G<U>
1!ivB,tCyPD HTTP G<U>:
45Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 66: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/66.jpg)
[logging]requests = yesreferers = yesagents = yes
I@"Zd|U>tCM{C?vU>#g{hCN}*0no1,r{
CCD~DG<#
8(1dAGD`MzIT!qx?vU>D~SO1dAG,1dICqV~Nj<1d
(GMT)fz>X1x4G<#1!ivB,9C>X1x:
[logging]gmt-time = no
*9C GMT 1dAG,hCgB:
gmt-time = yes
8(U>D~*fP5
max-size N}CZ8(?v HTTP U>D~ITv$Dnss!,|_
PTB1!5(TVZF):
[logging]max-size = 2000000
1U>D~=o8(D5 * 4y=D*fP5 * 10D~;8]=;
v,y{Fs=SP10UZM1dAGDD~P#;s+*<;vB
DU>D~#
;,DI\ max-size 5DbMgB:
¶ g{ max-size 5!Z 0(< 0),r+Z?NwCG<U>xLM
SC5}*<? 24 !1<4(BDU>D~#
¶ g{ max-size 5HZ 0(= 0),r;4P*fRU>D~^^v
$#g{U>D~Q-fZ,+=SOBD}]#
¶ g{ max-size 5sZ 0(> 0),r1U>D~o=dCDP51
+4P*f#g{t/1U>D~Q-fZ,+=SOBD}]#
46 f> 3.8
![Page 67: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/67.jpg)
8("BU>D~:exD5JU>D~G4k:e}]wD#g{G51`SU>D~,zI\k|
D~qw4PU>D~:ex"BD5J#
1!ivB,U>D~? 20 k"B;N:
[logging]flush-time = 20
g{8(K:5,+Z?N4kG<s4P"B#
dC request.log PG<DZ]$HW e b S E A L T/SsK*aD&CLr~qw}K2, H T M L
URL#webseald.conf dCD~PD [filter-url] Z(eK WebSEAL S
sK~qwl&}KD URL tT#kNDZ1533D:}K4T*a~
qwD2, HTML URL;#
1SsK*aD~qwksDZ]|,6kD URL 1,WebSEAL +(
}Z760mS*ac4}K URL V{.#Z]5X/@w1,M'z
ITI&X9C URL#
rx5XA/@wDnU3fZ]$HaT"sZS*aD~qw5X
WebSEAL D-<Z]$H#
Policy Director WebSEAL DKf>JmzdC request.log D~(g
{QtC)G<DZ]$H#IT+ webseald.conf dCD~D
[logging] ZPD log-filtered-pages N}hC*G<cVZs!r4}
KDVZs!#
*G<4}KDVZs!,k+N}hC*0yes1(1!5):
[logging]log-filtered-pages = yes
*G<cVZs!,k+N}hC*0no1:
[logging]log-filtered-pages = no
47Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 68: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/68.jpg)
HTTP +2U>q=(CZ request.log)Policy Director ~qw"MXD?vl&(I&r'\)<+9CgBD
HTTP +2U>q=G<Z request.log D~D;Pu?P:
host - authuser [date] request status bytes
dP:
host 8("vksDzwD IP X7#
authuser CVNqCQSUD HTTP ks From: 7D5#
0unauth15CZ4O$DC'#
date 8(ksDUZM1d#
request 8(4TM'zKDksDZ;P#
status 8("X="vksDzwD HTTP 4,k#
bytes 8("X="vksDzwDVZ}#K5 * 4}KD
Z]s!rcs! * 9C log-filtered-pages N}d
C#
T> request.log D~request.log G< HTTP ksDj<G<U>,}gXZksD URL D
E"MXZwvksDM'zDE"(}g IP X7)#
TB>}T>K request.log D~Dy>f>:
130.105.1.90 - - [26/Aug/2001:17:23:33 -0800]"GET /xsmith/private_html/ HTTP/1.0" 403 77
130.105.1.90 - - [26/Aug/2001:17:23:47 -0800]”GET /icons HTTP/1.0" 302 93
130.105.1.90 - - [26/Aug/2001:17:23:59 -0800]"GET /icons/ HTTP/1.0" 403 77
130.105.1.90 - - [26/Aug/2001:17:24:04 -0800]"GET /xsmith/private_html/ HTTP/1.0" 403 77
130.105.1.90 - - [26/Aug/2001:17:24:11 -0800]"GET /xsmith/ HTTP/1.0" 403 77
T> agent.log D~agent.log D~G< HTTP ksPD User_Agent: 7DZ]#CU>
T>?vksDM'/@wE",}ge5a9rf>E#
48 f> 3.8
![Page 69: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/69.jpg)
TB>}T>K agent.log D~Dy>f>:
Mozilla/4.01 [en] (WinNT; U)Mozilla/4.01 [en] (WinNT; U)Mozilla/4.01 [en] (WinNT; U)Mozilla/4.01 [en] (WinNT; U)
T> referer.logreferer.log G< HTTP ksD Referer: 7#TZ?vks,U>G
<K|,yksD5D4SDD5#
U>9CTBq=:
referer -> object
CE"TZzYb?=z Web UdD5D4S\PC#U>T>,I
referer 8(D4|,=3f object D4S#CU>JmzzY''4,
"iw-Z4(kzD5D4S#
TB>}T>K referer.log D~Dy>f>:
http://manuel/maybam/index.html -> /pics/tivoli_logo.gifhttp://manuel/maybam/pddl/index.html ->/pics/tivoli_logo.gifhttp://manuel/maybam/ -> /pddl/index.htmlhttp://manuel/maybam/ -> /pddl/index.htmlhttp://manuel/maybam/pddl/index.html ->/pics/tivoli_logo.gifhttp://manuel/maybam/ -> /pddl/index.html
49Tivoli SecureWay Policy Director WebSEAL \m8O
2.W
ebS
EA
L~
qw
dC
![Page 70: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/70.jpg)
50 f> 3.8
![Page 71: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/71.jpg)
WebSEAL 2+T_T
>B|,hvgNdCM(F WebSEAL 2+T_TDE"#
wbw}:
¶ :X(Z WebSEAL D ACL _T;
¶ Z533D:}N%wG<_T;
¶ Z543D:\k?H_T;
¶ Z583D:O$?H POP _T(]});
¶ Z633D:yZxgDO$ POP _T;
¶ Z663D:#$6p POP _T;
¶ Z673D:&m4O$DC'(HTTP/HTTPS);
X(Z WebSEAL D ACL _T
TB2+T"bBnJCZ\#$TsUdPD /WebSEAL ]w:
¶ WebSEAL TsGTsUdD WebSEAL xrP ACL LP4Dpc
¶ g{;&CNNd|T= ACL,KTs+((}LP)*{v Web
Ud(e2+T_T
¶ *CJKTs0CcTBDNNTs,Xk5PizmI(
XZ Policy Director ACL _TDj{E",kN<6Tivoli SecureWay
Policy Director Base \m8O7#
3
51Tivoli SecureWay Policy Director WebSEAL \m8O
3.W
ebS
EA
L2
+T
_T
![Page 72: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/72.jpg)
/WebSEAL/<host>KSw|,X( WebSEAL ~qwD Web Ud#TB2+T"bBn
JCZKTs:
¶ *CJKTs0CcTBDNNTs,Xk5PizmI(
¶ g{;&CNNd|T= ACL,KTs+((}LP)*CzwOD
{vTsUd(e2+T_T
/WebSEAL/<host>/<file>bG* HTTP CJliDJ4Ts#liDmI(!vZ}ZksDY
w#
WebSEAL ACL mI(BmhvKJCZTsUdP WebSEAL xrD ACL mI(:
Yw hv
r A! i4 Web Ts#
x 4P KP CGI Lr#
d >} S Web UdP}% Web Ts#
m ^D EC HTTP Ts#(Z WebSEAL TsUdPEC *
"< * HTTP Ts#)
l Pm \m~qwh*|4zI Web UdDT/?<Pm#
CmI(,1\mZ1!D “index.html” 3f;fZ1
M'zGq\i4?<Z]Pm#
g /I T WebSEAL ~qwZhEN,9C~qwd1*M'
z"+ks+]x*aD WebSEAL ~qw#
1! /WebSEAL ACL _TWebSEAL ACL default-webseal DKDu?|,:
i iv-admin Tcmdbsvarxli webseal-servers TgmdbsrxlC' sec_master TcmdbsvarxlNbd| Trx4O$ T
201,C1! ACL =SATsUdPD /WebSEAL ]wTs#
52 f> 3.8
![Page 73: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/73.jpg)
i webseal-servers |,2+rP?v WebSEAL ~qwDu?#1!
mI(Jm~qwl&/@wks#
izmI(Jmg Web Portal Manager y>DGy)9 Web Ud#P
mmI(Jm Web Portal Manager T> Web UdDZ]#
}N%wG<_T
}N%wG<_TICZyZ LDAP D Policy Director 20,9zIT
8('\G<"TDnsN}(n)MM#Tbx1d(x),}g,Z
“n” N'\DG<"Ts+KC'bx “x” k(r_{CKJE)#
}N%wG<_TCZh9Fcz\k%w#K_T4(K;vu~,
C'ZxP|`'\DG<"T0XkH};N1d#}g,_TIT
f(Z 3 N'\"Ts,h*H} 180 kDM#T1d#bVG<_T
`MITh9?kP`N"zFczfzzIDG<"T#
}N%wG<_Th*=v pdadmin policy |nhCD*O:
¶ '\G<"TDns}?
policy set max-login-failures
¶ ,}'\G<"ThCDM#
policy set disable-time-interval
M#hCIT|,J'bx1ddtr_J'Dj+{C#
}g,g{G<_ThCIZ}N'\"TsP;N8(DM#bx1
d,r1ZDN"T(}7r;}7)"zs,+vVms3f,C3
fywIZ\k_TD&C,KJ']1;IC#
1ddtCk8( * FvDn!1ddt* 60 k#
g{ disable-time-interval _T;hC*0disable1,C'+;bxZ
J'b,"RCC'D LDAP J'P'tT;hC*0q1#\m1(}
Web Portal Manager XBtCJ'#
":+ disable-time-interval hC*0disable1a<B=SD\m*z#
+J'P'E"4F= WebSEAL ~qw1,I[l=SY#bV
53Tivoli SecureWay Policy Director WebSEAL \m8O
3.W
ebS
EA
L2
+T
_T
![Page 74: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/74.jpg)
iv!vZ LDAP 73#|BJ'P'DYwI\a<B3)
LDAP 5VvVT\5M#IZb)-r,Fvz9C,11dd
t#
|no(TBD pdadmin |nvJZk LDAP "am;p9C#
|n hv
policy set max-login-failures {<number>|unset} [-user <username>]
policy get max-login-failures [-user <username>]
\m_T,C_TXFZ5)M#0'\G<"TDns
N}#K|n!vZ policy set disable-time-interval |
nPhCDM##
w*\m1,I+K_T&C=X(C'r_+VTX&
C=Z LDAP "amPPvDyPC'#
1!hC* 10 N"T#
policy set disable-time-interval {<number>|unset|disable} [-user<username>]
policy get disable-time-interval [-user <username>]
\mM#_T,C_TXF1o="TG<'\Dns5
1KJ'+{CD1d\Z#
w*\m1,I+KM#_T&C=X(C'r_+VT
X&C=Z LDAP "amPPvDyPC'#
1!hC* 180 k#
\k?H_T
\k?H_TICZyZ LDAP D Policy Director 20,G8I\k_
TfrSx\ka9D<(# Policy Director a)=VXF\k?H_
TD=(:
¶ ev pdadmin \k_T|n
¶ Jm(F\k_TDIekO$#i(PAM)#
54 f> 3.8
![Page 75: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/75.jpg)
kN<6Tivoli SecureWay Policy Director WebSEAL *"_N<s
+7#
I pdadmin 5CLrhCD\k?H_T(} pdadmin 5CLr5VDev\k?HtT|,:
¶ n!\k$H
¶ n!V8V{}
¶ n!GV8V{}
¶ nsX4V{}
¶ GqJmUq
9C pdadmin r Web Portal Manager 4(C',T09C pdadmin"
Web Portal Manager r pkmspasswd 5CLr|D\k1,+?F&
Cb)_T#
|no(TBD pdadmin |nvJZk LDAP "am;p9C#unset !n{
CK_TtT * 4;?F&C_T#
|n hv
policy set min-password-length {<number>|unset} [-user <username>]
policy get min-password-length [-user <username>]
\mXF\kn!$HD_T#
w*\m1,I+K_T&C=8(C',r_+VTX
&C=1!"amPPvDyPC'#
1!hC* 8#
policy set min-password-alphas {<number>|unset} [-user <username>]
policy get min-password-alphas [-user <username>]
\mXF\kPJmDV8V{n!}?D_T#
w*\m1,I+K_T&C=8(C',r_+VTX
&C=1!"amPPvDyPC'#
1!hC* 4#
55Tivoli SecureWay Policy Director WebSEAL \m8O
3.W
ebS
EA
L2
+T
_T
![Page 76: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/76.jpg)
|n hv
policy set min-password-non-alphas {<number>|unset} [-user<username>]
policy get min-password-non-alphas [-user <username>]
\mXF\kPJmDGV8(}V)V{n!}?D_
T#
w*\m1,I+K_T&C=8(C',r_+VTX
&C=1!"amPPvDyPC'#
1!hC* 1#
policy set max-password-repeated-chars {<number>|unset} [-user<username>]
policy get max-password-repeated-chars [-user <username>]
\mXF\kPJmDX4V{}ns5D_T#
w*\m1,I+K_T&C=8(C',r_+VTX
&C=1!"amPPvDyPC'#
1!hC* 2#
policy set password-spaces {yes|no|unset} [-user <username>]
policy get password-spaces [-user <username>]
\mXF\kGqI|,UqD_T#
w*\m1,I+K_T&C=8(C',r_+VTX
&C=1!"amPPvDyPC'#
1!hC* unset#
1!_TN}5
BmPvK_TN}0d1!5:
N} 1!5
min-password-length 8
min-password-alphas 4
min-password-non-alphas 1
max-password-repeated-chars 2
password-spaces 4hC
56 f> 3.8
![Page 77: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/77.jpg)
*4(Z Policy Director H0"PfPD\k_TYw,k+ unset !
n&CZOfPvDev\kPD?;v#
P'M^'D\k>}Bm5w;)\k>}M9Cbev pdadmin N}D1!5C=D_T
a{:
>} a{
password ^':XkAY|,;vGV8V{#
pass ^':XkAY|, 8 vV{#
passs1234 ^':|,=vTODX4V{#
12345678 ^':XkAY|, 4 vV8V{#
password3 P'#
X(C'M+VhC
(9C - user !n)I*X(C'hC pdadmin policy |n,(;
9C - user !n)I+VXhC pdadmin policy |n#NNX(Z
C'DhC<+2G_TD+VhC#2I{C(unset)3v_TN
},bb6ECN};|,NN5#;li";?F&CNNxP unset!nD_T#
}g:
pdadmin> policy set min-password-length 8
pdadmin> policy set min-password-length 4 -user matt
pdadmin> policy get min-password-length
n!\k$H:8
pdadmin> policy get min-password-length -user matt
n!\k$H:4
(C' matt _P 4 V{Dn!\k$H_T;yPd|C'_P 8 V
{Dn!\k$H_T#)
pdadmin> policy set min-password-length unset -user matt
(C' matt \^Z 8 V{D+Vn!\k$H_T#)
57Tivoli SecureWay Policy Director WebSEAL \m8O
3.W
ebS
EA
L2
+T
_T
![Page 78: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/78.jpg)
pdadmin> policy set min-password-length unset
(yPC',|(C' matt,VZ;Pn!\k$H_T#)
O$?H POP _T(]})
O$?H POP _T9yZd9CDO$=(TTsxPXFCJI*I
\#
IT9Cbn&\ * P1F*]}O$ * 47#CJ|tPJ4DC
'9C|?DO$zF#IZ|sDG(CJ~2,zI\h*bnu
~#
}g,I(}&C]} POP _T4r Web UdD*axra)|sD
2+T,C_T*sHC'nuxk WebSEAL r19CDO$P|?
6pDO$#
O$?H_TZ POP _TD0IP KcO$=(1tTPhC#
dC]}O$D6pdCX(ZO$DCJDZ;=GdCy'VDO$=("7(b)=
(D?HNr#
CJ WebSEAL ~qwDNNM'z<PO$6p,}g04O$1r
0\k1#b)6pm>M'zO;Nr WebSEAL O$yCD=(#
3)ivB,PX*TCJ3) Web UdTsyhDO$?F9CnM
02+16p#}g,Z3v73B,IjG(Pzk4PDO$;O
*HIC'{M\k4PDO$|2+#d|73I\P;,Dj<#
1M'z;zcO$yhD6p1,]}O$zFxhM'zZ~Nz
a9Cyh=((6p)XBO$,x;G?FM'zXBt/k
WebSEAL Da0#
]}O$b6E1C'"TCJ*sHG<6p0|_1O$6pDJ
41,;a"LT>0\x1{"#`4X,+T>BDO$a>,*
s'V|_O$6pDE"#g{\;a)C6pDO$,-4Dks
+;Jm#
58 f> 3.8
![Page 79: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/79.jpg)
Z]}O$zFP,WebSEAL 6p9CD 3 VO$=((6p):
¶ 4O$
¶ \k
¶ jG(
Z webseald.conf dCD~D [authentication-levels] ZPdCO$6
p#nu;dC=v6p:
[authentication-levels]level = unauthenticatedlevel = password
yZPmPD=(3r,*?V=(8(;v6pw},6'S 0 = 2#
¶ 04O$1=(Xk<UGPmPDZ;v,rK;Vd6pw}
0#
¶ sL=(I4NN3rEC#
kNDZ623D:]}O$"bBnM^F;#
¶ 1!ivB,0\k1GB;v6p * ;Vd6pw} 1#
¶ XkAYP=vu?4tC]}O$#
":XZhCyhO$zFDj8E",kNDZ693D:WebSEAL O
$;#
tC]}O$
]}O$(}SZTsOD POP _T45V,b)Ts*sTO$tP
DZ(#IT9C POP _TD0IP KcO$=(1tT#
pdadmin pop modify set ipauth |nZ0IP KcO$=(1tTP
8(JmDxgMXhDO$6p#
ydCDO$6pIk IP X76'`4S#C=(bZa)\min
T#g{C IP X7}KC'";X*,IT* anyothernw(NNd|
xg)hC%vu?#ChC+0lyPCJDC'(;\ IP X7*
N),"*s|GZ8(D6pO$#bG5V]}O$DnUi=
(#
59Tivoli SecureWay Policy Director WebSEAL \m8O
3.W
ebS
EA
L2
+T
_T
![Page 80: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/80.jpg)
o(:
pdadmin> pop modify <pop-name> set ipauth anyothernw <level-index>
anyothernw u?;Cwxg6',|%dZ POP P;P8(DyPx
g#C=(;C44(1!u?,|IT\xyP;%dD IP X7rJ
mzcO$6p*sDyPKCJ#
1!ivB,anyothernw TO$6pw} 0 T>Z POP P#Cu?
Z pop show |nPT>*0NNd|xg1:
pdadmin> pop show test\#$Ts_T: testhv: Test POP/f: nosF6p: none#$6p: none?UDCJ1d:sun, mon, tue, wed, thu, fri, sat:
anytime:localIP KcO$=(_T
NNd|xg 0
>}
1. Z webseald.conf PdCO$6p:
[authentication-levels]level = unauthenticatedlevel = token-card
2. dC0IP KcO$=(1POP tT:
pdadmin> pop modify test set ipauth anyothernw 1
pdadmin> pop show test\#$Ts_T: testhv: Test POP/f: nosF6p: none#$6p: none?UDCJ1d:mon, wed, fri:anytime:localIP KcO$=(_T
NNd|xg 1
TZu<T04O$1(6p 0)CJDyPC',C_T*s]}
=jG(O$=((6p 1)#+TyPCJ POP _T#$TsD4
O$C'T>a>,*sdkC'{MjG(Pzk#
60 f> 3.8
![Page 81: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/81.jpg)
m{Z633D:yZxgDO$ POP _T;#
]}G<m%yksJ4D]} POP _T?FM'zXBO$1,WebSEAL +T>
Xbm%#C HTML m%D;CI webseald.conf dCD~ [acnt-mgt]ZPD stepup-login N}48(#
[acnt-mgt]stepup-login = stepuplogin.html
zITdCC HTML m%4zczD*s,d==kdC login.html r
tokenlogin.html m%D==`,#
CD~|,q=* %TEXT% rPDj,|G+;J1D5!z#Kfz
Z WebSEAL D#eD~&m/}Z?xP,"JmCm%CZq=}
7D\kMjGO$=(#JmZm%P*C'a)d|E",}gm
s{"M=({F(+]})#
< 11. C'{M\k]}DG<m%
61Tivoli SecureWay Policy Director WebSEAL \m8O
3.W
ebS
EA
L2
+T
_T
![Page 82: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/82.jpg)
]}O$c(WebSEAL 9CTBc(&m POP PDu~:
1. li POP OD IP KcO$=(_T#
2. li ACL mI(#
3. li POP OD?U1d_T#
4. li POP ODsF6p_T#
]}O$"bBnM^F
1. ]}O$Z HTTP M HTTPS O<\'V#
2. ;\S HTTP -i]}= HTTPS#
3. 4O$(#XkG6pPmPDZ;v=(,;\vVZPmDd
|X=#
4. =(;\Z6pPmP8(;N#
5. $iO$;G]}O$D'V=(#
< 12. SecurID jG(Pzk]}DG<m%
62 f> 3.8
![Page 83: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/83.jpg)
":]}O$5JO+M'zK$iw*;VXbiv&m#g{
M'z9CM'zKD$iCJ WebSEAL,R WebSEAL dC
*S\$i,rM'zw*4O$DM'zT}(6pw}*
0)#
S=(: I]}A:
4O$ \kjG(
\k jG(
jG( \k
6. O$6pIO$=(m>,bb6E;I\*C6pDO$8(+
7DO$zF#
O$=(ITI`VO$zF'V,|(>XO$LrM(FDb
?O$Lr#
dCK,;O$=(`MD`v5}1,WebSEAL q-X(Dfr
T7(!qDvO$Lr#
7. g{P 3 vQdCD6p,P'w}5*:0"1"2#g{dCKd
|w}5,Zks=SKC POP DTs1+T>vm3f#
8. webseald.conf dCD~P]}O$6pDmsdC+<B WebSEAL
P{C]}&\#KivI\<BbbDO$P*,}g*\ POP #
$DTszI\kG<3f,x POP *sjG(PzkO$=(#
dC]}O$6ps,kZ webseald.log D~PliNNdCms
(f#
yZxgDO$ POP _T
yZxgDO$ POP _T9yZC' IP X7TTsDXFCJI*I
\#IT9CC&\4@98(D IP X7(r IP X76')CJ2+
rPDNNJ4#
2ITTK_T&CO$dC,"*s?v8(D IP X76'DXbO
$=(#
yZxgDO$_TZ POP _TD0IP KcO$=(1tTPhC#X
kZCtTP8(=vX*u~:
63Tivoli SecureWay Policy Director WebSEAL \m8O
3.W
ebS
EA
L2
+T
_T
![Page 84: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/84.jpg)
¶ O$6p
¶ JmDxg
dCO$6pZ]}O$zFP,WebSEAL 6p9CD 3 VO$=(:
¶ 4O$
¶ \k
¶ jG(
yZPmPD=(3r,*?V=(8(;v6pw},6'S 0 = 2#
Z webseald.conf dCD~D [authentication-levels] ZPdCO$6
p#nu;dC=v6p:
[authentication-levels]level = unauthenticatedlevel = password
ZdCyZxgDO$1IT9C1!hC#ZbVivB,04O
$1*6p 0,0\k1*6p 1#
m{Z583D:dC]}O$D6p;#
8( IP X7M6'VZXk8(C POP _TJmD IP X7M IP X76'#
pdadmin pop modify set ipauth add |nZ0IP KcO$=(1t
TP8(xg(rxg6')MXhDO$6p#
o(:
pdadmin> pop modify <pop-name> set ipauth add <network> <netmask> <level-index>
ydCDO$6pIk IP X76'`4S#C=(bZa)inT#g
{C IP X7}KC'";X*,IT* anyothernw(NNd|xg)
hC%vu?#ChC+0lyPCJDC'(;\ IP X7*N),"
*s|GZ8(D6pO$#
64 f> 3.8
![Page 85: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/85.jpg)
o(:
pdadmin> pop modify <pop-name> set ipauth anyothernw <level-index>
`4X,g{#{vTO$6p,;kyZ IP X7Jmr\xCJ,I
TTJmxkD6'9C6p 0 xT\xD6'9C0forbidden1#
anyothernw u?Cwk4Z POP P8(DyPxg%dDxg6'#
C=(;C44(1!u?,|IT\xyP;%dD IP X7rJmz
cO$6p*sDyPKCJ#
1!ivB,anyothernw TO$6pw} 0 T>Z POP P#Cu?
Z pop show |nPT>*0NNd|xg1:
pdadmin> pop show test\#$Ts_T: testhv: Test POP/f: nosF6p: none#$6p: none?UDCJ1d:sun, mon, tue, wed, thu, fri, sat:
anytime:localIP KcO$=(_T
NNd|xg 0
*qCPXhCO$6pDj8V[,kN<Z583D:dC]}O$
D6p;#
>}
*s IP X76'* 9.0.0.0 MxZk* 255.0.0.0 DC'9C6p 1 O
$(1!ivB*0\k1):
pdadmin> pop modify test set ipauth add 9.0.0.0 255.0.0.0 1
*sX(C'9C6p 0 O$:
pdadmin> pop modify test set ipauth add 9.1.2.3 255.255.255.255 0
@9yPC'(}KZO}P8(DG)C')CJTs:
pdadmin> pop modify test set ipauth anyothernw forbidden
65Tivoli SecureWay Policy Director WebSEAL \m8O
3.W
ebS
EA
L2
+T
_T
![Page 86: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/86.jpg)
y] IP X7{C]}O$
o(:
pdadmin> pop modify <pop-name> set ipauth remove <network> <netmask>
}g:
pdadmin> pop modify test set ipauth remove 9.0.0.0 255.0.0.0
yZxgDO$c(WebSEAL 9CTBc(&m POP PDu~:
1. li POP OD IP KcO$=(_T#
2. li ACL mI(#
3. li POP OD?U1d_T#
4. li POP ODsF6p_T#
yZxgO$"bBnM^F
WebSEAl CZ4PyZxgDO$_Ty9CD IP X7&C* TCP ,
S"E=D IP X7#g{xgXKa99C HTTP zm,r WebSEAL
T>DX7I\*zm~qwD IP X7#
ZbVivB,WebSEAL ^(w7j6f}DM'z IP X7#ZhC
yZxgDO$_T1Xk!D,C_TJmxgM'z1Sk
WebSEAL ~qw,S#
#$6p POP _T
#$6p POP tTJm8(TTs4PYw1yhD}]#$6p#
10,CtT;JCZ WebSEAL 73#
#$6p POP tTzfK0P1M0I1ACL mI(;,b=vmI(;
Z Policy Director T0Df>P$n#\TMj{T*s#CID#$
6p5V=(;\a)dV#$,"a0l53T\#
66 f> 3.8
![Page 87: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/87.jpg)
#$6p POP tTJm%vBq,dPT ACL P(D0G1l&2|
,XhD#$6p#g{J4\mw(}g WebSEAL);\#$XhD
#$6p,+\xCks#
pdadmin> pop modify <pop-name> set qop {none|integrity|privacy}
QOP 6p hv
#\T *s}]S\(SSL)#
j{T 9C3vzFT7#}];P;|D#
}g:
pdadmin> pop modify test set qop privacy
&m4O$DC'(HTTP/HTTPS)
WebSEAL S\QO$M4O$DC'(} HTTP M HTTPS avDk
s#;s WebSEAL @?Z(~q,(}Jmr\xT\#$J4DC
J4?F&C2+T_T#
TBu~&CZ(} SSL CJD4O$C':
¶ 4O$C'M WebSEAL .dDE";;GS\D * g,kQO$
C';;E"#
¶ 4O$C'M WebSEAL .dD SSL ,S;*s~qwKO$#
&m4Td{M'zDks
1. d{M'z((} HTTP r HTTP)avksA WebSEAL#
2. WebSEAL *KM'z4(4O$D>$#
3. xPC>$DksLx"M=\#$D Web Ts#
4. Z(~qliKTsZ4O$D ACL u?ODmI(,"Jmr\
xksDYw#
5. TKTsDI&CJ!vTBu~:4O$D ACL u?AY|,A
!(r)Miz(T)mI(#
6. g{ks4(}Z(P(,C'+SU=;EG<m%(BA ryZ
m%)#
67Tivoli SecureWay Policy Director WebSEAL \m8O
3.W
ebS
EA
L2
+T
_T
![Page 88: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/88.jpg)
?FC'G<(}T#$ksTsD ACL _TPD4O$u?}7hCJ1DmI
(,I?F4O$C'G<#
A!(r)Miz(T)mI(JmTTsxP4O$DCJ#
*?F4O$C'DG<,kS#$TsD ACL _TPD4O$u?O
}%A!(r)mI(#C'+SU=G<a>(BA ryZm%)#
4O$ HTTPS D&CPm`5JDLq-r,h*'V(} HTTPS T WebSEAL D4O$
CJ:
¶ P)&C;h*vKG<,+h*3)tPE",gX7MEC(
E#d>}|(Z_:rIz1Md|L7#
¶ P)&C*szZxPx;=;W.0*C5q"aJ'#YN,
tPE"(}xgxP+]#
9C ACL/POP _TXF4O$C'
":0+O$1u?`Mk0Nbd|1u?`MH[#
1. *Jm4O$C'CJ+2Ts,kCAY|,4O$DM+O$
u?DA!(r)Miz(T)mI(D ACL 4#$+CZ]:
4O$ Tr+O$ Tr
":17(mI(1,4O$u?G;vTU+O$u?DZk
(p;0k1Yw)#;P14O$mI(,1vVZ+O$u
?P1,EITZ(4O$DmI(#IZ4O$!vZ+O
$,|,4O$x;P+O$M;PbeK#g{ ACL 75|
,4O$x;P+O$,1!l&G;r4O$ZhmI(#
2. *qCS\(SSL),k9C\#$Ts_T(Protected Object
Policy,POP)#$Z],C_T+#\T8(*;vu~#
kNDZ663D:#$6p POP _T;#
68 f> 3.8
![Page 89: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/89.jpg)
WebSEAL O$
>BV[K WebSEAL gN,$a04,T0&mO$}L#O$I&
s+zI;vzmC'D Policy Director m]#WebSEAL 9CKm]
*CC'q!>$#Z(~q9Cb)>$Jmr\xCJ\#$J
4#
wbw}:
¶ Z703D:KbO$}L;
¶ Z733D:\ma04,;
¶ Z833D:O$dCEv;
¶ Z873D:dCy>O$;
¶ Z893D:dCm%O$;
¶ Z913D:dCM'zK$iO$;
¶ Z953D:dC HTTP 7O$;
¶ Z973D:dC IP X7O$;
¶ Z973D:dCjGO$;
¶ Z983D:'V`74C/Pzm;
4
69Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 90: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/90.jpg)
KbO$}LO$GT}Z"TG<=2+rD%vxLr5exPj6D=(#
¶ Z1!ivB WebSEAL 'V`VO$=(,IT(F WebSEAL 9
Cd|=(#
¶ T WebSEAL O$I&Da{MGzI Policy Director C'"am
m]#
¶ WebSEAL 9CKm]q!CC'D>$#
¶ Z(~qZTXF?vTsD_TD ACL mI(M POP u~xP
@@s,9CK>$Jmr\xCJ\#$Ts#
":ACL = CJXFPm_T POP = \#$Ts_T
O$Zd,WebSEAL +liTZTBE"DM'zks:
¶ a0}]
a0}]Gj6M'zM WebSEAL ~qw.dDX(,SDE"#
a0}]f"ZM'zORifCM'zDsLks#|CZXB
j6A WebSEAL ~qwDM'za0,\bK*?vks("Ba
0yCD*z#
¶ O$}]
O$}]G4TM'zDE",Ir WebSEAL ~qwj6CM'
z#O$}]`M|,M'zK$i"\kMjGzk#
Z WebSEAL SU=M'zkss,WebSEAL \GWHiRa0}],
;siRO$}]#u<M'zksv;a|,a0}]#
\'VDa0}]`MWebSEAL 'VTBa0}]`M:
1. SSL j6(I SSL -i(e)
2. X(Z~qwDa0 cookie
3. BA 7}]
4. HTTP 7}]
70 f> 3.8
![Page 91: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/91.jpg)
5. IP X7
1 WebSEAL liM'zks1,|+TKPmP8(D3rQwa0
}]#
\'VDO$=(d; WebSEAL @"ZO$}LKw,+ WebSEAL 9C>$`S2+
rPNkDyPC'#*q!>$q!yhDm]E",WebSEAL @5
ZSO$}LqCDa{#
WebSEAL 'VTBO$=(CZ>$q!:
O$=( \'VD,S`M
1. JO*F cookie HTTP M HTTPS
2. CDSSO j6jG HTTP M HTTPS
3. M'zK$i HTTPS
4. jG(Pzk HTTP M HTTPS
5. m%O$(C'{M\k) HTTP M HTTPS
6. y>O$(C'{M\k) HTTP M HTTPS
7. HTTP 7 HTTP M HTTPS
8. IP X7 HTTP M HTTPS
1 WebSEAL liM'zks1,|+TKmP8(D3rQwO$}
]#
TZ HTTP M HTTPS +M<IT%@tCM{CO$=(#g{;P
*Xb+MtCO$=(,rTZ9CC+MDM'z,O$}LGG
n/D#
j8dCE"N<
¶ Z733D:\ma04,;
¶ Z833D:O$dCEv;
¶ Z873D:dCy>O$;
¶ Z893D:dCm%O$;
¶ Z913D:dCM'zK$iO$;
71Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 92: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/92.jpg)
¶ Z953D:dC HTTP 7O$;
¶ Z973D:dC IP X7O$;
¶ Z973D:dCjGO$;
¶ Z983D:'V`74C/Pzm;
¶ CDAS O$
kN<6Tivoli SecureWay Policy Director WebSEAL *"_N<s+7
72 f> 3.8
![Page 93: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/93.jpg)
\ma04,
ZM'zk~qw.dxP2+,Sra0*s~qw\;Gd * (}
s?ks * a0DTs#~qwXk_P3VN=Da04,E",C
E"j6Kk?vksX*DM'z#
g{M'zM~qw.d^Q("Da04,,rM'zM~qw.d
D(EXkT?NsLksxPXB-L#{Ca04,E"I(}{
}X4XUMXBr*M'z/~qw,S4DFT\#M'zIT;
NTG<"xPs?ks,x^hT?vksVp4PG<#
WebSEAL I&m HTTP M HTTPS (E#HTTP G0^4,1-i,
|";a)NNxpksD==#m;=f,SSL +M-iGXphF
D,|a)a0j6T,$a04,E"#IT(} SSL b0 HTTP (
E,9.I* HTTPS#
;x,WebSEAL Xk-#&m4T4O$M'zD HTTP (E#P1
9avV SSL a0j6;GJ1Dbv=8Div#rx,+
WebSEAL hF*9CNbTBE"`MT,$kM'zDa04,:
1. SSL j6
2. X(Z~qwDa0 cookie
3. BA 7}]
4. HTTP 7}]
5. IP X7
GSKit M WebSEAL a0_Y:fa0_Y:fJm~qwf"4T`vM'zDa0j6E"#P=v
a0_Y:fI) HTTPS M HTTP a04,E"9C#
¶ WebSEAL >$_Y:f
WebSEAL >$_Y:fIf"yP`MDa0j6E"(kNDO
vPm)M*?vM'zq!D>$E"#
+>$E"xP_Y:fI{}Z(liZdTC'"am}]b
DX4i/#
¶ GSKit SSL a0j6_Y:f
73Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 94: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/94.jpg)
SSL a0j6E"CZ,$a04,1,GSKit a0_Y:f&m
HTTPS(SSL)(E#
GSKit _Y:f9I,$ WebSEAL M LDAP C'"am.dD
SSL ,SDa04,E"#
TZ?vJmzw{dT\D_Y:f,<P8vdCN}IC#B<
P\aKb)N}:
dC WebSEAL >$_Y:fTZ WebSEAL a0/>$_Y:f,TBdCNqIC:
¶ hCns"Pu?5
¶ hC_Y:fu?,15
¶ hC_Y:fu?Gn/,15
hCns"Pu?5
max-entires N};Z webseald.conf dCD~D [session] ZP,KN
}CZhC WebSEAL a0/>$_Y:fPDns"Pu?}#
< 13. a0_Y:fdCN}
74 f> 3.8
![Page 95: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/95.jpg)
K5k"PG<a0}`X#1_Y:fs!o=K51,r+y]|
ZnY9Cc(S_Y:f}%u?TJmBxkDG<#
1!D"PG<a0}G 4096:
[session]max-entries = 4096
hC_Y:fu?,15
timeout N};Z webseald.conf dCD~D [session] ZP,KN}
CZhC WebSEAL a0/>$_Y:fPDnsP'Z,1#
WebSEAL ZZ?T>$E"xP_Y:f#a0_Y:f,1N}f(
K WebSEAL ODZfI#tZ(>$E"D1d$H#
CN}";GGn/,1#C53d*0>$P'Z1x;G3d*
0>$,11#|D?DGZo=8(D,1^F1,(}?FC'x
PXBO$4a_2+T#
1!G<a0,1(Tk*%;)* 3600:
[session]timeout = 3600
hC_Y:fu?Gn/,15
inactive-timeout N};Z webseald.conf dCD~D [session] ZP,
KN}CZhCG<a0Gn/D,15#
1!G<a0Gn/,15(Tk*%;)* 600:
[session]inactive-timeout = 600
*{CK,1&\,k+N}5hC*001#
dC GSKit SSL a0j6_Y:fTZ GSKit SSL a0j6_Y:f,TBdCNqIC:
¶ hC_Y:fu?,15
¶ hCns"Pu?5
75Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 96: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/96.jpg)
hC_Y:fu?,15
CZhC GSKit SSL a0j6_Y:fPu?DnsP'Z,1DN}
;Z webseald.conf dCD~PD [ssl] ZP#P=vN}:;vCZ
SSL V2 ,S(ssl-v2-t imeout),m;vCZ SSL V3 ,S
(ssl-v3-timeout)#
1! SSL V2 a0,1(Tk*%;)G 100(I\D6'G 1 =
100):
[ssl]ssl-v2-timeout = 100
1! SSL V3 a0,1(Tk*%;)G 7200(I\D6'G 1 =
86400):
[ssl]ssl-v3-timeout = 7200
hCns"Pu?5
ssl-max-entries N};Z webseald.conf dCD~D [ssl] ZP,K
N}CZhC GSKit SSL a0j6_Y:fPDns"Pu?}#
K5k"PG<a0}`X#1_Y:fs!o=K51,r+y]|
ZnY9Cc(S_Y:f}%u?TJmBxkDG<#
1!D"PG<a0}G 4096:
[ssl]ssl-max-entries = 4096
Ca0 cookie ,$4,,$M'zk~qw.da04,D;V=(G9C cookie #tKa0
E"#~qw+XbM'zD4,E"r|Z cookie P,"+d"M=
M'zD/@w#TZ?vBks,/@w<(}+ cookie(xPa0E
")"X=~qw4XBj6|T:#
a0 cookie *M'z9CZ+L1dsXB-Ld SSL a0D/@w
iv,a)KI\bv=8#}g,3)f>D Microsoft Internet
Explorer /@w?=VSr}VSXB-L SSL a0#
76 f> 3.8
![Page 97: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/97.jpg)
a0 cookie ;+M'zXBO$ACM'zH0QZ+L1dZ(s<
10 VS)O$AD%v"(;D~qw#CzFT0~qw cookie1*
y!,}zIC cookie Dzwb,;\+|+]=NNd|zw#
mb,a0 cookie ;|,fz5j6,Cj6CZw}=~qwDa0
_Y:fP#a0 cookie ;a)6d|E"#a0 cookie ;a#02
+T_T#
Kba0 CookiesWebSEAL 9CX(Z~qwD2+a0 cookie#TBu~JCZb;
cookie zF:
¶ Cookie ;|,a0E";|;|,m]E"
¶ Cookie ;$tZ/@wZfP(";+|4=ELOD/@w cookie
jar P)
¶ Cookie _PP^DP'Z(IdC)
¶ Cookie _P76MrN},b)N}{9d|~qw9C
tCM{Ca0j6 cookiessl-id-sessions N};Z webseald.conf dCD~D [session] ZP,
KN}CZtCM{Ca0 cookie#KN}IXF SSL a0j6GqC
Z*M'z(} HTTPS CJ,$G<a0#g{N}hC*0no1,r
a0 cookie ICZs?VO$=(#
[session]ssl-id-sessions = no
KN}D0no1 dChCa9(} HTTPS DM'zCJvVTBiv:
1. SSL a0j6@6;Cwa0j6}]#
2. Cookies +CZ,$kM'zO$Da0,CO$9CJO*F
cookie"CDSSO ID jG"m%C'{M\k"jG(PzkMM'
zK$i#
3. v1 use-same-session = yes(kNDBZ)1,cookie ECZy>
O$M'z#qr BA 7+CZa0j6}]#
4. HTTP 7Cw9C HTTP 7xPM'zO$Da0j6}]
77Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 98: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/98.jpg)
5. IP X7Cw9C IP X7xPM'zO$Da0j6}]
9C cookie ,$a04,1,cookie v"MA/@w;N(zfZI&
G<s)#;x,;)/@wa?F^FIT""f"DZfPD cookie
}#Z;)73P,&CLrI+?vrDs?ZfPD cookie EC=
M'z53O#ZKivB,NbQdCD WebSEAL a0rJO*F
cookie ITr%XIm;v cookie f;#
dC WebSEAL 9Ca0 cookie(I\GJO*F cookie)1,ITZ
w e b s e a l d . c o n f dCD~PD [ s e s s i o n ] ZPhC
resend-webseal-cookies N},TcZZ?Nl&19 WebSEAL +
a0 cookie MJO*F cookie "MA/@w#KYwPzZ7#a0
cookie MJO*F cookie #tZ/@wZfP#
resend-webseal-cookies N}D1!hC*0no1:
[session]resend-webseal-cookies = no
+1!hC|D*0yes1IZ?Nl&1"M WebSEAL a0 cookie M
JO*F cookie#
tCM{C`,Da0
1M'z(};V+M`M(}g HTTP)G<"O*,S"(}m;V
+M`M(}g HTTPS)XBG<1,ITdC WebSEAL 9C`,D
a0j6}]#
use-same-session N};Z webseald.conf dCD~D [session] Z
P,KN}CZtCM{CT`,a0j6}]D6p#1!ivB,
KN}hC*0no1:
[session]use-same-session = no
9CKN}D0yes1 dChCavVTBiv:
1. a0 cookie CZj6TBM'z`M,CZ(}m;V+M==xP
sLG<:
a. JO*F cookies
78 f> 3.8
![Page 99: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/99.jpg)
b. M'zK$i
c. CDSSO j6jG
d. jG(Pzk
e. m%C'{M\k
f. y>O$
2. TZ9C HTTP 7DM'zCJ9C HTTP 7#
3. TZ9C IP X7DM'zCJ,9C IP X7#
4. +vT ssl-id-sessions dC;|<BDP*k+ ssl-id-sessionshC*0no1x<BDP*`,#
r* HTTP M'z;I+ SSL a0j6Cwa0}],yTK_-
G\X*D#
5. r*T HTTP M HTTPS M'z,cookie <IC,yT;+b)
cookie j>*2+ cookie#
7(P'Da0j6}]`MCZ9CXbO$=(DM'zCJDa0}]`MITBdCN}D
X(iO7(:
¶ tCr{Ca0 cookie(ssl-id-sessions)
¶ 1M'zZ HTTP M HTTPS .dP;1,tCr{C9C`,a
0}]D\&(use-same-session)
Bm\aKiO ssl-id-sessions M use-same-session N}DyPx
(dCDP'a0j6}]:
HTTPS M'z
O$=( ssl-id-sessions =yes
ssl-id-sessions = nouse-same-session =
no
use-same-session =yes ssl-id-sessions
vT
JO*F cookie SSL j6 Cookie Cookie
$i SSL j6 Cookie Cookie
CDSSO SSL j6 Cookie Cookie
jG SSL j6 Cookie Cookie
79Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 100: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/100.jpg)
HTTPS M'z
O$=( ssl-id-sessions =yes
ssl-id-sessions = nouse-same-session =
no
use-same-session =yes ssl-id-sessions
vT
m% SSL j6 Cookie Cookie
BA SSL j6 BA 7 Cookie
HTTP 7 SSL j6 HTTP 7 HTTP 7
IP X7 SSL j6 IP X7 IP X7
HTTP M'z
O$=( use-same-session =no
use-same-session =yes
JO*F cookie Cookie Cookie
CDSSO Cookie Cookie
jG Cookie Cookie
m% Cookie Cookie
BA BA 7 Cookie
HTTP 7 HTTP 7 HTTP 7
IP X7 IP X7 IP X7
dCJO*F cookieTBJO*F cookie &\(CZ HTTP M HTTPS)JCZ(}:X=
bzF,SA4FD0K WebSEAL ~qw:/DM'z#JO*F
cookie D?DG1kM'z.d_P-<a0D~qw;;d*;IC
1,I@9?FXBO$#
I{C0K WebSEAL :/*s?M'za)J4D_ICT#:X=
bzFI9XxkDks"(}ICD0K~qwV"ks#
KV[ZdIN<B<#
80 f> 3.8
![Page 101: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/101.jpg)
M'z;*@4FD0K~qwdC#:X=bzFGksD URL D%
c*5#:X=bzFI+M'zkICD~qw(}g WS1),S#
a04,G9C WS1 ("D,"Ra+4TCM'zDyPsLks"
MA WS1#
JO*F cookie IbvDJbf0IZ;)-r(}g,53JOrI
\m14PDt_Yw)9 WS1 d*;IC1Div#g{ WS1 d*
;IC,r:X=bzFa+ksX(rAd|1>~qw(WS2 r
WS3).;#VZQ*'-<Da0A>$D3d#TZKfzD~q
wCM'zGBD,xR(#+YN?FO$CM'z#
ITdC4FD WebSEAL ~qwTZX(Z~qwD cookie PS\M
'z>$}]#1M'zWN,S1,cookie +ECZ/@wO#g{u
< WebSEAL ~qwd*Y1;IC,r cookie(MS\D>$E")
+a)xfz~qw#4FD WebSEAL ~qw2mIb\>$E"D
+2\?#VZM'zIT("k1> WebSEAL ~qwDBa0,x
;C?FXBO$#
cookie DN<cG:X=bzFD DNS#r* cookie GX(Z~qw
D cookie "R;GX(ZrD cookie,yTK%;N<c\X*#;P
k4( cookie D~qw_P`, DNS {FD~qwE\S\ cookie#
< 14. JO*F Cookie i05w
81Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 102: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/102.jpg)
M'z;1(}:X=bzFwvks#rx,ZJO*FYwZd,
+;1S\ cookie,;s+d+]=B;vICD~qw#
tCJO*F cookie
failover-auth N};Z webseald.conf dCD~D [failover] ZP,
KN}CZtCr{CX(Z~qwDJO*F cookie:
¶ *tCJO*F cookies,kdk0http1"0https1r0both1#
¶ *{CJO*F cookie,kdk0none1(1!5)#
}g:
[failover]failover-auth = https
XkZ?v0K WebSEAL ~qwOhCKN}#
S\Mb\>$}]
*#$ cookie }],k9C WebSEAL a)D cdsso_key_gen 5C
Lr#K5CLrzI;vTF\?,C\?T cookie PD>$}]x
PS\Mb\#KP5CLr1,k8(\?D~D;C(xT76
{):
UNIX: # cdsso_key_gen <pathname>
Windows: MSDOS> cdsso_key_gen <pathname>
ZdP;v1>~qwOKP5CLr"+\?D~V$4F=?v#
`D1>~qwO#Z?v~qwD webseald.conf dCD~D
[failover] ZPdkK\?D~D;C#g{;8(\?D~,r{CC
~qwDJO*F cookie &\:
[failover]failover-cookies-keyfile = <absolute-pathname>
IT*\?D~a)NNJ1D{F,}g ws.key#
dC cookie P'Z
82 f> 3.8
![Page 103: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/103.jpg)
cookie P'Z(TVS*%;)D5ZTBN}PhC:
failover-cookie-lifetime = 60
O$dCEv
ITZ?V=(Dy!OtCM{C HTTP M HTTPS M'zDO$#
WebSEAL 'VDyPO$=(DzF<GZ webseald.conf dCD~
D [authentication-mechanisms] ZPdCD#\'VDO$=(N}
|(:
¶ >X(ZC)O$Lr
> X O$L r D N}8( KJ1 D ZC2 m b ( U N I X ) r
DLL(Windows)D~#
¶ (FDb?O$Lr
WebSEAL a)#e~qwzk,ICZ9(M8((FDb?0g
rO$~q1(CDAS)~qw#
b? CDAS O$Lr+8(J1D(F2mb#
>XO$N}TBN}8(K>XZCO$Lr:
N} hv
m%My>O$
passwd-ldap M'z9C LDAP C'{M\kxPCJ#
jGO$
token-cdas M'z9C LDAP C'{M SecurID jG(Pzkx
PCJ#
M'zKD$iO$
cert-ssl M'z9CM'zK$i(} SSL xPCJ#
HTTP 7M/r IP X7O$
http-request M'z(}X( HTTP 7M/r IP X7xPCJ#
CDSSO j6jGO$
cdsso gr%;"aO$#
83Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 104: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/104.jpg)
9C [authentication-mechanisms] ZdCO$=("TBPq=5
V:
<authentication-method-parameter> = <shared-library>
kNDZ713D:j8dCE"N<;#
b?(F CDAS O$N}TBN}ICZ8(b? CDAS ~qwD(F2mb:
N} hv
passwd-cdas M'z9CZ}="amDC'{M\kxPCJ#
token-cdas M'z9CC'{MjG(PzkxPCJ#
cert-cdas M'z9C(} SSL O$DM'zK$ixPCJ#
XZ9(MdC5V CDAS ~qwD(F2mbDj8E",kN<
6Tivoli SecureWay Policy Director WebSEAL *"_N<s+7#
WebSEAL O$D1!dC
1!ivB,+ WebSEAL hC*9Cy>O$(BA)C'{M\k
(LDAP "am)(} SSL O$M'z#
( # , T T C P M S S L C J < t C W e b S E A L # r x ,
[authentication-mechanisms] ZDdMdC|,'VC'{M\k
(LDAP "am)"'V(} SSL O$DM'zK$i#
TB>}zm [authentication-mechanisms] Z Solaris fDdMdC:
[authentication-mechanisms]passwd-ldap = libldapauthn.socert-ssl = libsslauthn.so
*dCd|O$=(,k9Cd2mb(r CDAS #i)mS`&DN
}#XZ?VO$=(Dj8dCE",kNDZ713D:j8dCE
"N<;#
84 f> 3.8
![Page 105: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/105.jpg)
dC`vO$=(^D webseald.conf dCD~D [authentication-mechanism] ZT8
(CZyP\'VO$=(D2mb#dC`vO$=(1,I&CT
Bu~:
1. yPO$=(<IT`%@"XKP#IT*?v\'V=(dC
2mb#
2. ,1dC cert-cdas M cert-ssl =(DivB,0_+2Gs_#
XktCdP;V=('VM'zK$i#
3. 1dC`V\k`MO$Lr1,5J;9C;V#WebSEAL 9C
TBEH6Nrbv`vQdCD\kO$Lr:
a. passwd-cdas
b. passwd-ldap
4. I\*=V;,DO$=(dC,;v(Fb#}g,IT4(F
2mbT&mC'{/\kM HTTP 7O$#TZK>},IT9C
,;v2mbdC passwd-cdas M http-request N}#*"_D
0pG,$a04,"\b=V=(.dDe;#
a>G<ZTBu~B,WebSEAL a>M'zG<:
1. 4O$DM'zZ(li'\
2. m%ry>O$M'zZ(li'\
TBM'z`MavV0403 JO1ms:
1. 1Z(li'\1:
a. M'zK$i
b. JO*F cookie
c. CDSSO
d. IP X7
e. HTTP 7
2. 1M'zO$9CK WebSEAL {CD=(
85Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 106: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/106.jpg)
"zM|D\k|nPolicy Director a)TB|nCZ'V(} HTTP r HTTPS O$DM
'z#
pkmslogout1M'z9C;T?vksa)O$}]DO$=(1,|GIT9C
pkmslogout |nS10a0"z#}g,pkmslogout ;ICZ9C
y>O$r IP X7O$DM'z#ZKivB,XkXU/@wT"
z#
pkmslogout |nJCZ(}M'zK$i"jG(Pzk"m%O$M
HTTP 7O$D3)5VDO$#
4TB=(KP|n:
https://www.tivoli.com/pkmslogout
/@waT> webseald.conf dCD~P(eD"zq=:
[acnt-mgt]logout = logout.html
IT4h*^D logout.html D~#
1xge5a9*sTS+;;,DsK53"zDC'9C;,Dv
ZA;1,pkmslogout 5CLr9'V`v"zl&3f#
TBmo=j6KX(l&D~:
https://www.tivoli.com/pkmslogout?filename=<custom_logout_file>
dP custom_logout_file G"zl&DD~{#KD~Xk$tZ|,
1! logout.html D~Md|y> HTML l&m%D`, lib/html/C
?<P#
pkmspasswd9Cy>O$(BA)rm%O$1IT9CK|n|DG<\k#K|
nTZ HTTP r HTTPS <GJCD#
}g:
86 f> 3.8
![Page 107: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/107.jpg)
https://www.tivoli.com/pkmspasswd
1 BA k WebSEAL ;p9C1,*7#ns2+T,TZ BA M'
zK|n+4PTBP*:
1. |D\k#
2. M'zC'S10a0"z#
3. M'zxP=Sks1,/@w+ZM'zOT> BA a>{#
4. M'zXkXBG<TLx"vks#
Ki05wvJCZ9Cy>O$DM'z#
dCy>O$
y>O$(BA)G+C'{M\ka)xO$zFDj<=(#BA I
HTTP -i(e,"I(} HTTP M HTTPS 5V#
1!ivB,WebSEAL dC*9Cy>O$(BA)C'{M\k(}
HTTPS xPO$#
tCM{Cy>O$
ba-auth N},;Z webseald.conf dCD~PD [ba] ZP,CZt
CM{Cy>O$=(#
¶ *tCy>O$=(,kdk0http1"0https1r0both1#
¶ *{Cy>O$=(,kdk0none1#
}g:
[ba]ba-auth = https
hCr{Fr{FG1/@wa>C'dkG<}]1T>ZT0rPDD>#
hCr{FDdCN};Z webseald.conf dCD~PD [ba] ZP#
}g:
87Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 108: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/108.jpg)
[ba]basic-auth-realm = Policy Director
dCy>O$zF
passwd-ldap N}8(CZ&mC'{M\kO$D2mb#
¶ Z UNIX O,a)ZC3d&\DD~GF* libldapauthn D2m
b#
¶ Z Windows O,a)ZC3d&\DD~GF* ldapauthn D
DLL#
O$zF 2mb
Solaris AIX Windows HP-UX
passwd-ldap libldapauthn.so libldapauthn.a ldapauthn.dll libldapauthn.sl
IT(}Z webseald.conf dCD~D [authentication-mechanism]ZPx passwd-ldap N}dkX(Z=(D2mbD~{F4dCC'
{M\kO$zF#}g:
< 15. BA G<a>
88 f> 3.8
![Page 109: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/109.jpg)
Solaris:
[authentication-mechanisms]passwd-ldap = libldapauthn.so
Windows:
[authentication-mechanisms]passwd-ldap = ldapauthn.dll
dCu~g{Q*X(+MtCKm%O$,r+vTC+MDy>O$hC#
dCm%O$
Policy Director a)m%O$)j<y>O$zF8C#bV=(IS
Policy Director zz(F HTML G<m%,x;GSy>O$aJzz
j<G<a>#
9CyZm%G<1,/@w";TC'{M\kE"xP_Y:f
(g|Zy>O$PyvDGy)#
tCM{Cm%O$
forms-auth N},;Z webseald.conf dCD~PD [forms] ZP,
CZtCM{Cm%O$=(#
¶ *tCm%O$=(,kdk0http1"0https1r0both1#
¶ *{Cm%O$=(,kdk0none1#
}g:
[forms]forms-auth = https
dCm%O$zF
passwd-ldap N}8(CZ&mC'{M\kO$D2mb#
¶ Z UNIX O,a)ZC3d&\DD~GF* libldapauthn D2m
b#
¶ Z Windows O,a)ZC3d&\DD~GF* ldapauthn D
DLL#
89Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 110: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/110.jpg)
O$zF 2mb
Solaris AIX Windows HP-UX
passwd-ldap libldapauthn.so libldapauthn.a ldapauthn.dll libldapauthn.sl
IT(}Z webseald.conf dCD~D [authentication-mechanism]ZPx passwd-ldap N}dkX(Z=(D2mbD~{F4dCC'
{M\kO$zF#}g:
Solaris:
[authentication-mechanisms]passwd-ldap = libldapauthn.so
Windows:
[authentication-mechanisms]passwd-ldap = ldapauthn.dll
dCu~g{Q*X(+MtCKm%O$,r+vTC+MDy>O$hC#
(F HTML l&m%m%O$*sz9C(FG<m%#1!ivB,y> login.html m%
;ZTB?<P:
<install-directory>/lib/html
IT(FKm%DZ]MhF#}g:
90 f> 3.8
![Page 111: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/111.jpg)
XZzIT(FDIC HTML m%Dj8E",kNDZ343D:\m
(FD HTML 3f;#
dCM'zK$iO$
WebSEAL 'V9CM'zK}V$i(} SSL kM'zxP2+(
E#ZbVO$=(P,$iE"(}g0(P{F1r DN);3d*
Policy Director m]#
s(:(}$i`%O$
(}}V$ixPO$V*=vWN:
¶ WebSEAL 9Cd~qwK$ir SSL M'zmwT:m]
¶ WebSEAL 9CdO$PD(CA)y$iD}]bi$9CM'zK
$ixPCJDM'z
1. SSL M'zksk WebSEAL ~qw,S#
2. Zl&P,WebSEAL (}Q)pD~qwK$i"Md+2\?#
K$iH0QIIEDZ}=O$PD(CA))p#
3. M'zli|GqITENMS\C$iD"PL#M'zD/@
w(#|,4TIE CA Dy$iPm#g{ WebSEAL D$iO
D){kb)y$iPD3;v`%d,r~qwGIED#
< 16. y> WebSEAL G<m%
91Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 112: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/112.jpg)
4. g{;P%dD){,/@w+(*dC',K$iGI;v4*
DO$PD)"D#;sS\r\xC$i+GC'D0p#
5. g{){k/@wDy$i}]bPD3vu?%d,M'zk
WebSEAL ~qw.d+Ta0\?xP2+-L#
K}LDnUa{Gzz2+(@,M'zITZC(@OxPO
$(}g(}C'{M\k)#O$I&.s,M'zM~qwI
TLx(}K(@xP2+(E#
6. VZM'zr+d+2\?$i"M= WebSEAL ~qw#
7. WebSEAL "T+M'z$iOD){kQ*D CA xP%d#k
M'z/@w`F,WebSEAL ~qw,$d\?}]bPIE CA
Dy$iPm#
8. g{;P%dD){,WebSEAL +zI SSL msk"+d"M=
M'z#
9. g{P%dD){,rM'zIE#g{xPM'zO$,r+C
= Policy Director m]#
10. a0\?GZM'zk WebSEAL ~qw.dS\2+-LD#K
}LDnUa{GZ`%O$DM'zk~qw.dzz2+xI
ED(E(@#
< 17. M'zi$ WebSEAL $i
92 f> 3.8
![Page 113: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/113.jpg)
WebSEAL bT$i201,WebSEAL M|,KT)bT~qw$i#d;KbT$iJm
WebSEAL TtC SSL D/@wkswvl&,+;\I/@w(;|
,J1Dy CA $i)i$$i#IZ?N WebSEAL V"P<|,K
1!$iD(C\?,yTK$i;a)f}D2+(E#
*7#(} SSL D2+(E,SIEDO$PD(CA)"a0q!(;
D>c~qw$iG\X*D#IT9C GSKit iKeyman 5CLrzI
+"M= CA D$iks#2IT9C iKeyman 20B>c$i"*
dSj ) #9C w e b s e a l d . c o n f dCD~D [ s s l ] ZPD
webseal-cert-keyfile-label N}8(C$iw*n/D WebSEAL ~q
wK$i(KhC+2G\?D~}]bP8(*01!51DyP$
i)#
g{h*d|ivBD;,$i(}gCZ%O$*a),rIT9C
iKeyman 5CLr4("20b)=S$i"*dSj)#
kNDZ373D:dC WebSEAL D\?}]bN};#
kNDZ2173D:9C iKeyman \m$i;#
tCM{C$iO$
(}hC accept-client-certs N}(;Z webseald.conf dCD~D
[certificate] ZP),IT8( WebSEAL gN&m9C(} SSL O$
DM'zK$iDO$#
1!ivB,WebSEAL ;S\M'zK$i:
[certificate]accept-client-certs = never
KN}D=S5|, optional M required#
BmPv"hvK accept-client-certs N}DJm5:
5 hv
never ;*S\M'zD X.509 $i#
93Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 114: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/114.jpg)
5 hv
optional rM'z*s X.509 $i,g{a)K$i,r9CyZ
$iDO$#
required rM'z*s X.509 $i,"9CyZ$iDO$#g{
M'z;a)$i,r;Jm,S#
dC$iO$zF
cert-ssl N}8(CZ3d$iO$E"D2mb#
¶ Z UNIX O,a)ZC3d&\DD~GF* libsslauthn D2m
b#
¶ Z Windows O,a)ZC3d&\DD~GF* sslauthn D
DLL#
O$zF 2mb
Solaris AIX Windows HP-UX
cert-ssl libsslauthn.so libsslauthn.a sslauthn.dll libsslauthn.sl
IT(}Z webseald.conf dCD~D [authentication-mechanism]ZPx cert-ssl N}dkX(Z=(D2mbD~{F4dC$iO$
zF#
Solaris:
[authentication-mechanisms]cert-ssl= libsslauthn.so
Windows:
[authentication-mechanisms]cert-ssl = sslauthn.dll
2mbD~a)D1!3d1S+$i DN 3d* LDAP DN#
dCu~g{M'zK$i&mhC*0required1,rTZ HTTPS M'z+v
TyPd|O$hC#
94 f> 3.8
![Page 115: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/115.jpg)
dC HTTP 7O$
Policy Director 'V(}IM'zr/Pzma)D(F HTTP 7E"
xPO$#
CzFh*P3d&\(2mb),C3d&\+IED($O$D)
7}]3d* Policy Director m]#WebSEAL ITICKm]"*C
'4(>$#
WebSEAL YhH0QO$K(F HTTP 7}]#rK,(i(PX5
Vb;=( * ;tCd|O$=(##B(F HTTP 7}]GI\D#
1!ivB,9(K2mbG*KS/Pzm73d}]#
tCM{C HTTP 7O$
http-headers-auth N},;Z webseald.conf dCD~D
[http-headers] ZP,CZtCM{C HTTP 7O$=(#
¶ *tC HTTP 7O$=(,kdk0http1"0https1r0both1#
¶ *{C HTTP 7O$=(,kdk0none1#
}g:
[http-headers]http-headers-auth = https
8(7`MXkZ webseald.conf dCD~D [auth-headers] ZP8(yP\'
VD HTTP 7`M#
[auth-headers]header = <header-type>
1!ivB,+TKZC2mbxP2`kT'V/Pzm7}]#
[auth-headers]header = entrust-client
Xk(FKD~,9dO$d|`MDXb7}]M+K}]3d*
Policy Director m](I!)#XZ API J4,kN<6Tivoli SecureWay
Policy Director WebSEAL *"_N<s+7#
95Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 116: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/116.jpg)
dC HTTP 7O$zF
http-request N}8(CZ3d HTTP O$7E"D2mb#
¶ Z UNIX O,a)ZC3d&\DD~GF* libhttpauthn D2m
b#
¶ Z Windows O,a)ZC3d&\DD~GF* httpauthn D
DLL#
O$zF 2mb
Solaris AIX Windows HP-UX
http-request libhttpauthn.so libhttpauthn.a httpauthn.dll libhttpauthn.sl
1!ivB,+TKZC2mbxP2`kT3d/Pzm7}]*P
'D Policy Director m]#Xk(FKD~,9dO$d|`MDXb
7}]M+K}]3d* Policy Director m](I!)#XZ API J4,
kN<6Tivoli SecureWay Policy Director WebSEAL *"_N<s+7#
IT(}Z webseald.conf dCD~D [authentication-mechanism]ZPx http-request N}dkX(Z=(D2mbD~{F4dC
HTTP 7O$zF#
}g:
Solaris:
[authentication-mechanisms]http-request = libhttpauthn.so
Windows:
[authentication-mechanisms]http-request = httpauthn.dll
dCu~
1. g{ ssl-id-sessions = no,r+;9Ca0j6 cookie ,$4,#
x9C(;D75,$4,#
2. g{M'zv=KZ(JO,rM'z+SU=0{913f
(HTTP 403)#
96 f> 3.8
![Page 117: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/117.jpg)
dC IP X7O$
Policy Director 'V(}M'za)D IP X7DO$#
tCM{C IP X7O$
ipaddr-auth N},;Z webseald.conf dCD~D [ipaddr] ZP,
CZtCM{C IP X7O$=(#
¶ *tC IP X7O$=(,kdk0http1"0https1r0both1#
¶ *{C IP X7O$=(,kdk0none1#
}g:
[ipaddr]ipaddr-auth = https
dC IP X7O$zF
(} IP X7O$h*(F2mb#kTK2mb9C http-request N
}#
dCjGO$
Policy Director 'V(}M'za)DjG(PzkDO$#
tCM{CjGO$
token-auth N},;Z webseald.conf dCD~D [token] ZP,C
ZtCM{CjGO$=(#
¶ *tCjGO$=(,kdk0http1"0https1r0both1#
¶ *{CjGO$=(,kdk0none1#
}g:
[token]token-auth = https
dCjGO$zF
token-cdas N}8(CZ3djG(PzkO$E"D2mb#
¶ Z UNIX O,a)ZC3d&\DD~GF* libtokenauthn D2
mb#
97Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 118: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/118.jpg)
¶ Z Windows O,a)ZC3d&\DD~GF* tokenauthn D
DLL#
O$zF 2mb
Solaris AIX Windows HP-UX
token-cdas libtokenauthn.so libtokenauthn.a tokenauthn.dll libtokenauthn.sl
1!ivB,+TKZC2mbxP2`kT3d SecurID jG(Pz
k}]#IT(FKD~O$d|`MDXbjG}],I!D,I+
K}]3d* Policy Director m]#XZ API J4,kN<6Tivoli
SecureWay Policy Director WebSEAL *"_N<s+7#
IT(}Z webseald.conf dCD~D [authentication-mechanism]ZPx token-cdas N}dkX(Z=(D2mbD~{F4dCjGO
$zF#
}g:
Solaris:
[authentication-mechanisms]token-cdas = libtokenauthn.so
Windows:
[authentication-mechanisms]token-cdas = tokenauthn.dll
'V`74C/Pzm
Policy Director *#$9C`74C/Pzm(MPA)Dxga)bv=
8#
j</Pzm(SPA)G'VM'zk-<~qwd?vM'za0
((} SSL r HTTP)DxX#WebSEAL ITTb)?vM'zDa
0&C}#D SSL r HTTP O$#
98 f> 3.8
![Page 119: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/119.jpg)
`74C/Pzm(MPA)GwZ`vM'zCJDxX#1M'z(
}^_CJ-i(WAP)xPCJ1,P1b)xX;F* WAP xX#
xX("A-<~qwD%;O$(@,"(}K(@0+d1yPM
'zksMl&#
TZ WebSEAL,K(@ZD+?E"u<<T>*4T;vM'zD`
vks#WebSEAL Xk+ MPA ~qwO$k?v%@M'zD=SO
$xp*#
IZ WebSEAL * MPA ,$QO$Da0,rKXk,1*?vM'
zVp,$a0#rx,CZ MPA Da0}]MO$=(XkkM'z
9CDa0}]MO$=(X;;,#
P'Da0}]`MMO$=(MPA A WebSEAL 9CDa0}]`MXkkM'zA WebSEAL 9
CDa0}]`MX;;,#BmPvK MPA MM'zDP'a0`
M:
P'a0`M
MPA A WebSEAL M'zA WebSEAL
SSL a0j6
HTTP 7 HTTP 7
< 18. (} MPA xX(E
99Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 120: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/120.jpg)
P'a0`M
MPA A WebSEAL M'zA WebSEAL
BA 7 BA 7
IP X7
Cookie Cookie
¶ M'z;\9C SSL a0j6w*a0}]`M#
¶ }g,g{TZa0}]`M MPA 9C BA 7,rM'zTa0
}]`MD!q;|, HTTP 7M cookie#
¶ g{TZa0}] MPA 9C HTTP 7,rM'zIT9C;,D
HTTP 7`M#
¶ X(Z~qwD cookie ;|,a0E";|;|,m]E"#
¶ g{tC MPA 'V,r+a|D ssl-id-sessions D&\#(#,
g{ ssl-id-sessions=yes,rv9C SSL a0j6,$ HTTPS M
'zDa0#*Jm MPA 9C SSL a0j6,$a0"9M'z
9Cm;V=(,$a0,k}%K^F#m{Z793D:7(P
'Da0j6}]`M;#
MPA A WebSEAL 9CDO$=(XkkM'zA WebSEAL 9CD
O$=(X;;,#BmPvK MPA MM'zDP'O$=(M:
P'O$`M
MPA A WebSEAL M'zA WebSEAL
y>O$ y>O$
m% m%
jG jG
HTTP 7 HTTP 7
$i
IP X7
¶ }g,g{ MPA 9Cy>O$,rM'zO$=(D!n|,m
%"jGM HTTP 7#
¶ TZM'zD9C,$iM IP X7O$=(G^'D#
100 f> 3.8
![Page 121: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/121.jpg)
¶ (#,g{TX(+MtCm%(rjG)O$,r+T/TC+
M{Cy>O$(kNDZ883D:dCy>O$zF;)#g{t
CK MPA 'V,r+}%K^F#by+Jm MPA 9Cm%(r
jG)G<,"JmM'z9Cy>O$(}`,D+MG<#
MPA M`vM'zDO$xLw
1. WebSEAL \m14PTBu=dC:
¶ tCT`74C/PzmD'V
¶ *X( MPA xX4( Policy Director J'
¶ +K MPA J'mS= webseal-mpa-servers i
2. ,SA MPA xXDM'z#
3. xX+ks*;* HTTP ks#
4. xXO$M'z#
5. xX9CM'zks("k WebSEAL D,S#
6. A WebSEAL D MPA O$(9CkM'zX;;,D=(),*
MPA(Q-_P WebSEAL J')Izm]#
7. WebSEAL +i$ MPA Z webseal-mpa-servers iPDa1J
q#
8. * MPA 9(;v>$,"+dj>*_Y:fPDXb MPA `
M#
!\+4D?vM'zks<xPK MPA >$,+C>$";CZ
Tb)ksxPDZ(li#
9. by,WebSEAL h*x;=j6ksDyP_#
MPA \;xp`vM'zT}77IG<a>#
10. M'zG<MO$9CD=(kCZ MPA DO$`MX;;,#
11. WebSEAL SM'zO$}]9(>$#
12. ?vM'z9CDa0}]`MXkk MPA 9CDa0}]`MX
;;,#
101Tivoli SecureWay Policy Director WebSEAL \m8O
4.W
ebS
EA
LO
$
![Page 122: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/122.jpg)
13. Z(~qyZC'>$MTsD ACL mI(mIr\xCJ\#$
Ts#
tCM{C MPA O$
;Z webseald.conf dCD~D [mpa] ZPD mpa N}CZtCM
{C MPA O$:
¶ *tC MPA O$=(,kdk0yes1#
¶ *{C MPA O$=(,kdk0no1#
}g:
[mpa]mpa = yes
4( MPA DC'J'XZ4(C'J'DE",kN<6Tivoli SecureWay Policy Director Base
\m8O7M Tivoli SecureWay Policy Director Web Portal Manager
Administration Guide#
+ MPA J'mS= webseal-mpa-servers iXZ\miDE",kN<6Tivoli SecureWay Policy Director Base \
m8O7M Tivoli SecureWay Policy Director Web Portal Manager
Administration Guide#
MPA O$^F
Policy Director Db;"Pf;T?v WebSEAL ~qw'V;v
MPA#
102 f> 3.8
![Page 123: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/123.jpg)
gr"abv=8
1 WebSEAL w*zm~qw4PTa)T2+rD#$1,(#*s
a)%;"aAJ4Dbv=8#>BV[=Vgr%;"abv=
8#
wbw}:
¶ :dC CDSSO O$;
¶ Z1083D:dCgSgx%;"a;
dC CDSSO O$
Policy Director gr%;"a(CDSSO)a)K;VZ`v2+r.d*
FC'>$DzF#CDSSO Jm Web C'4P%;"a"Z=v@"
D2+r.d^lF/#CDSSO O$zF";@5ZwO$~qw(k
NDgSgx SSO)#
CDSSO (}Jm/I`v2+r,'VIluxge5a9D?D#}
g,ITC=vr`v(;DrhC;vsM2,b?x * ?v(;D
r<PT:DC'MTsUd#CDSSO JmC'9C%;"aZr.d
F/#
1C'ks;Zm;rPD3vJ41,CDSSO zF+QS\DC'm
]jGSZ;vr*F=Z~vr#by,Z~vrMC=KC'Dm
](QZZ;vrPO$),R;a?FC'4Pm;G<#
5
103Tivoli SecureWay Policy Director WebSEAL \m8O
5.g
r"
ab
v=
8
![Page 124: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/124.jpg)
/I(F CDMF 2mbZm` CDSSO =8P,;,rDC'd1!D;T;3dI\;JOy
P?p*s#
gr3dr\(CDMF)GJmz9((F2mbD`LSZ,K2m
b\&m)9DC'tT"*C'm]a)3d~q#
CDMF `LSZJminX(F3dC'm]M&mC'tT#
9C CDMF D CDSSO O$xLwTBxLwhvZ<19P5w#
1. kNk`vrDNNC'XkZwrP_PP'C'J',RXk
Z?vNkD6LrP_PI3d*P'J'Dm]#
g{C';Pu<O$=|,C'J'Du<2+r(A),r;\
wC CDSSO &\#
2. C'(} Web 3fOD(F4S"vCJr B PDJ4Dks#
C4S|,;vXb CDSSO mo=:
/pkmscdsso?<destination-URL>
}g:
/pkmscdsso?https://www.domainB.com/index.html
3. b;ks+WHIr A PD WebSEAL ~qw&m#WebSEAL 9
(O$jG,|,C'D Policy Director m](rF)"10r
(0A1)"d|C'E"M1dAG#
d|C'E"G(}wC(FD CDMF 2mb
(cdmf_get_usr_attributes)q!D#Kb_Pa)C'tTD\
&,C'3d&mZdr B I9Cb)tT#
WebSEAL }v DES 9C cdsso_key_gen 5CLrzIDTF\
?S\KjG}]#K\?D~G2mD,|f"Zr A Mr B
WebSEAL ~qwOD webseald.conf dCD~D [cdsso-peers] Z
P#
C jG| , K I dCD ( e jGP ' Z D1dAG
(authtoken-lifetime)#}7dC1dAG1,IT@9X4%
w#
104 f> 3.8
![Page 125: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/125.jpg)
4. r A WebSEAL ~qw+ksMQS\DjGX(rX/@w,;s
X(r=r B WebSEAL ~qw(HTTP X(r)#
5. r B WebSEAL ~qw9C`,f>D\?D~b\"i$4TN<
rDjG#
6. VZr B WebSEAL ~qwMwC CDSSO O$zFb#K CDSSO
b@NwC(FD4P5JC'3d(cdmf_map_usr)D CDMF
b#
CDMF b+C'm]Md|C'tTE"(s__P!qT)+]X
CDSSO b#CDSSO b9CKE"49(>$#
7. r B Z(~qmIr\xT\#$TsDCJ(yZC'>$Mkk
sDTs`X*DX( ACL mI()#
tCM{C CDSSO O$
cdsso-auth N},;Z webseald.conf dCD~D [cdsso] ZP,C
ZtCM{C CDSSO O$=(#
< 19. 9C CDMF Dgr%;"a}L
105Tivoli SecureWay Policy Director WebSEAL \m8O
5.g
r"
ab
v=
8
![Page 126: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/126.jpg)
¶ *tC CDSSO O$=(,kdk0http1"0https1r0both1#
¶ *{C CDSSO O$=(,kdk0none1#
}g:
[cdsso]cdsso-auth = https
dC CDSSO O$zF
cdsso dCN}8(K3dO$E"D2`k2mb#
¶ Z UNIX O,a)ZC3d&\DD~GF* libcdssoauthn D2
mb#
¶ Z Windows O,a)ZC3d&\DD~GF* cdssoauthn D
DLL#
O$zF 2mb
Solaris AIX Windows HP-UX
cdsso libcdssoauthn.so libcdssoauthn.a cdssoauthn.dll libcdssoauthn.sl
IT(}Z webseald.conf dCD~D [authentication-mechanism]ZPx cdsso N}dkX(Z=(D2mbD~{F4dC CDSSO O
$zF#
}g:
Solaris:
[authentication-mechanisms]cdsso = libcdssoauthn.so
Windows:
[authentication-mechanisms]cdsso = cdssoauthn.dll
106 f> 3.8
![Page 127: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/127.jpg)
S\O$jG}]WebSEAL Xk9C cdsso_key_gen 5CLrzID\?S\ECZ
jGPDO$}]#Xk(}kNkrD?v WebSEAL ~qw2m\
?D~0,=1K\?#wrPNkD?v WebSEAL ~qw<h*9
C`,D\?#
":4(MV"\?D~";G Policy Director CDSSO xLD;?V#
KP cdsso_key_gen 5CLr1,C5CLr*sz8(\?D~D
;C(xT76{):
UNIX: # cdsso_key_gen <absolute-pathname>
Windows: MSDOS> cdsso_key_gen <absolute-pathname>
ZwrDNk WebSEAL ~qwD webseald.conf dCD~D
[cdsso-peers] ZPdkK\?D~D;C#dq=|( WebSEAL z
w{FM\?D~;C:
[cdsso-peers]<webseal-machine-name> = <keyfile-location>
r A dC>}:
[cdsso-peers]www.domainB.com = <pathname>/A-B.key
r B dC>}:
[cdsso-peers]www.domainA.com = <pathname>/A-B.key
ZTO>}P,A-B.key D~+Z;vzw(}g WebSEAL A)Oz
I,"V$("2+)D4F=m;zw(}g WebSEAL B)#
dCjG1dAGCjG|,IdCD1dAG,|(eKm]jGDP'Z#;)1d
AG=Z,rO*CjG^',";h9C#(}+1dAGhC*c
;LD5,Sx@9KjGZdP'ZZ;AC"X49C,rK1d
AGICZoz@9X4%w#
107Tivoli SecureWay Policy Director WebSEAL \m8O
5.g
r"
ab
v=
8
![Page 128: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/128.jpg)
authtoken-lifetime N},;Z webseald.conf dCD~PD [cdsso]ZP,CZhCjGP'ZD5#C5Tk*%;mo#1!5* 180:
[cdsso]authtoken-lifetime = 180
Xk<GNkn/Dr.dDNN1S+n#
mo CDSSO HTML 4S(z2+rJ4D HTML 4SXk|,XbD CDSSO mo=:
/pkmscdsso?<destination-URL>
}g:
/pkmscdsso?https://www.domainB.com/index.html
#$O$jG1O$jG;|,O$E"(}gC'{M\k)1,|5JO|,K
SUrZIEDC'm]#rK,Xk#$jGTm;;ACMX49
C#
(}9C SSL #$ WebSEAL ~qwkC'.dD(E,I@9jG;
k_AC#IThkSC'D/@wz7G<PACjG#jGOD1
dAG&c;L,9jGZdP'ZZ;I\;ACMX49C#
+`TZ1dAGxT,Q=ZDjGT;]W\=\kT%w#g{
"VKCZ+jGS\D\?rC\?\=p&,rPqbDC'I\
9({GT:DjG#
;sIT+b)jGek01 CDSSO w1#TZNk CDSSO rn/D
WebSEAL ~qw,b)jG+kf}DO$jGA^xp#rK,9X
k!D\mCZ#$jGD\?,"-#xP|D#
dCgSgx%;"a
gSgx%;"aG Policy Director 73PgrO$Dm;5V#gr
O$D?DGJmC'CJg`vrD`v~qwDJ4,x;XXB
O$#
108 f> 3.8
![Page 129: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/129.jpg)
0gSgx1GNkLqX5D;i%;`,Dr(Policy Director r
DNS)#b)NkrIdC*;vLqD;?V(IZXm-r,I\
9C;,D DNS {F),rdC*k2mX5j+;,DLq(}g,
+>\?"KY#U+>MpZ\m+>)#
Z ? v = 8P, \ P ; v r8( * 0w( h o m e ) 1 r 0 y P _
(owner)1r#ZNkLqDivB,wr5P\mgSgxDLq
-(#
Zb=V=8P,XZNkgSgxDC'DO$E"(|(O$9C
DC'{M\k)<+ZwrP,$#b;2EJm\mJbD%vN
<c,}ggSgxPyP8rwrDoz(tP#
r_,2I9C Policy Director Web Portal Manager /I\mKE",
TcNkr_P\mT:DC'D0p#
B<PYK;vy>gSgx,|_P=vNkr:r A(dA.com)M
r B(dB.com)#ZK>}P,r A zmwrryP_r#r B GN
krr06L1r#
109Tivoli SecureWay Policy Director WebSEAL \m8O
5.g
r"
ab
v=
8
![Page 130: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/130.jpg)
wr05P1C' * 4,|XFC'DO$E"#;\C'ZN&ks
J4,C'\GXkZwrO$#
TwO$~qw(MAS)* ;ZwrP"dC*O$yPC'D~qw
( r 1 > ~ q w/) * z z O$# <P+ M A S m>*
mas.dA.com#MAS D0p&^F*a)O$~q#MAS ;&|,TC
'ICDJ4#
;)C'I&O$= MAS,MAS +zI0$51jG#KjG++]
XC'("ksD~qw#~qw+K0$51jGS*C'QI&O
$= MAS "\NkgSgxD$]#
gSgxrdDE"*F+ZZ1123D:gSgxxLw;;ZPj
8hv#
< 20. gSgx#M
110 f> 3.8
![Page 131: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/131.jpg)
gSgxXwM*s
¶ K#M'V(}+ URL(4SjG)8rJ4xPCJ#b;Xwk
@5Z(EdCD pkmscdsso 4SD CDSSO #MNITU(k
NDZ1033D:dC CDSSO O$;)#
¶ gSgxD5V*syPNkgSgxDrPDyP WebSEAL ~q
wDdC;B#
¶ NkgSgxDyPC'<h*ZwrPD%vwO$~qw
(MAS)OxPO$#
¶ g{C';P MAS DP'J'(}g,tZr B +;Nkr A *
r B gSgxDC'),rgSgxD5VJmZ6LrPxP0>
X1O$#
ZksG MAS rPDJ41,+*O$ MAS '\DC'a)=O
$A>X~qw("vksD~qw)D!n#
¶ MAS(T0ns6LrPd|!qD~qw)0$51C'O$D
m]#
¶ X(ZrD cookie CZj6Ia)0$51~qD~qw#bMJ
m6LrPD~qwZ>Xks0$51E"#gSgx cookie D
S\Z];|,C'm]r2+TE"#
¶ Q9C(EDjG4+]S\D0$51C'm]#0$51jG
;|,5JC'O$E"#I2mD\?(triple-DES)a)j{
T#jG|,K;v,1(P'Z)5,T^FjGP'TDVx
1d#
¶ gSgxD5VZ HTTP M HTTPS O<\'V#
¶ vpgSgxr\m|GT:DC'm]M`X*DX(#I9C
gr3d&\(CDMF)API +4T6LrDC'3d=>XrPD
P'C'#
g{gSgxr2m+VC'm],r;h*K3d&\#
¶ gSgxDdCZ?vNk WebSEAL ~qwD webseald.conf D
~PhC#
111Tivoli SecureWay Policy Director WebSEAL \m8O
5.g
r"
ab
v=
8
![Page 132: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/132.jpg)
gSgxxLwgSgxIwO$ WebSEAL ~qw(MAS)M;ZwrM6LrPD
d| WebSEAL ~qw9I#MAS Iw* WebSEAL ~qwD%v5
}r;Z:X=bw(K&:X=bwj6* MAS)sfD WebSEAL
1>/fZ#
h*dCyPNkD>XM6L WebSEAL ~qw,T9CxPu<M
'zO$Dwr MAS#bGTwrP~qwD2T*sMT6LrP~
qwDmT*s#}g,IdC6LrPD;)~qw,T&m|GT
:DO$#b)~qwM|G#$DJ4I@"ZgSgxxPYw,
49|G;ZNkgSgxrP#
gSgxD5V("Z0$5153Dy!O#(#,1C'SC'4
("P'a0D WebSEAL ~qwksJ41,WebSEAL +a>C'
O$E"#ZgSgxdCP,WebSEAL ~qwj60$51~qw"
SC'QO$Db;0$51~qwksi$#
0$51~qw_PCC'DP'>$E"#TZC'DZ;Nks,
0$51~qw\G MAS#MAS Lx#1;ZwrPDJ4D0$51
~qw#1C'Lx(}gSgxD"vJ4ks1,?v6LrPD
%@~qwI*C'9(|T:D>$(yZ4T MAS DC'm]E
"),"*rPDJ4#10$51~qwG+#
0$51~qwDi$ksI!0$51jGDq=#0$51~qw
4(jG"+|5X=ksD WebSEAL ~qw#jGPDC'm]E
"GS\D#jG|,P'Z^F#
;SU=0$51jG,ks~qwM*CC'9(>$M>Xa0#
VZC'IyZ}#D(^XF4CJksDJ4#C'SPITC=
;XXBO$DC& * bGgSgx#MD?D#
5)>Z#`?VDgSgxxLw1,kN<TB<m#xLwhv
K=vI\D FIRST CJ=8(1 M 2)#SEG=vI\D NEXT C
J=8(3 M 4),|GtSE 2 r 3#=8 5 "zZu<CJsDN
N1d#
112 f> 3.8
![Page 133: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/133.jpg)
0$51~qw
¶ MAS \GZC'Z;NCJgSgxNN?V1xPO$#
MAS ;&w*O$~qw4P,R;&GJ4a)_#MAS ;&d
C*wO$~qw4Yw,,12;\dC*CZ#$J4#K(
if0T\==f,|;G;v2+T*s#
¶ MAS \Gwr(K>}P*r A)D0$51~qw#
¶ X(ZrDgSgx cookie CZj6x(rPyPd|~qwD0$
51~qw#0$51~qwGrPS MAS ks0$51jGDZ
;v~qw#0$51~qw*rPDC'a)0$51E"#x
(6LrP0$51~qDsLksIIK~qw>X(",x;
GCJrbD MAS#ZwrP,gSgx cookie + MAS j6*
0$51~qw#
(1) FIRST gSgxCJ:WebSEAL 1(r A)
¶ C'ks\ WebSEAL 1(Z MAS D,;vrP)#$DJ4#/
@w;|,CrDgSgx cookie#WebSEAL 1 ;PC'D_Y:
fD>$#
< 21. gSgxxLw
113Tivoli SecureWay Policy Director WebSEAL \m8O
5.g
r"
ab
v=
8
![Page 134: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/134.jpg)
¶ WebSEAL 1 dCtCgSgxO$,"8( MAS D;C#
WebSEAL 1 X(r/@wA MAS ODX(0$51URL#
¶ MAS SU0$51ks,"IZiRCC'D>$'\xa>C'G
<#
¶ ;)I&G<,MAS M*C'9(>$,+|f"Z_Y:fP,"
+/@wX(rX WebSEAL 1 OnuksD URL,K WebSEAL
1 _PS\D0$51jG#mb,X(Zr A DgSgx cookie
;EC=/@wO,Tj6Cr(ZKivB,* MAS)D0$51
~qw#
g{G<"T'\,r MAS 5Xm>'\4,D0$51jG#C
jGD9l9.^(kI&4,0$51jGxp#ks~qw+
'\4,DjGS*C'>XO$'\#
¶ WebSEAL 1 b\jG"*C'9(T:D>$#
":Z,;rP1,;a*sm]3d#g{*sm]3d,r
WebSEAL 1 Xk9Cgr3dr\(CDMF)#
¶ Z(~qmIr\xks#
(2) FIRST gSgxCJ:WebSEAL 3(r B)
¶ C'ks\ WebSEAL 3(6Lr B)#$DJ4#/@w;|,C
rDgSgx cookie#WebSEAL 3 ;PCC'D_Y:fD>$#
¶ WebSEAL 3 dCtCgSgxO$,"8( MAS D;C#
WebSEAL 3 X(r/@wA MAS ODX(0$51URL#
¶ MAS SU0$51ks,"IZiRCC'D>$'\xa>C'G
<#
¶ ;)I&G<,MAS M*C'9(>$,+|f"Z_Y:fP,"
+/@wX(rX WebSEAL 3 OnuksD URL,K WebSEAL
3 _PS\D0$51jG#mb,X(Zr A DgSgx cookie
;EC=/@wO,Tj6Cr(ZKivB,* MAS)D0$51
~qw#
114 f> 3.8
![Page 135: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/135.jpg)
g{G<"T'\,r MAS 5Xm>'\4,D0$51jG#C
jGD9l9.^(kI&4,0$51jGxp#ks~qw+
'\4,DjGS*C'>XO$'\#
¶ WebSEAL 3 b\jG"*C'9(T:D>$#
¶ WebSEAL 3 Z/@wO4("hCm;vgSgx cookie(Tr B
P'),j6 WebSEAL 3 *r B D0$51~qw#
¶ Z(~qmIr\xks#
(3) NEXT gSgxCJ:WebSEAL 2(r A)
¶ C'ks\ WebSEAL 2(Z MAS D,;vrP)#$DJ4#/
@ w | , j6 M A S * 0$51 ~ q w D r A g S g x
cookie#WebSEAL 2 SUK cookie#WebSEAL 2 ;PC'D_Y
:fD>$#
¶ WebSEAL 2 dCtCgSgxO$,"8( MAS D;C#r A g
Sgx cookie DfZ+2G MAS ;CD WebSEAL 2 dC#cookie
* WebSEAL 2 a)K0$51~qwm]#(g{=8 2 H"z,
r/@wO2a,$r B cookie,|;a"MAr A ~qw#)
¶ WebSEAL 2 X(r/@wA cookie Pj6Dr A0$51~qw
(ZKivB* MAS,r* WebSEAL 2 Zr A P)ODXb0$
51URL#
¶ MAS SU0$51ks,"Z_Y:fPiRCC'D>$(b"z
Z=8 1 M 2 P)#
¶ MAS +/@wX(rX WebSEAL 2 OnuksD URL,K
WebSEAL 2 _PS\D0$51jG#
¶ WebSEAL 2 b\jG"*C'9(T:D>$#
¶ Z(~qmIr\xks#
(4) NEXT gSgxCJ:WebSEAL 4(r B)
¶ C'ks\ WebSEAL 4(6Lr B)#$DJ4#g{=8 2 H
"z,r/@w|,j6 WebSEAL 3 *0$51~qwDr B g
Sgx cookie#WebSEAL 4 ;PC'D_Y:fD>$#
115Tivoli SecureWay Policy Director WebSEAL \m8O
5.g
r"
ab
v=
8
![Page 136: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/136.jpg)
¶ WebSEAL 4 dCtCgSgxO$,"8( MAS D;C#r B g
Sgx cookie DfZ+2G MAS ;CD WebSEAL 4 dC#cookie
* WebSEAL 4 a)K0$51~qwm]#(g{=8 1 H"z,
r/@wOva,$r A cookie,|;a"MAr B ~qw#+C
dCD MAS ;C4fz#;s WebSEAL 4 +F*r B D0$
51~qw#)
¶ g{=8 2 H"z,r WebSEAL 4 X(r/@wA cookie Pj
6Dr A0$51~qw(ZKivB* WebSEAL 3)ODXb
0$51URL#
¶ WebSEAL 3 SU0$51ks,"Z_Y:fPiRCC'D>$
(b"zZ=8 2 P)#
¶ WebSEAL 3 +/@wX(rX WebSEAL 4 OnuksD URL,
K WebSEAL 4 _PS\D0$51jG#
¶ WebSEAL 4 b\jG"*C'9(T:D>$#
¶ Z(~qmIr\xks#
(5) ANOTHER gSgxCJ:WebSEAL 2(r A)
¶ C'(}ks,S= WebSEAL 2(r A)#g{=8 3 "z,r
WebSEAL 2 _PC'D_Y:fD>$#
¶ Z(~qmIr\xks#
SgSgx"z
¶ g{C'(}XU/@w4"z,r+e}yP SSL a0MyPg
Sgx cookie#
¶ g{C'(} /pkmslogout 3f4"z,r+e}CrD SSL a
0MgSgx cookie#
mbgSgx Cookie¶ gSgx cookie GX(ZrD cookie,|I;v WebSEAL ~qw
hCsf"ZC'/@wZfP,"ZsLksP+M=d|
WebSEAL ~qw(Z,;rP)#
116 f> 3.8
![Page 137: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/137.jpg)
¶ X(ZrD cookie |,0$51~qwD{F"gSgxm]"0$
51~qw0&\D;C(URL),T0P'ZD5#C cookie ;
|,C'E"#
¶ gSgx cookie JmNkrPD~qwZ>Xks0$51E"#
MAS $tDrDgSgx cookie G+M;Pb4X*K#
¶ cookie _P;vP'Z(,1)5,|Z webseald.conf dCD~
PhC#KP'Z58(6L~qw\*C'a)0$51E"D
1d$H#1 cookie P'Z=Z1,C'XkX(rA MAS xP
O$#
¶ XU/@w1+SZfPe} cookie#g{C'SX(r"z,rg
Sgx cookie +2G*U#KYw+P'XS/@w}% cookie#
mb0$51ksM&pgSgx0$51Ywh*(}=v(E9lD URL qCD(C&\,
b=v URL *0$51ksM0$51&p#b) URL GZyZ
webseald.conf PDdCE"X(rgSgx0$51HTTP }LP9l
D#
0$51ks
1C'S;|,CC'D>$E"D?j~qw(*gSgxxdC
D)ksJ41,+%"0$51ks#~qw"M HTTP X(rA
0$51~qw(MAS rgSgx cookie Pj6D~qw)#
0$51ks|,TBE":
https://<vouch-for-server>/pkmsvouchfor?<ecommunity-name>&<target-URL>
SU=~qwli ecommunity-name Ti$gSgxm]#SU=~q
wZ0$51&pP9C target-URL,X(r/@wXnuDks3f#
pkmsvouchfor0$51URL GIdCD#
}g:
https://mas.dA.com/pkmsvouchfor?companyABC&https://ws5.dB.com/index.html
0$51&p
117Tivoli SecureWay Policy Director WebSEAL \m8O
5.g
r"
ab
v=
8
![Page 138: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/138.jpg)
0$51&pGS0$51~qwA?j~qwDl&#
0$51&p|,TBE":
https://<target-URL>?PD-VFHOST=<vouch-for-server>&PD-VF=<encrypted-token>
PD-VFHOST N}j64P0$51YwD~qw#SU(?j)~qw
9CKE"4!qb\0$51jG(PD-VF)h*D}7\?#
PD-VF N}m>S\D0$51jG#
}g:
https://w5.dB.com/index.html?PD-VFHOST=mas.dA.com&PD-VF=3qhe9fjkp...ge56wgb
mb0$51jG*K5Vgr%;"a,XkZ~qw.d+M;)C'm]E"#C
tPE"+9CX(r==4&m,b)X(r|,w* URL D;?V
xPS\Dm]E"#KS\D}]F*0$51jG#
¶ jG|,K0$51I&r'\4,"C'm](g{I&)"4
(jGD~qwD+^({F"gSgxm]M4(1d5#
¶ P'0$51jGDVP_I9CKjGZ~qwK("a0(M
>$/),x;Xw7O$AC~qw#
¶ KjGG9C2m}X DES \?S\D,Tc\i$df5T#
¶ /@wO;f"S\DjGE"#
¶ jG;+];N#SU=~qw9CKE"ZdT:D_Y:fP
9(C'>$#~qw+b)>$CZ,;a0PCC'+4Dk
s#
¶ jG_P;vP'Z(,1)5,|Z webseald.conf dCD~Ph
C#C5ITG#L(}k),TuYX49CDgU#
S\0$51jGWebSEAL Xk9C cdsso_key_gen 5CLrzID\?S\ECZ
jGPDO$}]#Xk(}kNkrPD?v WebSEAL ~qw2m
\?D~0,=1C\?#wrPD?vNk WebSEAL ~qw<h*
9C`,D\?#
118 f> 3.8
![Page 139: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/139.jpg)
":4(MV"\?D~";G Policy Director gSgx}LD;?V#
Xk+\?V$2+4F=NkD~qw#
KP cdsso_key_gen 5CLr1,C5CLr*sz8(\?D~D
;C(xT76{):
UNIX: # cdsso_key_gen <absolute-pathname>
Windows: MSDOS> cdsso_key_gen <absolute-pathname>
CZ#$jG(b)jGZ,;r(wrr6Lr)PD~qw.d"
M)D\?D;CGw* intra-domain-key N}D5dkD,CN};
Z webseald.conf dCD~D [e-community-sso] ZP#
[e-community-sso]intra-domain-key = <absolute-pathname>
\?D~D;CGZ [inter-domain-keys] ZPdkD,b)\?D~C
Z#$Z MAS M6LrPD~qw.d"MDjG# MAS ,;vr
PDd|~qw;h* inter-domain-keys#MAS G(;h*k6LrP
D~qw(ED~qw#
[inter-domain-keys]<domain-name> = <absolute-pathname><domain-name> = <absolute-pathname
dCgSgx> Z + X K g S g x5V y h D y P dCN}# b ) N}; Z
webseald.conf D~P#XkP8*gSgxPD?vNk~qwdCC
D~#
e-community-sso-auth
K N}t C r { C g S g x O$# | D5| (
0http1"0https1"0both1r0none1#}g:
[e-community-sso]e-community-sso-auth = both
50http1"0https1M0both18(gSgxNk=9CD(E`M#
50none1{C~qwDgSgx#1!hC*0none1#
119Tivoli SecureWay Policy Director WebSEAL \m8O
5.g
r"
ab
v=
8
![Page 140: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/140.jpg)
master-http-port
g{ e-community-sso-auth tC HTTP gSgxO$RwO$~q
wZ}j< HTTP KZ(KZ 80).bDKZOl} HTTP ks,r
h*9C master-http-port N}j6Gj<KZ#g{K~qwGwO
$~qw,rvTCN}#1!ivB,+{CCN}#
[e-community-sso]master-http-port = <port-number>
master-https-port
g{ e-community-sso-auth tC HTTPS gSgxO$RwO$~q
wZ}j< HTTP KZ(KZ 443).bDKZOl} HTTPS ks,
rh*9C master-http-port N}j6Gj<KZ#g{K~qwGw
O$~qw,rvTCN}#1!ivB,+{CCN}#
[e-community-sso]master-https-port = <port-number>
e-community-name
KN}j6yPNkrPyPNk~qwDgSgx3;{F#}g:
[e-community-sso]e-community-name = companyABC
e-community-name 5XkkNkgSgxDyPrPDyP WebSEAL
~qw<`,#
intra-domain-key
KN}j6CZS\Mb\jGD\?D~D;C,b)jGZ~qw
DrPxP;;#}g:
[e-community-sso]intra-domain-key = /abc/xyz/key.file
XkZ;v;C&zIK\?D~,;sV$("2+X)+CD~4
F=rPyPd| WebSEAL ~qwP8(D;C#
is-master-authn-server
120 f> 3.8
![Page 141: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/141.jpg)
KN}j6C~qwGq* MAS#|D5|,0yes1r0no1#}g:
[e-community-sso]is-master-authn-server = yes
IdC`v WebSEAL w*wO$~qwxPYw,;sECZ:X=
bws#ZK=8P,gSgxPDyPd| WebSEAL ~qw<+:
X=bw06p1* MAS#
master-authn-server
g{ is-master-authn-server N}hC*0no1,rXk!{"M"8
(KN}#KN}j6 MAS D+^(r{#}g:
[e-community-sso]master-authn-server = mas.dA.com
vf-token-lifetime
KN}hC0$51jGDP'Z,15(Tk*%;)#+TU cookie
OAGD4(1dliC5#1!5* 180 k#Xk<GNk~qw.
dD1S+n#}g:
[e-community-sso]vf-token-lifetime = 180
vf-url
KN}8(0$51URL#C5XkT}1\(/)*7#1!5*
/pkmsvouchfor#}g:
[e-community-sso]vf-url = /pkmsvouchfor
2I9C)9D URL:
vf-url = /ecommA/pkmsvouchfor
ec-cookie-lifetime
KN}8(gSgxr cookie DnsP'Z(TVS*%;)#1!5*
300 VS#}g:
121Tivoli SecureWay Policy Director WebSEAL \m8O
5.g
r"
ab
v=
8
![Page 142: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/142.jpg)
[e-community-sso]ec-cookie-lifetime = 300
Z?r\?
\?D~D;CZ [inter-domain-keys] ZP8(,S\Mb\ MAS M
6LrPDNk~qw.dDjGh*b)\?D~#Xk8(~qw
D+^(r{M\?D~;CDxT76{#
TB>}* MAS(r A)a)K\?D~,CZk=v6Lr(E:
[inter-domain-keys]dB.com = /abc/xyz/key.fileBdC.com = /abc/xyz/key.fileC
K>}P,key.fileB j6r A Mr B .d9CD\?D~#
key.fileC j6r A Mr C .d9CD\?D~#
?v6L~qw<+h*_8 MAS 9CD`&\?D~D1>#*k
MAS(r A);;jG,rr B PDyP~qw<h*P key.fileB D
1>#
[inter-domain-keys]dA.com = /efg/hij/key.fileB
*k MAS(r A);;jG,rr C PDyP~qw<h*P
key.fileC D1>#
[inter-domain-keys]dA.com = /efg/hij/key.fileC
dC CDSSO O$zF
gSgxdC*sztC cdsso O$zF#1ks~qwS|,Z0$
51jGPDm]E"9(C'>$1,h*KzF#cdsso dCN}
8(K3dO$E"D2`k2mb#
¶ Z UNIX O,a)ZC3d&\DD~GF* libcdssoauthn D2
mb#
¶ Z Windows O,a)ZC3d&\DD~GF* cdssoauthn D
DLL#
122 f> 3.8
![Page 143: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/143.jpg)
O$zF 2mb
Solaris AIX Windows HP-UX
cdsso libcdssoauthn.so libcdssoauthn.a cdssoauthn.dll libcdssoauthn.sl
IT(}Z webseald.conf dCD~D [authentication-mechanism]ZPx cdsso N}dkX(Z=(D2mbD~{F4dC CDSSO O
$zF#
}g:
Solaris:
[authentication-mechanisms]cdsso = libcdssoauthn.so
Windows:
[authentication-mechanisms]cdsso = cdssoauthn.dll
123Tivoli SecureWay Policy Director WebSEAL \m8O
5.g
r"
ab
v=
8
![Page 144: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/144.jpg)
124 f> 3.8
![Page 145: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/145.jpg)
WebSEAL *a
WebSEAL ~qwMsK~qw.dD,SFw WebSEAL *a,r*
a# WebSEAL *aG0K WebSEAL ~qwMsK&CLr~qw.
dD TCP/IP ,S#*aJm WebSEAL #$;ZsK~qwD Web J
4#
IC pdadmin |nP5CLrr Web Portal Manager 4( WebSEAL
*a#>BV[dC WebSEAL *aD\`!nDj8E"#
wbw}:
¶ Z1263D:WebSEAL *aEv;
¶ Z1283D:9C0pdadmin server task14(*a;
¶ Z1293D:dCy> WebSEAL *a;
¶ Z1323D:`%O$D SSL *a;
¶ Z1353D:4( TCP M SSL zm*a;
¶ Z1363D:(} SSL D WebSEAL A WebSEAL *a;
¶ Z1373D:=S*a!n;
¶ Z1533D:9C WebSEAL *aD<u"M:;
¶ Z1553D:ZZ}=~qwO9C query_contents;
6
125Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 146: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/146.jpg)
WebSEAL *aEv
IT4(TB WebSEAL *a`M:
¶ yZ TCP ,SD WebSEAL =sK~qwD*a
¶ yZ SSL ,SD WebSEAL =sK~qwD*a
¶ (} HTTP zm~qw"yZ TCP ,SD WebSEAL =sK~q
wD*a
¶ (} HTTPS zm~qw"yZ SSL ,SD WebSEAL =sK~q
wD*a
¶ yZ SSL ,SD WebSEAL = WebSEAL D*a
Z4(NN*a1,XkB&ZTB=vX"c:
1. v(Z WebSEAL TsUdPDN&*a(20)Web &CLr~
qw#
2. !q*a`M#
*a}]b;CMq=VZ WebSEAL *aE"f"Z XML q=D}]bD~P#*a}]
b?<D;CZ webseald.conf dCD~D [junction] ZP(e#C?
<`TZ WebSEAL ~qwy([server] ZPD server-root N}):
[junction]junction-db = jct
¶ ?v*a<ZxP .xml )9{D%@D~P(e#
¶ 9C pdadmin 5CLr4(M\m*aM!n#
¶ XML q=JmzV$4("`-"4FM8]*aD~#
&CV#HCJXF:**
1. 9C pdadmin 5CLrr Web Portal Manager 4( WebSEAL k
sK~qw.dD*a#
2. Z*acOECJ1D ACL _TTa)TsK~qwDV#HXF#
126 f> 3.8
![Page 147: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/147.jpg)
&C8#HCJXF:**
1. 9C pdadmin 5CLrr Web Portal Manager 4( WebSEAL k
sK~qw.dD*a#
WebSEAL ;\T/0i41MmbZ}=D~53#Xk9CF*
query_contents DXb&CLr(*Z}=TsUdD WebSEAL,
f_|eiZ}= Web Ud"(f WebSEAL Da9MZ]#
2. 4F query_contents Lr=Z}=~qw#
3. + ACL _T&C=3;TsUdPDJ1TsO#
4( WebSEAL *aD8<TB8<\aK*aD0fr1:
¶ IZw WebSEAL TsUdPDNNX=mS*a#
¶ IZ,;20c*a`v1>~qw#
20Z,;*acOD`v1>~qwXk*,;`M * TCP r
SSL#
¶ Z}=~qw(}*aLP ACL _T#
¶ *ac;&C%d>X WebSEAL ~qw Web UdPDNN?<#
}g,g{ WebSEAL Pq=* /path/... DJ4,;*C`,D /path
4(*ac#
¶ g{4TsK~qwD HTML 3f|,Lr(}g JavaScript r
applet),"RCLrxP=C?<Dk~qwPXD URL,r*a
c;&%dsK~qw Web UdPDNN?<#}g,g{4Ts
K~qwD3f|, URL q=* /path/... DLr,r;*4({*
/path D*ac#
WebSEAL ;'V HTTP 1.0 ;f*aWebSEAL ;'V HTTP 1.0 ;f*a#C^Fa0lT\wZM?pZ
sK*a~qwOD&CLr*"#
,S y'VD-i RFC }
0K(M'z= WebSEAL) HTTP/1.0 M HTTP/1.1 RFC2068
sK(WebSEAL A*a~q
w)
v HTTP/1.0 RFC1945
127Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 148: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/148.jpg)
":;P*0K,Sa) HTTP/1.00#V$n1'V#+G'V
HTTP/1.1 D HTTP VC,S#
WebSEAL *aD=SN<kNDZ83D:Kb WebSEAL *a;Tq! WebSEAL *aDEn
TEv#
XZ*a|n!nDj{E",kNDZ2093D:WebSEAL *aN
<;#
9C0pdadmin server task14(*aZ9C pdadmin 0,zXkw* sec_master \mC'G<=2+r#
}g:
UNIX:
# pdadminpdadmin> logindkC'j6:sec_masterdk\k:pdadmin>
Windows:
MSDOS> pdadminpdadmin> logindkC'j6:sec_masterdk\k:pdadmin>
*4( WebSEAL *a,k9C pdadmin server task |n:
pdadmin> server task <server-name> <task>
server-name N}G5Jzw{MC|n9CD Policy Director i~(H
g WebSEAL)Dj{mo=#
<policy-director-component>-<machine-name>
128 f> 3.8
![Page 149: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/149.jpg)
}g,g{zw{* cruz R Policy Director i~* WebSEAL,r
server-name *:
webseald-cruz
9C server list |ni$ server-name mo=:
pdadmin> server listwebseald-cruz
dCy> WebSEAL *aWebSEAL 'V WebSEAL MsK Web &CLr~qw.dDj<
TCP(HTTP)M2+ SSL(HTTPS)*a#
WebSEAL MsK~qw.dD*a;@5ZM'zM WebSEAL ~q
w.dD,S`M(0d2+6p)#
9C pdadmin 4(y> WebSEAL *ayhD?F|n!n|(:
¶ sK&CLr~qwDwz{(–h !n)
¶ *a`M:tcp"ssl"tcpproxy"sslproxy"local(–t !n)
¶ *ac(20c)
pdadmin> server task <server-name> create –t <type> –h<host-name> <jct-point>
}g:
pdadmin> server task webseald-cruz create -t tcp -h doc.tivoli.com /pubs
TCP `M*a(} TCP ,SD WebSEAL *aa)K*aDy>tT,+;a)(
}*aD2+(E#
129Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 150: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/150.jpg)
*4(2+ TCP *a"mSu<~qw,kx –t tcp !n9C create|n:
pdadmin> server task <server-name> create –t tcp –h <host-name>[–p <port>] <jct-point>
TCP *aD1!KZ5(g{;8()G 80#
SSL `M*aSSL *a&\M TCP *a\s,=S&\GS\yP WebSEAL Ms
K~qwdD(E#
SSL *aJm2+DK=K"/@w=&CLrBq;IT9C SSL #
$SM'z= WebSEAL MS WebSEAL =sK~qwD(E#9C
SSL *a1,sK~qwXktC HTTPS#
< 22. G2+ TCP(HTTP)*a
< 23. 2+ SSL(HTTPS)*a
130 f> 3.8
![Page 151: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/151.jpg)
*4(2+ SSL *a"mSu<~qw,kx –t ssl !n9C create|n:
pdadmin> server task <server-name> create –t ssl –h <host-name>[–p <port>] <jct-point>
SSL *aD1!KZ5(g{;8()G 443#
i$sK~qw$i
1M'zkssK~qwODJ41,WebSEAL w*2+~qw,+z
mM'z4Pks#SSL -i8(KZTsK~qwavks1,~qw
Xk(}~qwK$ia)m]$w#
1 WebSEAL SsK~qwSU=K$i1,|Xk(}+$ik$i
}]bPy CA $iPmTU4i$f5T#
Policy Director 9C SSL D IBM Global Security Kit(GSKit)5V#
Xk9C GSKit iKeyman 5CLr4mS CA Dy$i,C CA )p
K WebSEAL $i\?D~(pdsvr.kdb)DsK~qw$i#
XZ\m$i\?}]bDj{E",kN<Z2173D:9C iKeyman
\m$i;#
SSL *a>}
(} SSL D,;Z*ac /sales D*awz sales.dascom.com:
pdadmin> server task <server-name> create –t ssl –hsales.tivoli.com /sales
":ZO}P,–t ssl !nf(K1!KZ 443#
(} SSL D,;Z*ac /travel KZ 4443 D*awz travel_svr:
pdadmin> server task <server-name> create –t ssl –p 4443–h travel_svr /travel
131Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 152: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/152.jpg)
`%O$D SSL *aWebSEAL 'V(} SSL *aD WebSEAL ~qwMsK~qw.dD
`%O$(–t ssl r –t sslproxy)#TBEv\aK(} SSL D`%
O$'VD&\(+Z`&;CPv|n!n):
1. WebSEAL O$sK~qw(}#D SSL xL)
¶ WebSEAL i$4TsK~qwD~qw$i#kND:WebSEAL
i$sK~qw$i;#
¶ WebSEAL i$|,Z$iPD(P{F(DN)(–D)(I!,
+?RFv9CC!n)#kNDZ1333D:(P{F(DN)
%d;#
2. sK~qwO$ WebSEAL(=V=()
¶ sK~qwi$4T WebSEAL DM'z$i(–K)#kNDZ
1333D:9CM'z$iD WebSEAL O$;#
¶ sK~qwi$Zy>O$(BA)7PD WebSEAL m]E"
(–B"–U"–W)#kNDZ1343D:9C BA 7D WebSEAL
O$;#
XF(} SSL xP`%O$D|n!na)TB&\:
¶ I8(M'z$ir BA O$=(#
¶ IZ?v*ay!O&CO$=(#
Z1343D:&m(}*aDM'zm]E";PhvK+ –b !n(C
Z&m BA E")k(} SSL D`%O$`aODXb"bBn#
WebSEAL i$sK~qw$iWebSEAL y]j< SSL -ii$sK~qw$i#sK~qw+~q
w$i"M= WebSEAL#WebSEAL TUyO$PD(CA)$iD$(
ePmi$~qw$i#
WebSEAL 9CD\?}]bXk|,O$PD(CA)D$i,b)$i
9I&CLr~qw$i(S)p CA *<"|,y$i)DIE4#
132 f> 3.8
![Page 153: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/153.jpg)
I9C iKeyman &CLr44(M\my CA $iD}]b#kND
Z2173D:9C iKeyman \m$i;#
(P{F(DN)%dI(}(P{F(DN)%d4v?~qwKD$ii$#*tC~q
w DN %d,XkZ4(AC~qwD SSL *a18(sK~qw
DN#d; DN %dGI!DdC,+?RFvC(} SSL *aD`%
O$45VC&\#
Z~qwK$ii$Zd,|,Z$iPD DN +k*a(eD DN x
PHO#g{b=v DN ;%d,=sK~qwD,S+'\#
*tC~qw DN %d,Z9C –D “<DN>” !n4( SSL *a1,
k8(sK~qw DN#*K#VV{.PDUq,k+K DN V{.
C+}E}p4#}g:
–D “/C=US/O=Tivoli/OU=SecureWay/CN=Policy Director”
–D !n;JOk –K r –B !n;p9C#
9CM'z$iD WebSEAL O$
9C –K !nItC(}M'z$i=*aDsK~qwD WebSEAL
O$#
–K “<key-label>”
C=8Du~|(:
¶ hCsK~qwTks9CM'z$ii$ WebSEAL m]#
¶ dC WebSEAL(webseald.conf)Tc9CX(DM'z$i4O$
sK~qw(ssl-keyfile-label)#
¶ ,1?RFvdCCZ DN %dD*a(–D)#
–K 9CN}48(f"Z GSKit \?}]bPDyh$iD key-label#
9C i K e y m a n 5C L r I mSB$iA\ ?}] b #9C
webseald.conf dCD~PD ssl-keyfile-label N}IdC key-label#
Xk+ key-label N}C}E}p4#}g:
–K “cert1_Tiv”
133Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 154: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/154.jpg)
kNDZ373D:dC WebSEAL D\?}]bN};#
9C BA 7D WebSEAL O$
9C –B –U “<username>” –W “<password>” !n4tC(}y>
O$5VD WebSEAL O$#
–B –U “<username>” –W “<password>”
C=8Du~|(:
¶ hCsK~qwTks9C BA 7i$ WebSEAL m]#
¶ ;9C –b !ndC*a#(+ZZ?,–B !n9C –b filter#)
¶ dC WebSEAL *+ BA 7P}O$Dm]E""M=sK~qw#
¶ ?RFv,1dCCZ DN %dD*a(–D)#
Xk+C'{M\kC+}E}p4#}g:
–U “WS1” –W “abCde”
&m(}*aDM'zm]E"I+*ahC*Z BA 7P8(M'zm]E"#–b !nJm 4 vI
\DN}:filter"supply"ignore M gso#b)N}Dj8E"IZZ161
3D:dC%;"abv=8D BA 7;PiR#
–b !n+0lCZ`%O$D*ahC,Xk<G!nD}7iO#
9C –b supply
¶ (} BA 7D WebSEAL O$;JmkC!n,19C#C!n9
C BA 7TqC-<M'zC'{M0F*1\k#
¶ Jm(}M'z$iD WebSEAL O$kC!n,19C#
9C –b ignore
¶ (} BA 7D WebSEAL O$;JmkC!n,19C#C!n9
C BA 7TqC-<M'zC'{M\k#
¶ Jm(}M'z$iD WebSEAL O$kC!n,19C#
134 f> 3.8
![Page 155: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/155.jpg)
9C –b gso
¶ (} BA 7D WebSEAL O$;JmkC!n,19C#C!n9
C BA 7TqC GSO ~qwa)DC'{M\kE"#
¶ Jm(}M'z$iD WebSEAL O$kC!n,19C#
9C –b filter
¶ ZZ?,Z WebSEAL O$hC*9C BA 7E"1,+9C –bfilter !n#
WebSEAL BA 7+CZyPsLD HTTP Bq#TZsK~qw,
WebSEAL mV*yP1d<GG<D#
¶ Jm(}M'z$iD WebSEAL O$kC!n,19C#
¶ g{sK~qw*s(S/@w)qC5JDM'zm],I9C
C G I d ? H T T P _ I V _ U S E R " H T T P _ I V _ G R O U P M
HTTP_IV_CREDS#TZE>M!&CLr,k9CT&D"X(
Z Policy Director D HTTP 7:iv-user"iv-groups"iv-creds#
4( TCP M SSL zm*aI4( WebSEAL *a,C*aJm9C HTTP r HTTPS zm~qw
izxgXKa9D WebSEAL (E#IdCC*a,Tc+ksw*
j<D TCP (Er\#$D SSL (E4&m#
create |nD type !n*sTBN}.;,Tc("(}zm~qw
D"yZ TCP r SSL D*a:
¶ –t tcpproxy
¶ –t sslproxy
create M add |nh*TB!nMN}4j6zm~qwM?j Web
~qw:
–H <host-name> zm~qwD DNS wz{r IP X7#
–P <port> zm~qwD TCP KZ#
–h <host-name> ?j Web ~qwD DNS wz{r IP X7#
135Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 156: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/156.jpg)
–p <port> zm Web ~qwD TCP KZ#TZ TCP *a,
1!5* 80;TZ SSL *a,1!5* 443#
TCP zm*a>}(w*;Pdk):
pdadmin> server task <server-name> create –t tcpproxy–H clipper –P 8081 –h www.ibm.com –p 80 /ibm
SSL zm*a>}(w*;Pdk):
pdadmin> server task <server-name> create –t sslproxy–H clipper –P 8081 –h www.ibm.com –p 443 /ibm
(} SSL D WebSEAL A WebSEAL *aPolicy Director 'V0K WebSEAL ~qwMsK WebSEAL ~qw.
d(} SSL D*a#x –C !n9C create |nI(} SSL *a=
v WebSEAL ~qw"a)`%O$#
>}:
pdadmin> server task <server-name> create –t ssl –C –h serverA /jctA
`%O$"zZTB=V4,B:
< 24. zm*a>}
136 f> 3.8
![Page 157: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/157.jpg)
¶ SSL -iJmsK WebSEAL ~qw(}d~qw$ir0K
WebSEAL ~qwO$#
¶ –C !n9C0K WebSEAL ~qwIT+y>O$(BA)7PDm
]E""M=sK WebSEAL ~qw#
mb,–C !ntC –c !nD&\,C!nJm+X(Z Policy Director
DM'zm]Mi1JqE"ECZTsK WebSEAL ~qw*?DX
DksD HTTP 7P#7N}|( iv-user"iv-groups M iv-creds#kN
DZ1393D:Z HTTP 7Pa)M'zm](–c);#
TBu~&CZ WebSEAL A WebSEAL *a:
¶ C*a;JOZ –t ssl r –t sslproxy *a`M#
¶ WebSEAL ~qwXk2m+2 LDAP r DCE "am#|Jms
K WebSEAL ~qwO$0K WebSEAL ~qwDm]E"#
=S*a!nI9C=S!na)TB=S WebSEAL *a&\:
¶ Z1383D:?FB*a(–f);
¶ Z1393D:Z HTTP 7Pa)M'zm](–c);
¶ Z1403D:Z HTTP 7Pa)M'z IP X7(–r);
¶ Z1413D:+a0 Cookie "M=*aDE'x>~qw(–k);
¶ Z1423D:'V;xVs!4D URL(–i);
¶ Z1423D:&m4TE>MM'zK&CLrD URL(–j);
¶ Z1463D:9C*a3d&m`TZ~qwD URL;
¶ Z1473D:4,#fac'V(–s"–u);
¶ Z1483D:*4,#fac8(sK~qw UUID(–u);
¶ Z1523D:*a= Windows D~53(–w);
137Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 158: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/158.jpg)
?FB*a(–f)*?FB*a2GVP*a,Xk9C –f !n#
TB>}(~qw{F* websealA)5wKK}L:
1. G<= pdadmin:
# pdadminpdadmin> logindkC'j6:sec_masterdk\k:pdadmin>
2. 9C server task list |nT>yP10*ac:
pdadmin> server task websealA list/
3. 9C server task show |nT>*aDj8E":
pdadmin> server task websealA show /*ac:/`M:>X*a2^F:0 * 9C+V5*am^F:0 * 9C+V5n/D$wLr_L:0y?<:/opt/pdweb/www/docs
4. 4(BD>X*a4!z10*ac(h* -f !n4?F9CB*a
2GVP*a):
pdadmin> server task websealA create -t local -f -d /tmp/docs /QZ / 4(*a
5. PvB*a:
pdadmin> server task websealA list/
6. T>C*aDj8E":
pdadmin> server task websealA show /*ac:/`M:>X*a2^F:0 * 9C+V5*am^F:0 * 9C+V5n/D$wLr_L:0y?<:/tmp/docs
138 f> 3.8
![Page 159: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/159.jpg)
Z HTTP 7Pa)M'zm](–c)–c !nJm+X(Z Policy Director DM'zm]Mi1JqE"ek
T*aDZ}=~qw*?DXDksD HTTP 7#Policy Director
HTTP 7E"tC*aDZ}=~qwOD&CLr,T4PyZM'z
D Policy Director m]D"X(ZC'DYw#
HTTP 7E"XkIsK~qwd;*73d?q=,TcIsK~qw
OD~q9C#7E"G(}CB._(_)!zF[E(-)"ZV{
.D*<&mS0HTTP1d;* CGI 73d?q=D# HTTP 7D5
I*B73d?D5#
X(Z PD D HTTP7VN
CGI 73d?H= hv
iv-user = HTTP_IV_USER = M'zDL{r${#g{M'z4O$
(r4*),r1!5*04O$1#
iv-groups = HTTP_IV_GROUPS = M'zytDiDPm#I:EVtD}E
}p4Du?9I#
iv-creds = HTTP_IV_CREDS = zm Policy Director >$DQ`k;8w}
]a9#r6L~qwa)>$,byPd
c&CLrMIT9CZ( API wCZ(~
q#kN< Tivoli SecureWay Policy Director
Authorization ADK Developer Reference#
X(Z Policy Director D HTTP 7u?IZ CGI LrPw*73d?
HTTP_IV_USER"HTTP_IV_GROUPS M HTTP_IV_CREDS#XZd
|&CLrr\z7,kNDz7D5,TqCS HTTP ksi!7D
8<E"#
–c o(
–c !n8(K"MD)X(Z Policy Director D HTTP 7}]AsK
&CLr~qw#
–c <header-types>
header-types Td?|(:all"iv_user"iv_user_l"iv_groups M
iv_creds#
139Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 160: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/160.jpg)
N} hv
iv_user a)ZksD HTTP 7Pw* iv-user VNDC'{(L
q=)#
iv_user_l a)ZksD HTTP 7Pw* iv-user VNDC'j{ DN
($q=)#
iv_groups a)ZksD HTTP 7Pw* iv-groups VNDC'iP
m#
iv_creds a)ZksD HTTP 7Pw* iv-creds VNDC'>$E
"#
":9C iv-user r iv-user-l,+;*,19C|G#
–c all !n+yP}V`MDm]E"ek= HTTP 7P(ZKivB
9CL{Fq=(iv_user))#
":v9C:EVt`vN}#;*dkUq#
>}:
–c all
–c iv_creds
–c iv_user,iv_groups
–c iv_user_l,iv_groups,iv_creds
Z HTTP 7Pa)M'z IP X7(–r)–r !nJm+M'z IP X7E"ekT*aD&CLr~qw*?D
XDksD HTTP 7#Policy Director HTTP 7E"9C*aDZ}=
~qwOD&CLrIT4PyZK IP X7E"DYw#
HTTP 7E"XkIsK~qwd;*73d?q=,TcIsK~qw
OD~q9C#7E"G(}CB._(_)!zF[E(-)"ZV{
.D*<&mS0HTTP1d;* CGI 73d?q=D# HTTP 7D5
I*B73d?D5#
":IP X7D5";\Gm>4M'zDX7#IP X75Im>zm~
qwDX7rxgX7*;Lr(NAT)#
140 f> 3.8
![Page 161: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/161.jpg)
X(Z PD D HTTP7VN
CGI 73d?H= hv
iv-remote-address HTTP_IV_REMOTE_ADDRESS
M'zD IP X7#C5Im>zm~qwD
IP X7rxgX7*;Lr(NAT)#
–r !n8("M=sK&CLr~qwDdkksD IP X7#C!n
;PNNTd?#
+a0 Cookie "M=*aDE'x>~qw(–k)Web E'x>Ga);zc:DvT/J4M~qD~qw#–k !nJ
mz+ Policy Director a0 cookie(nuZM'zM WebSEAL .d(
"D)"M=sKE'x>~qw#?0ivB,C!nDfZG*K
1S'V WebSEAL M Plumtree Corporate Portal bv=8D/I#
1M'zSE'x>~qwksvKJ4Pm1,E'x>~qw(}
CJ;Zd|'V&CLr~qw(,1\ WebSEAL #$)DJ4,
49(KPm#a0 cookie JmE'x>~qwzmM'z^l%;"
a=b)&CLr~qw#
4( WebSEAL MsKE'x>~qw.dD*a1,k|, –k !n,
;xTd?#
E'x>~qwdCh*<GDu~:
¶ TZ(}C'{M\kDCJ,h*q=O$#k;*9Cy>O
$(BA)#
¶ X k + webseald.conf dCD~D [ s e s s i o n ] ZPD
ssl-id-sessions N}hC*0no1#TZ HTTPS (E,KhC?F
9Ca0 cookie(x;G SSL a0j6)4,$a04,#
¶ g{E'x>~qwG WebSEAL :/D0K~qw,ktCJO*
F`M cookie#JO*F cookie |,S\D>$E",CE"Jm
O$TZ&mksDNN4FD WebSEAL ~qw<*I&#
141Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 162: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/162.jpg)
'V;xVs!4D URL(–i)1!ivB,Policy Director Z&CCJXF1T URL xVs!4#9
C –i !nI8(Z&mT*aDsK~qwDks1,WebSEAL T
URL ;xVs!4#
1Z*aOhCC!n1,WebSEAL ZVv URL 1;xVs4M!4
V{#1!ivB,Web ~qwZ{xVs!4#
d;s?V HTTP ~qw'V+ URL (e*xVs!4D HTTP f
6,+G3) HTTP ~qwT URL ;xVs!4#
}g,Z;xVs!4D~qwO,TB=v URL:
http://server/sales/index.htm
http://server/SALES/index.HTM
I4w,;v URL#bVP*h*\m1T=v URL EC`,DCJ
XF(ACL)#
(}9C –i !n*aZ}=~qw,WebSEAL ;xV8rC~qwD
URL Ds!4#
&m4TE>MM'zK&CLrD URL(–j)>Zhv WebSEAL gN&mIE>zzD"=sK~qwJ4DxT
r`TZ~qwD4S#
¶ :JbD30;
¶ Z1443D:C*a cookie &m`TZ~qwD URL;
¶ Z1453D:CE>}K&mxT URL;
¶ Z1463D:9C*a3d&m`TZ~qwD URL;
JbD30
M'zCJ*aD Web ~qw1,5XE"ITGr%D HTML"M'
zK&CLr(!&CLr)rE>Da{# Web E>oT|(
Javascripts"VBscripts"ASP"JSP M ActiveX#
142 f> 3.8
![Page 163: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/163.jpg)
HTML zID3f"E>r!&CLrI\|,=CsK~qwrd|X
=Dd|J4D4S(URL)# URL mo=I9CTBq=T>:
¶ xT
¶ `T
¶ `TZ~qw
;P1 URL *`TDr|,j6C*aDE"1,5X=sK~qwD
4SEaI&# WebSEAL XkliwVwyzIE"P|,D URL,
"ZJ1D1ra)*am]E"#
C`Tq=mvD URL ;h* WebSEAL DYw#IZ-< URL ;
|,C*aDE",TxTr`TZ~qwq=mvD=sK~qwD
4S;aI&#b)4S+;}7XT>*4T>X WebSEAL ~qw
ODTsDks#
`T URL mo=>}(4S;1aI&):
abc.html ../abc.html
./abc.html sales/abc.html
xT URL mo=>}(4Sh**aE"):
http://www.tivoli.com/abc.html
`TZ~qwD URL mo=>}(4Sh**aE"):
/abc.html /accounts/abc.html
WebSEAL 9CBP=(&m/,zIDxTM`TZ~qwD URL:
¶ 2, HTML 4
IZ HTML G?D>DR]WVv,WebSEAL aZJ1D1r$
HT/+}7D*aE"ECZ URL O#kNDZ1533D:}K4
T*a~qwD2, HTML URL;#
¶ E>MM'zK&CLr4
143Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 164: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/164.jpg)
IZE>HO4S,9CZSsK~qw"M=M'zD}LP
WebSEAL ;\}KvdPDxTr`TZ~qwD URL mo=#
Xk+ WebSEAL dC*ZJ1D1ra)*aE"#
":DxyP Web E>DLr1*/,zID URL 9C`T4S(;
GxTr`TZ~qwD)#
C*a cookie &m`TZ~qwD URLZTB=8P,sK~qwODE>/,zI`TZ~qwD URL mo
=#Z+6k=zk"M=M'z1,WebSEAL ";Yw|#M'zO
* URL ;P}7mo,r*|;|,*aE"#
g{M'zksC4S8(DJ4,WebSEAL +;}7XYhC4S8
r>X3f#ZiRC3f'\s,|+rM'z5X0R;=1m
s#
–j !n*&m`TZ~qwD URL a)yZ cookie Dbv=8,C
URL I*a~qwOD Web E>zI"ZM'zOKP#
;co(:
pdadmin> server task <server-name> create ... –j ...
+*?vksrM'z"M*aj6{ cookie#C cookie |,TBd?
M5:
IV_JCT_<backend-server-name> = </junction-name>
< 25. E>zID;P}KD URL
144 f> 3.8
![Page 165: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/165.jpg)
1M'z9CC URL avks,WebSEAL +9C URL D-<q=x
P&m#^((;J41,WebSEAL "49C cookie a)D*aE"
XTCks#9C URL mo=PD}7*aE",II&(;J4#
B<{vK}K`TZ~qwD URL Dbv=8
WebSEAL *&m`TZ~qwD URL a)KI!qD";yZ cookie
Dbv=8#kNDZ1463D:9C*a3d&m`TZ~qwD
URL;#
CE>}K&mxT URLWebSEAL h*=SdCT&m(}*aD"/,zIXxT URL#
webseald.conf dCD~|,tCr{CxT URL }KDN}:
[script-filtering]script-filter = no
1!ivB+{CE>}K#*tCE>}K,khC:
script-filter = yes
":Xk9C –j !n44(=sK~qwD*a#+rM'z"M*a
j6{ cookie * d;E>}KzF";h*|#
script-filter zF#{xT URL *j<#="~qwrJ4q=:
http://server/resource
< 26. }K`TZ~qwD URL
145Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 166: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/166.jpg)
script-filter zF9C}7D*aE"zf4SD#=M~qw?V#
/junction-name/resource
Cbv=8h*=SD&m*z,"RaTT\zz:f0l#k+
script-filter N}D9C^Zh*xT URL }K'VD*a#
B<{vKb; URL }Kbv=8:
9C*a3d&m`TZ~qwD URL}yZ cookie Dbv=8b,Policy Director a)8C=8T}K`T
Z~qwD URL#IT4(M$n*a3dm,Cm+X(D?jJ4
3d=*a{F#
WebSEAL 9C*a3dmP|,D}]li`TZ~qwD URL PD
;CE"#g{ URL PD76E"%dmPDu?,WebSEAL +Ck
s8rkC;CX*D*a#
CmG{* jmt.conf D ASCII D>D~#webseald.conf dCD~D
[junction] ZP8(KCD~D;C:
jmt-map = lib/jmt.conf
< 27. }KxT URL
146 f> 3.8
![Page 167: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/167.jpg)
mP}]u?Dq=I*a{F"UqMJ4;C#=9I#2I9C
(d{moJ4;C#=#
Z*a3ddCD~DTB>}P,=vsK~qwZ /jctA M /jctB k
WebSEAL *a:
#jmt.conf#<junction-name> <resource-location-pattern>/jctA /documents/release-notes.html/jctA /travel/index.html/jctB /accounts/*/jctB /images/weather/*.jpg
-< jmt.conf 3dmG;vUD~#ZrD~mS}]s,Xk9C
jmt load |n00k1}],Tc WebSEAL q*BE"#
pdadmin> server task <server-name> jmt loadQI&0k JMT m#
TBu~&CZ*a3dmbv=8:
¶ Cbv=8;h* -j !nr*a cookie
¶ h*hC3dm"I2+\m1$n
¶ Cbv=8;&mxT URL 4(D4S
¶ J4;C#=Z>X Web UdM*aD Web &CLr~qwOX
kG(;D#
¶ g{ZD~PPj+`,D#=u?,r+;0k3dm#+
WebSEAL +LxKP#
¶ g{Z0k3dm1vm,r3dm+;IC#+ WebSEAL +Lx
KP#
¶ g{3dm*UrmDu?Pms,r+;0kC3dm#+
WebSEAL +LxKP#
¶ 0k3dm1"zDNNms+<B WebSEAL ~qwU>D~
(webseald.log)PDJCTu?#
4,#fac'V(–s"–u)s?V Web tCD&CLr*4TM'zD HTTP ksrP,$04
,1#C4,CZ,}g:
147Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 168: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/168.jpg)
¶ (} CGI LrzID}]u?q=VNzYC'xH
¶ 4P;5P}]bi/1,,$C'OBD
¶ ZZ_:o5&CLrP,$L7Pm,C'ITTI/@M!q
L74:r
I4FKPtC Web &CLrD~qw,Tc(}:XVda_T\#
1 WebSEAL ~qwa)=b)4FDsK~qwD*a1,|Xk#
$M'za0Z|,DyPks<;*"=}7D~qw,x;Gy]
:X=bfrZQ4FDsK~qwPV<#
1!ivB,Policy Director (}ZyPICD4F~qwOV<ks4
yb~qw:X# Policy Director 9C0nUP1c(#Cc(+?v
Bks8rVP,SnYD~qw#
create |n –s j>+2G:X=bfr"4(04,#fac1#C4
,#fac7#Z{va0Zd+M'zks*"=,;~qw#Z"
zu<M'zks1,WebSEAL MZ|,8(sK~qwD UUID D
M'z53OEC;v cookie#1M'zr,;J4avx;=Dks
1,C cookie D UUID E"+7#ks\G7I=,;vsK~qw#
–s !nJCZ`vsK~qwZ,;v*ac*a=%v0K WebSEAL
~qwD4v#k"b,;)+u<*a4(*4,#f,+9C;x
–s !nD add |n,+#`D1>sK~qw*a=,;v*ac#
g{C=8|,`v*a=,;vsK~qwD0K WebSEAL ~qw,
Xk9C –u !n}78(=?v0K WebSEAL ~qwDsK~qw
UUID#kND:*4,#fac8(sK~qw UUID(–u);#
*4,#fac8(sK~qw UUID(–u)Z4(=sK Web &CLr~qwDB*a1,WebSEAL (#zI(
;+Vj6{(Unique Universal Identifier,UUID)4j6sK~qw#
C UUID ZZ?9C,2C4,$4,#fac(create –s)#
148 f> 3.8
![Page 169: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/169.jpg)
Z"zu<M'zks1,WebSEAL MZ|,8(sK~qwD UUID
DM'z53OEC;v cookie#1M'zr,;J4avx;=Dks
1,C cookie D UUID E"7#ks\G(r=,;vsK~qw#
1`v0K WebSEAL ~qw*a=`vsK~qw1,4,#fac
D&m+dC|S4S#(#,0K WebSEAL ~qwMsK~qw.
dD?v*a*sK~qwzI;v(;D UUID#bb6E;vsK~
qwZ?v0K WebSEAL ~qwOP;,D UUID#
`v0K~qwh*:X=bzFZ=v~qw.dV<:X#}g,
IT9CX(D UUID (} WebSEAL ~qw 1 4("=sK~qw
Du<04,1#
;x,g{4T,;M'zDsLksI:X=bzF7I*(}
WebSEAL ~qw 2,C04,1;YfZ,}G WebSEAL ~qw 2
9C`,D UUID 4j6,;vsK~qw#(#;aGbViv#
–u !nJmr?v0K WebSEAL ~qwa)X(sK~qwD,;v
UUID#
w*>},<GP=v4FD0K WebSEAL ~qw,|G<_P==
vsK~qwD4,#fac#Z4( WebSEAL ~qw 1 MsK~q
w 2 .dD4,#fac1,+zI(;D UUID(UUID A)4j6
sK~qw 2#+GZ4( WebSEAL ~qw 2 MsK~qw 2 .d
< 28. 9CsK~qw UUID D4,#f*a
149Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 170: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/170.jpg)
D4,#fac1,+zI;,DB UUID(UUID B)4j6sK~q
w 2#
g{4TM'zDsLks7I(} WebSEAL ~qw 2,r(}
WebSEAL ~qw 1 ZM'zMsK~qw 2 .d("D04,1+'
\#
Z*a4(Zd,k&CTBxL48( UUID:
1. 4(S WebSEAL ~qw 1 =?vsK~qwD*a#
9C create –s M add#
2. PvZ0=h 11P*?vsK~qwzID UUID#
9C show#
3. 4(S WebSEAL ~qw 2 =?vsK~qwD*a"8(Z0=
h 21Pj6D UUID#
9C create –s –u M add –u#
B<P,WebSEAL-1 M WebSEAL-2 <+sK~qw 1 6p* UUID
1#WebSEAL-1 M WebSEAL-2 <+sK~qw 2 6p* UUID 2#
< 29. ;,D UUID
150 f> 3.8
![Page 171: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/171.jpg)
>}:
ZTB>}P,
¶ WebSEAL-1 F* WS1
¶ WebSEAL-2 F* WS2
¶ sK~qw 1 F* APP1
¶ sK~qw 2 F* APP2
pdadmin> server task webseald-WS1 create –t tcp –h APP1 –s /mntpdadmin> server task webseald-WS1 add –h APP2 /mntpdadmin> server task webseald-WS1 show /mnt
(b+T> UUID1 M UUID2)
pdadmin> server task webseald-WS2 create –t tcp –h APP1 –u <UUID1> –s /mntpdadmin> server task webseald-WS2 add –h APP2 –u <UUID2> /mnt
1M'zksK~qw 2 ("4,#fac1,|+SU=|, UUID
2 D cookie#TO>}7#M'z\G,S=sK~qw 2,x;\Ts
DksG(} WebSEAL-1 9G WebSEAL-2 7ID#
< 30. *4,#fac8(sK~qw UUID
151Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 172: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/172.jpg)
*a= Windows D~53(–w)WebSEAL TM'zKks4P2+Tli,b)ksGryZ URL P
8(DD~76PD*asK~qwavD#r* Win32 D~53a)
CJ$D~{D=V;,=(,Z2+TliPI\"z#02+DP
*#
Z;V=(7Oj{DD~{(abcdefghijkl.txt)#Z~V==9C
ID 8.3 D~{q=Ta)rsf]T(abcdef˜1.txt)#
Z Windows 73P4(*a1,+CJXF^(Z;vTsm>(,;
JmF}2+zFD0sE1GG#X*D#
–w !n;Jm 8.3 D~q=#C';\(}9CLD~{q=(8.3)
\b$D~{DT= ACL#~qwTZdkDNNLq=+D~{5X
0403 {C1ms#
Windows P,xPD~{0foo.1DD~+4wkD~{0foo1DD~G
;yD# –w !n+ZrsK~qw"Mks0,}% URL PDD~
{2fDc#ACL liGyZ;P2fcDD~{#
":Win32 ;xVs!4DJb(abcde.txt = AbCdE.txt)IT9C –i!nmv#kNDZ1423D:'V;xVs!4D URL(–i);#
>}:
Z Windows NT 4.0 O,9IT9CTB76CJD~ \Program
Files\Company Inc.\Release.Notes:
1. \program files\company inc.\release.notes
2. \program files\company inc\release.notes
3. \prograx1\companx2\releasx3.not
OfD>} 1 {vK –i !n(x;G –w)mvD0;xVs!41
D'{#
>} 2 {vK Windows NT gNvT2fD)9c#
152 f> 3.8
![Page 173: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/173.jpg)
>} 3 {vK Windows NT gN4(p{(*K DOS f]T)#Cp
{ZD~{P;|,Uq,"{O 8.3 q=#
–w !nBvK>} 2 M 3 P{vD1Z2+T)4# –w !n8>
ITvT2fc,"RZC*a~qwDks URL P;JmCJ|,(
KE(˜)DuLDD~{#
9C WebSEAL *aD<u"M:
¶ :Z,;*aO20`v~qw;
¶ :}K4T*a~qwD2, HTML URL;
¶ Z1543D:g}*a4PmI(Dl#;
¶ Z1553D:g}*aD$iO$;
Z,;*aO20`v~qwITZ,;*ac20`v1>~qw#ITZ,;cO20Nb`v
~qw#
20Z,;*acODyP~qwXk*1>(5q Web Ud),"R
Xk9C`,D-i * HTTP r HTTPS#;*Z,;*acO20;
,D~qw#
Sw Policy Director ~qw Web UdCJtZ*a~qwD3f#z
&CITCJb)3f(1;*y]mI(),"Rb)3f&CT>
;B#g{<{P3fR;=r|D,rb6E;P}74F3f#
kliCD5fZ,"R4F~qwD5wPDD5`,#
}K4T*a~qwD2, HTML URLv}KG)S*a~qwSUD MIME `MD0text/html12,D5#
WebSEAL I|D=v URL /:xTDM`TZ~qwD URL /#
¶ `TZ~qwD URL m>k*a~qwDD5y`XD URL ;
C,}g:
/dir/file.html
153Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 174: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/174.jpg)
|Db) URL I43*a~qwD*ac,}g:
/jct/dir/file.html
¶ xT URL m>k0wz1{r IP X70xgKZ`XD URL ;
C,}g:
http://servername[:port]/file.html,rhttps://servername[:port]/file.html
Iy]TBfr/|Db) URL:
1. g{ URL G HTTP,"Rwz/KZk TCP *aD~qw%d,
r+^D URL T43*ac,}g:
/jct/...
2. g{ URL G HTTPS,"Rwz/KZk SSL *aD~qw%d,
r+^D URL T43*ac,}g:
/jct/...
3. v}KZ iv.conf D~P(eDjG/tTTD URL#
4. (#+}K META jGT"Bks,}g:
5. g{ BASE j)|, HREF tT,rKj)+Sl&FAM'z#
}K(}*a~qwD URL DN};Z webseald.conf dCD~D
[filter-url] ;ZP#
[filter-url] ;Z|,K HTML jGPm,WebSEAL ~qw+}Kr^
Db)jGIw{S*a~qwq!DxT URL#
1!ivB+dC#C HTML jG#\m1I\h*mS|, URL D
=S HTML jG#
kNDZ1423D:&m4TE>MM'zK&CLrD URL(–j);#
g}*a4PmI(Dl#P) Policy Director mI(;\g}*a4P#}g,;\9C x mI
(XF CGI E>D4P,2;\9C l mI(4P?<Pm#}g,
<META HTTP-EQUIV=”Refresh” CONTENT=”5;URL=http://server/url”>
154 f> 3.8
![Page 175: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/175.jpg)
WebSEAL ;\<77(sK~qwOksDTsG CGI LrD~"/
,?<Pm9G#fD HTTP Ts#
g}*aCJTs,CGI LrM?<Pm;\(} r mI(xPXF#
g}*aD$iO$
201,WebSEAL G9CG1!bT$idCD#bT$i(}
webseald.conf dCD~D [ssl] ZPD webseal-cert-keyfile-label N
}8(*n/D~qwK$i#
g{*aDsK&CLr~qw*s WebSEAL 9CM'zKD$ij
6T:,rXkWH9C iKeyman 5CLr4("20MjEC$i#
;s,9C –K <key-label> !ndC*a#kNDZ1323D:`%O
$D SSL *a;
g{;P9C –K dC*a,r GSKit (}T/"M|,Z\?D~}
]bPD01!1$i,&m`%O$Dks#g{b;GyhDl
&,rXk7#\?D~}]b(pdsrv.kdb)P;PjG*01!1
(GE)D$i#
\a:
¶ 9CjE{Fj6yPh*D$i#
¶ ;*+\?D~}]bPDNN$ijG*01!1#
¶ 9C webseal-cert-keyfile-label N}XF WebSEAL ~qwKD$
il&#
¶ (} –K *a!nXF WebSEAL M'zKD$il&#
ZZ}=~qwO9C query_contentsg{#{9C Policy Director 2+~q#$Z}=&CLr Web Ud
DJ4,Xkr WebSEAL a)XZZ}= Web UdZ]DE"#
{* query_contents D CGI Lr+a)CE"# query_contents L
rQwZ}= Web UdZ]"r WebSEAL OD Web Portal Manager
a)CbfE"# WebSEAL 20LrTxCLr,+GXkV$XZ
155Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 176: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/176.jpg)
Z}=~qwO20#!vZZ}=~qwGyZ U N I X 9G
Windows,P;,DLrD~`MIC#
?Nzm*aD\#$TsUd?VZ0TsUd1\mfeO9*
1, W e b P o r t a l M a n a g e r D 0 T s Ud1 \ m w + T / K P
query_contents#H; Web Portal Manager *@XZZ}=&CLr
UdDZ],zITT>CE""TZOJDTs&C_T#e#
20 query_contents(#,20 query_contents HO]W#20|(S Policy Director ~
qw4F;vr=vD~=Z}=~qwT0`-dCD~#
TB Policy Director ?<|,KLr#e:
UNIX: <install-path>/www/lib/query_contents
Windows: <install-path>\www\lib\query_contents
?<Z]|(:
D~ hv
query_contents.exe CZ Win32 53Dw*I4PLr#&C20Z
Z}= Web ~qwD cgi-bin ?<B#
query_contents.sh CZ UNIX 53Dw*I4PLr#&C20ZZ
}= Web ~qwD cgi-bin ?<B#
query_contents.c 4zk#a)4zkG*Kzcr;zh*|D
query_contents DP*#s`}ivB,bG;
X*D#
query_contents.html HTML q=DozD~#
query_contents.cfg j> Web ~qwD5yD>}dCD~#
ZZ}= UNIX ~qwO20 query_contentsZTB?<PiR{* query_contents.sh DbGLrE>:
<install-path>/www/lib/query_contents
1. + query_contents.sh 4F=Z}= Web ~qwOpwCD
/cgi-bin ?<P#
156 f> 3.8
![Page 177: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/177.jpg)
2. }% .sh )9{#
3. * Web ~qwD\mJ'hC UNIX 4P;#
ZZ}= Win32 ~qwO20 query_contentsZTB?<P,(;{* query_contents.exe DI4PLrM{*
query_contents.cfg DdCD~:
Windows: <install-path>\www\lib\query_contents
1. k7#Z}= Web ~qw_P}7dCD CGI ?<#
2. *KbT?D,k7#Z}= Web ~qwODD5yPfZP'D
D5#
3. + query_contents.exe 4F=Z}= Web ~qwD CGI ?<P#
4. + query_contents.cfg 4F= Windows ?<#
K?<D1!5gBmy>:
Yw53 Windows ?<
Windows 95 c:\windows
Windows NT 3.5x c:\winnt35
Windows NT 4.x c:\winnt
5. `- query_contents.cfg D~T}78(Z}= Web ~qwDD
5y?<#
CD~|, Microsoft Internet Information Server M Netscape FastTrack
~qwD>}u?#ZKD~P,TVE(;)*<DPG"M,+
; query_contents LrvT#
bTdC
1. Z Win32 zwD MS-DOS a>{B,4gB==4P CGI ?<P
D query_contents Lr:
MSDOS> query_contents dirlist=/
&1vVkTBdv`FDZ]:
157Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 178: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/178.jpg)
100index.htmlcgi-bin//pics//
}V 100 Gm>I&D5X4,#nX*DGAY*4{}V 100 G
Z;v5("RI\G(;D;v)#
g{4{DGmsk,rCdCD~;Z}7D;Cr_;|,P
'DD5yu?#li query_contents.cfg D~DdC,"7#D
5yfZ#
2. Z/@wP,dkTB URL
http://<win32-machine-name>/cgi-bin/query_contents.exe?dirlist=/
C|n+5XkOv=h`,Da{#g{;5XCa{,r Web ~
qwD CGI dC;}7#kiD~qwDD5T|}CJb#
(F query_contentsquery_contents DNqG5X|,Z URL ksPD?<Z]#
}g,*qC~qw Web Udy?<DZ],/@w9CgB==Z
URL OKP query_contents:
http://third-party-server/cgi-bin/query_contents?dirlist=/
query_contents E>4PTBYw:
1. Aj< CGI 73d? $SERVER_SOFTWARE T7(~qw`M#
yZ Web ~qw`M,+d? $DOCROOTDIR hCIdMDD5
y;C#
2. SksD URL PA!73d? $QUERY_STRING,TqCksD
Yw"q!Ts76#
Yw5f"Zd? $OPERATION P,Ts76f"Z $OBJPATHP#ZO}P,$OPERATION * dirlist,$OBJPATH *0/1#
3. ZTs76O4P?<Pm(ls)"+a{dv=j<dv,Tc
Policy Director ~qw9C#m>S?<Du?_P=SD+1\
(//)#
158 f> 3.8
![Page 179: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/179.jpg)
dMDdvgB:
100index.htmlcgi-bin//pics//
}V 100 Gm>I&D5X4,#
(FD5y?<
UNIX:
*dC UNIX ~qwD query_contents.sh,I\h*^DD5y?<
DhC#
g{ query_contents 5Xms4,(;,Z 100 D}),"R;PD
~Pv,kliE>"ZX*1^D $DOCROOTDIR d?,T%d~
qwdC#
g{}78(KD5y?<+E>T;'\,I\G cgi-bin ;Cf6;
}7#li $FULLOBJPATH d?"^DVdx|D5,T43}7D
cgi-bin ;C#
Windows:
* (F W i n d o w s ~ q w D q u e r y _ c o n t e n t s . e x e, k ^ D
query_contents.cfg D~#
=S&\
query_contents Lr(query_contents.c)D4zkG9C Policy
Director V"D,|;h*Xm(#
IrCLrmS=S&\,T'V3)Z}= Web ~qwDXb&\#
b)&\|(:
1. ?<3d * +;ZD5yBDS?<3d= Web Ud#
2. ;yZD~53D Web UdDzI#
bI\Gw\}]bD Web ~qwDiv#
159Tivoli SecureWay Policy Director WebSEAL \m8O
6.W
ebS
EA
L*
a
![Page 180: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/180.jpg)
#$ query_contentsPolicy Director 9C query_contents CGI Lr4T> Web Portal
Manager P*aD Web ~qwTsUd##$CD~T@94Z(DC
'KPG\X*D#
XkhC2+T_T,vJm\m~qw(pdmgrd)m]_PCJ
query_contents LrD(^#TB>} ACL(query_contents_acl)zcKu~:
group ivmgrd-servers Tl
user sec_master dbxTrlcam
9C p d a d m i n 5C L r + K A C L =SA* a ~ q w O D
query_contents.sh(UNIX)r query_contents.exe(Windows)Ts#}g
(UNIX):
pdadmin> acl attach /WebSEAL/<host>/<junction-name>/query_contents.shquery_contents_acl
160 f> 3.8
![Page 181: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/181.jpg)
Web %;"abv=8
1 WebSEAL w*zm~qw5VTa)T2+rD#$1,(#*s
a)%;"aA Web J4Dbv=8#>BV[ WebSEAL zmdC
D Web UdD%;"abv=8#}g,|,XbdCD*a"+V"
aM LTPA#
wbw}:
¶ :dC%;"abv=8D BA 7;
¶ Z1673D:9C+V"a(GSO);
¶ Z1713D:%;"aA IBM WebSphere(LTPA);
dC%;"abv=8D BA 7>ZV[9C –b !n4((} WebSEAL *aD%;"adCDI\
bv=8#
¶ Z1623D:%;"a(SSO)En;
¶ Z1623D:Z BA 7Pa)M'zm];
¶ Z1633D:a)M'zm]M;c\k;
¶ Z1653D:*"-<M'z BA 7E";
¶ Z1663D:}%M'z BA 7E";
¶ Z1663D:S GSO a)C'{M\k;
7
161Tivoli SecureWay Policy Director WebSEAL \m8O
7.W
eb%
;"
ab
v=
8
![Page 182: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/182.jpg)
%;"a(SSO)EnZ\#$J4;ZsK Web &CLr~qwO1,I\a*sksCJ
4DM'z4P`NG< * ;NTZ WebSEAL ~qw,;NTZs
K~qw#?vG<I\h*;,DG<m]#
I9C%;"a(SSO)zFbv\mM,$`vG<m]DJb#%
;"abv=8JmC';9Cu<G<MITCJNN;CDJ4#
TNN4TsK~qwDx;=G<*sD&mTC'<G8wD#
Z BA 7Pa)M'zm]IdC WebSEAL *a,TrsK~qwa)-<r^DsDM'zm
]E"# –b !n/JmzZ HTTP y>O$(BA)7Pa)X(M'
zm]E"#
w*\m1,zXkVvxga9M2+hs,"7(TBJbDp
8:
1. sK~qwh*O$E"p?
(WebSEAL 9C HTTP y>O$7+oO$E"#)
2. g{sK~qwh*O$E",b)E"+SDy4?
(WebSEAL +Z HTTP 7PEC24E"?)
3. WebSEAL MsK~qw.dD,Sh*G2+Dp?
(G TCP 9G SSL *a?)
< 31. `vG<
162 f> 3.8
![Page 183: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/183.jpg)
ZxPM'zM WebSEAL .dDu<O$s,WebSEAL I("BD
y>O$7#ks+ZLx(}*a=sK~qwZd9CKB7#I
9C –b !n4f(CB7a)D)X(DO$E"#
a)M'zm]M;c\k–b supply
–b supply !n8> WebSEAL a)xP2,";c(0F*1)\k
DQO$ Policy Director C'{(M'zD-<m])#C=8;9C-
<M'z\k#
;c\kE}K\k\m"'VyZ?vC'D&CLr#0F*1\
kGZ webseald.conf dCD~D basicauth-dummy-passwd N}P
hCD#
[junction]basicauth-dummy-passwd = <password>
C=8Y(sK~qwh*4T Policy Director m]DO$#(}+M
'zC'3d=Q*D Policy Director C',WebSEAL \msK~q
wDO$"a)r%DrZ%;"abv=8#
Cbv=8PTBu~:
¶ dC WebSEAL *rsK~qwa)-<M'zksP|,DC'{
M;c(0F*1)\k#
< 32. rsK~qwa)O$E"
163Tivoli SecureWay Policy Director WebSEAL \m8O
7.W
eb%
;"
ab
v=
8
![Page 184: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/184.jpg)
¶ Z webseald.conf dCD~PdC0F*1\k#
¶ sK~qw"amXk6p HTTP BA 7Pa)D Policy Director m
]#
¶ r*(}*a+]tPDO$E"(C'{M\k),yT*aD
2+\X*#?RFv9C SSL *a#
^F
,;v Policy Director0F*1\k+CZyPks;yPC'ZsK~
qw"amP_P`,D\k#9C+C0F*1\k;P*&CLr
~qwa)y!,$w9CCC'{G<DM'z_PO(T#
g{M'z\G(} WebSEAL CJsK~qw,Cbv=8+;vV
NN2+Jb#;x,SomO#$sK~qwT\bd|DI\CJ
==G\X*D#
r*bV=8;P\k6D2+T,sK~qwXk~,XEN
WebSEAL Ti$M'zDO(T#
sK~qw"am2Xk6p Policy Director m]TS\|#
< 33. BA 7|,m]M0F*1\k
164 f> 3.8
![Page 185: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/185.jpg)
*"-<M'z BA 7E"–b ignore
–b ignore !n8> WebSEAL +-<M'zy>O$(BA)7;\I
EX1S"M=sK~qw#I+ WebSEAL dC*O$C BA M'z
E"rvTM'za)D BA 7,"+7;S^DX*"=sK~qw#
":b;Gf}D%;"azF,xGTZ}=~qw(T WebSEAL 8
wD)X1SG<#
Cbv=8PTBu~:
¶ sK~qw(} BA *sM'zm]E"
sK~qw+y>O$aJ"MXM'z#M'zTC'{M\k
E"l&,b)E"I WebSEAL ;S^DX+]#
¶ sK~qw,$M'zT:a)D\k
¶ dC WebSEAL *rsK~qwa)-<M'zksP|,DC'{
M\k#
¶ r*(}*a+]tPDO$E"(C'{M\k),yT*aD
2+\X*#?RFv9C SSL *a#
< 34. WebSEAL *"-<M'zm]E"
165Tivoli SecureWay Policy Director WebSEAL \m8O
7.W
eb%
;"
ab
v=
8
![Page 186: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/186.jpg)
}%M'z BA 7E"–b filter
–b filter !n8> WebSEAL Z+ks*"=sK~qw.0,}%y
P4TM'zksDy>O$7E"#Z>=8P,WebSEAL G%@D
2+T)&L#
Cbv=8PTBu~:
¶ ZM'zM WebSEAL .ddCy>O$
¶ sK~qw;h*y>O$
¶ ;\(} WebSEAL CJsK~qw
¶ WebSEAL zmsK~qw&mO$
g{zh*rsK~qwa)3)M'zE",ITiOC!nM –c !
nTc+ Policy Director M'zm]E"ek HTTP 7VN#kNDZ
1393D:Z HTTP 7Pa)M'zm](–c);#
S GSO a)C'{M\k–b gso
–b gso !n8> WebSEAL rsK~qwa)O$E"(C'{M\
k),b)E"S*&m+V"a(GSO)hCD~qwOqC#
< 35. }%M'z BA 7E"
166 f> 3.8
![Page 187: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/187.jpg)
Cbv=8PTBu~:
¶ sK~qw&CLrh*;,DC'{M\k,|G;P|,Z
WebSEAL "amP#
¶ T WebSEAL MsK~qw45,2+T\X*#
r*(}*a+]tPDO$E"(C'{M\k),yT*aD2+
\X*#?RFv9C SSL *a#
CzF+Z:9C+V"a(GSO);Pj{hv#
9C+V"a(GSO)
Policy Director 'VinD%;"abv=8,Cbv=8_PrsK
Web &CLr~qwa)8CC'{M\kD\&#
y]y9CDC'"am`M,P=V=('VM4P%;"abv=
8:
¶ xP DCE "amD2+r * 9C Tivoli Global Global
Sign-On(GSO)z7
¶ xP LDAP "amD2+r * LDAP ?<a)+V"a'V
+V"aZ(C'CJQZ(9CDFcJ4 * (}%;G<# GSO
G*ss5hFD,b)s5I;,V`DV<=Fc73D`v53
M&CLr9I,GSO E}KnUC'\m`vC'{M\kDh*#
/IGI4( WebSEAL MsK~qw.dD0GSO b61*a45V
D#XkWH9C Web Portal Manager 4( GSO J4M GSO J4i#
1 WebSEAL SU=T*a~qwODJ4Dks1,WebSEAL +r
GSO ~qw*s`&DO$E"# GSO ~qw|,K;v3d}]b
* TZ?vQ"aDC' * C}]b*X(J4M&CLra)8C
C'{M\k#
B<{vKgN9C GSO zFlwsK&CLrJ4DC'{M\k#
167Tivoli SecureWay Policy Director WebSEAL \m8O
7.W
eb%
;"
ab
v=
8
![Page 188: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/188.jpg)
1. M'zCCJsK~qwO&CLrJ4Dksr WebSEAL O$#
qC Policy Director m]#
":%;"axL@"Zu<O$=(#
2. WebSEAL + Policy Director m]"M= GSO r LDAP ~qw#
3. ~qw5XJOZC'MyksD&CLrJ4DC'{M\k#
4. WebSEAL ZksD HTTP y>O$7PekC'{M\kE",C
ks(}*a"M=sK~qw#
3dO$E"BfD>}{vK GSO gNr WebSEAL a)O$E"#g{C'
Michael kKP travel-app &CLrJ4(kN<<36),r WebSEAL
r GSO/LDAP ~qw*s Michael DO$E"#
< 36. +V"azF
168 f> 3.8
![Page 189: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/189.jpg)
GSO/LDAP IC3dJ4AX(DO$E"Dq=,$j{DO$E"
}]b#O$E"GC'{/\kDiO,F*J4>$#;\*Q"
aDC'4(J4>$#
~qw|, Michael D}]b,|+J4 travel-app 3d*X(DJ4
>$#
Bm{vK GSO J4>$}]bDa9:
Michael Paul
J4: t r ave l - app use rname=mike
password=123
J4:travel-app username=bundy
password=abc
J4:payroll-app username=powell
password=456
J4:payroll-app username=jensen
password=xyz
ZC}P,GSO r WebSEAL 5XC'{0mike1M\k01231#
WebSEAL Z9l(}*a"MAsK~qwDksDy>O$719C
CE"#
dCtC GSO D WebSEAL *aGSO 'VGZ WebSEAL MsK~qw.dD*aPdCD#
*4(tC GSO D*a,k9Cx –b gso !nD create |n#B
fD>}{vK create |nDo(:
create –t tcp –h <host-name> –b gso –T <resource> <jct-point>
BfPvhC GSO *aD!n:
!n hv
–b gso 8( GSO *(}C*aDyPksa)O$E"#
– T < r e s o u r c e /resource-group>
8( GSO J4r GSO J4i#J4{CwC!nD
N},Xkk GSO }]bPPvDJ4{F+7%
d#gso *aPK*s#
Z4(*a1,(}=S&C –t ssl !n,I#$(} SSL D"Z
WebSEAL/GSO bv=8P9CD*a#
169Tivoli SecureWay Policy Director WebSEAL \m8O
7.W
eb%
;"
ab
v=
8
![Page 190: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/190.jpg)
FvTZ GSO \G9C SSL *a47#>$MyP}]DS\#
tC GSO D WebSEAL *aD>}
+wz:sales_svr OD&CLrJ4:travel-app *a=*ac
/sales:
create –t tcp –b gso –T travel-app –h sales_svr /sales
+wz:adm_svr OD&CLrJ4:payroll-app *a=*ac
/admin "9C SSL #$C*a:
create –t ssl –b gso –T payroll-app –h adm_svr /admin
":ZO}P,–t ssl !nf(K1!KZ 443#
dC GSO _Y:f+V"a(GSO)_Y:f&\JmzZ_:X73PDF GSO *aD
T\#1!ivB,{C GSO _Y:f#g{;P_Y:fDv?,r
TZ GSO ?jE"(GSO C'{M GSO \k)D?Nlw,<h*
wC LDAP ~qw#
dC GSO _Y:fDN};Z webseald.conf dCD~D [gso-cache]ZP#XkWHtC_Y:f##`DN}CZdC?v_Y:fu?
D_Y:fs!M,15#O$DP'ZMGn/,15IDFT\,
+avSE")6Z WebSEAL ZfPDgU#g{zDxgbv=8
P49C GSO *a,r;*tC GSO _Y:f#
N} hv
gso-cache-enabled tCM{C GSO _Y:f&\#5|(
0yes1M0no1#1!5*0no1#
gso-cache-size hC_Y:f"PmJmDnsu?}#
hCK5T9|S|"PC'a0((}
GSO *aCJ&CLr)De5}#O_D
5a9C|`Zf,+a5VOlDE"
CJ#?v_Y:fu?+{Ds< 50 V
Z#
170 f> 3.8
![Page 191: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/191.jpg)
N} hv
gso-cache-entry-lifetime Nb_Y:fu?IT#tZ_Y:fP
Dn`1d(TkF),;<GGqn
/#_Y:fu?=Zs,,;C'DB
;ksh*T LDAP ~qwxPBDwC#
gso-cache-entry-idle-timeout Gn/_Y:fu?IT#tZ_Y:f
PDn`1d(TkF)#
%;"aA IBM WebSphere(LTPA)
Policy Director WebSEAL ITT IBM WebSphere 73a)O$MZ(
~qT0#$#+ WebSEAL (;* WebSphere D#$0K1,CJM
'z+fY=v1ZDG<c#rx,WebSEAL 'V(} WebSEAL *
aA;vr`v IBM WebSphere ~qwD%;"abv=8#
WebSphere a)yZ cookie Da?6Z}=O$zF(LTPA)#ITd
C WebSEAL *a'V LTPA "*M'za)%;"abv=8#
1C'ks WebSphere J41,C'XkWHO$A WebSEAL,I&
O$s,WebSEAL +zIzmC'D LTPA cookie#w* WebSphere
DO$jG~qD LTPA cookie |,m]M\kE"#KE"9C
WebSEAL M WebSphere .d2mD\\k#$D\?S\#
WebSEAL ZksD HTTP 7Pek cookie,Cks(}*a"MA
WebSphere#sK WebSphere ~qwSUks"b\ cookie "yZ
cookie Pa)Dm]E"O$C'#
*DFT\,WebSEAL ITZ_Y:fPf" LTPA cookie "IZ,
;C'a0Zd*sLks9C-_Y:fD LTPA cookie#IT*_Y
:fD cookie dCP'Z,1MUP(Gn/),15#
dC LTPA *a(} LTPA cookie %;"aA WebSphere h*TBdCn:
1. tC LTPA zF#
2. a)CZS\m]E"D\?D~D;C#
171Tivoli SecureWay Policy Director WebSEAL \m8O
7.W
eb%
;"
ab
v=
8
![Page 192: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/192.jpg)
3. a)K\?D~D\k#
b}vdChsZ*a create |nD}v=S!nP8(#
¶ –A !ntC*a'V LPTA cookie#
¶ –F <“keyfile”> !nMTd?8(CZS\|,Z cookie PDm]
E"D\?D~D+76{F;C(Z WebSEAL ~qwO)#2m
\?nuZ WebSphere ~qwO4("2+X4FA WebSEAL ~
qw#XZKNqDj8E",kN<`&D WebSphere D5#
¶ –Z <“keyfile-password”> 8(r*\?D~yhD\k#
\kZ*a XML D~Pw*S\DD>vV#
4( WebSEAL MsK WebSphere ~qw.dD*a1,9Cb)!n
T0d|XhD*a!n#}g:
create ... -A -F “/abc/xyz/key.file” -Z “abcdefg” ...
dC LTPA _Y:f4("S\Mb\ LTPA cookie ax4&m*z#LTPA _Y:f&\
JmzDF_:X73B LTPA *aDT\#1!ivB,tC LTPA
_Y:f#g{;P_Y:fT53&\Dv?,r+4(BD LTPA
cookie "*?vsLC'ksS\#
dC LTPA _Y:fDN};Z webseald.conf dCD~D
[ltpa-cache] ZP#N}CZ8(_Y:fs!M_Y:fu?D,1
5#O$DP'ZMGn/,15IDFT\,+avSE")6Z
WebSEAL ZfPDgU#
N} hv
ltpa-cache-enabled tCM{C LTPA _Y:f&\#5|(
0yes1M0no1#1!5*0no1#
ltpa-cache-size hC_Y:f"PmJmDnsu?}#
hCK5T9|S|"PC'a0((}
LTPA *aCJ&CLr)De5}#O_
D5a9C|`Zf,+a5VOlDE
"CJ#?v_Y:fu?+{Ds< 50
VZ#1!5* 4096 vu?#
172 f> 3.8
![Page 193: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/193.jpg)
N} hv
ltpa-cache-entry-lifetime Nb_Y:fu?IT#tZ_Y:fP
Dn`1d(TkF),;<GGqn
/#_Y:fu?=Zs,,;C'DB
;ksh*4(B LDAP cookie#1!5*
3600 k#
ltpa-cache-entry-idle-timeout Gn/_Y:fu?IT#tZ_Y:f
PDn`1d(TkF)#1!5* 600
k#
LTPA %;"aD<u"M:
¶ \?D~|,XZX( WebSphere ~qwDE"#;v LTPA *a
X(Z;v WebSphere ~qw#g{+`v~qwmS=,;v*
ac,ryPD~qw<+2m,;v\?D~#
¶ *K9%;"aI&,WebSEAL M WebSphere ~qwXkT3V=
=2m,;"amE"#
¶ WebSphere ~qw:phC LTPA M4(2m\?#WebSEAL N
kf0*aM_Y:fdC#
173Tivoli SecureWay Policy Director WebSEAL \m8O
7.W
eb%
;"
ab
v=
8
![Page 194: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/194.jpg)
174 f> 3.8
![Page 195: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/195.jpg)
&CLr/I
WebSEAL (}73d?M/, URL \&'VZ}=&CLr/I#
WebSEAL )973d?M HTTP 7D6',tCZ}=&CLr"y
ZM'zm]4PYw#mb,WebSEAL ITa)T/, URL(}g
G)|,i/D>D URL)DCJXF#
wbw}:
¶ :'V CGI `L;
¶ Z1773D:'VsK~qwK&CLr;
¶ Z1783D:tC/,LqJq;
¶ Z1813D:9((FvT/~q;
¶ Z1833D:a)T/, URL DCJXF;
¶ Z1903D:/, URL >}:Travel Kingdom;
'V CGI `L*K'V CGI `L,WebSEAL Zj<D CGI d?/PmSK 3 v=
S73d?#b)73d?ITIG)Z>X WebSEAL ~qwr*a
DsK~qwOKPD CGI &CLr9C#b)d?r CGI &CLr
a)X(Z Policy Director DC'"iM>$E"#
Z>X WebSEAL ~qwO,b)73d?IT/CZ CGI Lr#
8
175Tivoli SecureWay Policy Director WebSEAL \m8O
8.&
CL
r/
I
![Page 196: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/196.jpg)
IZ*aDZ}=~qwOKPD CGI &CLr9CD73d?GIS
WebSEAL +]=~qwD HTTP 7E"zzD#Xk9C –c !n4
4('V HTTP ksDX(Z Policy Director 7E"D*a,b) HTTP
ks+*+M=sK~qw#
m{Z1393D:Z HTTP 7Pa)M'zm](–c);#
d|X(Z Policy Director D73d?:
CGI 73d? hv
HTTP_IV_USER ks_D Policy Director C'JE{F#
HTTP_IV_GROUPS ks_ytD Policy Director i#8(*T:EV
tDiPm * ?i<(T+}E#
HTTP_IV_CREDS `kD;8w}]a9,m> Policy Director >
$#r6L~qwa)>$,byPdc&CLr
MIT9CZ( API wCZ(~q#kN< Policy
Director ADK Developer Reference#
>X WebSEAL ~qwOD REMOTE_USER d?:
Z\ WebSEAL XFD>X~qw73P,OfyPD HTTP_IV_USERd?D5Gw*j< REMOTE_USER d?D5a)D#k"b
REMOTE_USER d?I\ZKPZ*asK~qwOD CGI &CLr
73P2fZ#+ZbVivB,d5;\ WebSEAL XF#
CGI 73d? hv
REMOTE_USER |,k HTTP_IV_USER VN`,D5#
Windows:'V WIN32 73d?>Zv&CZ>X*a#
Windows ";T/X9dyP5373d?ICZg CGI &CLr.`
DxL#dMivB,*sD5373d?GfZD#
176 f> 3.8
![Page 197: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/197.jpg)
+G,g{ CGI 73P;fZNN*sD Windows 5373d?,r
IT(} webseald.conf dCD~w7X9|GICZ CGI Lr#(k
"b0;ZPa=D Policy Director 73d?ZyP=(P<T/I
C)#
+yPh*D Windows 5373d?mS= webseald.conf dCD~
D [cgi-environment-variables] ZP#9CTBq=:
ENV = <variable-name>
}g:
[cgi-environment-variables]#ENV = SystemDriveENV = SystemRootENV = PATHENV = LANGENV = LC_ALLENV = LC_CTYPEENV = LC_MESSAGESENV = LOCPATHENV = NLSPATH
CGI 73+LPyP4"MP#
'VsK~qwK&CLrWebSEAL 9a)TI4PzkD'V,Czkw*sK Web ~qwD
6k=i~KP#b`~qwKI4PzkD>}|(:
¶ Java !~qLr
¶ CZ Oracle Web l}wDP
¶ ~qwKe~
9C –c !n4(AsK~qwD*a1, WebSEAL +X(Z Policy
Director DM'zm]Mi1JqE"ekTC~qw*?DXDksD
HTTP 7#
X(Z Policy Director D HTTP 7E"9C*aDZ}=~qwOD&
CLrITyZM'zD Policy Director m]4PX(ZC'DYw#
177Tivoli SecureWay Policy Director WebSEAL \m8O
8.&
CL
r/
I
![Page 198: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/198.jpg)
WebSEAL a)TBX(Z Policy Director D HTTP 7:
X(Z PD D
HTTP 7VN
hv
iv-user = M'zDL{r${#g{M'z4O$(r4*),
r1!5*04O$1#
iv-groups = M'zytDiDPm#T:EVtD,}E}p4D
iPm8(#
iv-creds = `kD;8w}]a9,m> Policy Director >$#r6
L~qwa)>$,byPdc&CLrMIT9CZ
( API wCZ(~q#kN< Tivoli SecureWay Policy
Director Authorization ADK Developer Reference#
b) HTTP 7Iw*73d? HTTP_IV_USER"HTTP_IV_GROUPSM HTTP_IV_CREDS CZ CGI &CLr#TZd|G CGI &CLr
r\,*q!XZS HTTP ksi!7D8>E",kND`XDz7
D5#
m{Z1393D:Z HTTP 7Pa)M'zm](–c);#
tC/,LqJqLqs50doi(#h*2m+2Jq,ngoi}](ZLR=L
RX5P)rM'}](ZLR=M'X5P)#
¶ ;cJqGhva)~qD&CLryhE"DtT#K`tTD
>}|(M'J'E"MM'J%}]#
¶ 2+TJqGa)J4ksZ(P9CD8#Hu~DtT#K`
u~D>}|(C'5qG+"CJXF<xM(e3Woi-(
D5qfr#
(}grO$~q(CDAS)D)9,Policy Director a)KinDzF,
JmzZO$1T)9DjG/5tT+JqE"|,=C'>$P#
&CLrI1S9CZ( API S>$Pi!K}]#XZ5VK CDAS
)9Dx;=E",kN<6Tivoli Policy Director WebSEAL *"_N
<s+7#
178 f> 3.8
![Page 199: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/199.jpg)
S LDAP }]4(LqJqWebSEAL a)KX(DZCJqzF,Jmz+C'(eD9d LDAP
E"w*)9tTek=C'>$P#;sb)tTIEk+(}*a
"M=sK&CLr~qwDksD HTTP 7P#
¶ 4TC' LDAP "amJ'NNVNDIC'(eD9d}]+w*
C' Policy Director >$D)9tTmS#
¶ WebSEAL ;dC*S>$Pi!K}],"+}]Ek+(}
WebSEAL *a"M=sK~qwDksD HTTP 7P#
¶ sK&CLrIS7Pi!}],x;h*(EzkrZ( API#
+9dD LDAP E"ek= HTTP 7PD WebSEAL dC|,=v=
h:
1. ZG<1,S LDAP "amlw9d}]"+C}]ek=C'>$
P#
2. yZT*ahCDX(u~,S>$Pi!`&D}],"+|e
k(}*a"MDksD HTTP 7P#
+9d LDAP }]ek=>$P
P=V=(+9d LDAP C'}]Ek>$P:
1. Z pd.conf dCD~D [ldap-ext-cred-tags] ZP4(u?,b)
u?+X( LDAP }]3d=>$PDVN#
K=(+Z>ZPhv#
2. `4(F CDAS #i,C#i+C'(eDNN}]3d=>$PD
VN#
XZ5VK CDAS )9DE",kND6Tivoli Policy Director
WebSEAL *"_N<s+7#
zIT9C pd.conf dCD~D [ldap-ext-cred-tags] Z,+4T
LDAPinetOrgPerson Ts`DX(}]3d=C'>$PC'(eDtT
VN#CZPDN}_PTBq=:
<custom-credential-field> = <inetOrgPerson-field>
179Tivoli SecureWay Policy Director WebSEAL \m8O
8.&
CL
r/
I
![Page 200: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/200.jpg)
Z>$TmP,pd.conf dCD~P(eD?v custom-credential-field N
}D{F<TLo0tagvalue_1*0:#b;0:@9k>$PDd|
VPE"De;#}g:
4T inetOrgPerson Ts`D LDAP C'
}]:employeeNumber:09876
(F>$VN{: ldap-employee-number
[ldap-ext-cred-tags] ZPDN}u?:
ldap-employee-number = employeeNumber
C'>$PfEDu?M5:
tagvalue_ldap-employee-number:09876
¶ C&\*sC'(} LDAP C'{M\kxPO$#XktC
passwd-ldap O$zF#`k libldapauthn(ldapauthn)2mb,
TcZ pd.conf dCD~D [ldap-ext-cred-tags] ZPi4C'(
eD9d>$E"#
¶ LDAP }]I4T inetOrgPerson Ts`PDj<r(FVN#
¶ IZ [ldap-ext-cred-tags] ZPEk`vu?#
¶ ZDu?P8(DyPtT<+ZC'G<1Ek>$#
¶ LDAP tT{F;xVs!4#
¶ >$VN{FxVs!4#
+>$}]ek= HTTP 7P
Z0;BZP4(DC'(eD>$E"IEk(}*a"M=sK~
qwDksD HTTP 7P#KWN|,=vNq:
1. dC*aJmX(D9d>$}]#(}hC WebSEAL #$DTs
UdP*aTsDJ1)9tT,IjIKNq#
2. S>$Pi!`&D9dE","+}]ekksD HTTP 7P#
I(}9C*aTsD)9tT,4XFX(*a*sD>$}]Di
!#)9tTD{F* HTTP-Tag-Value#K)9tT9CTBq=:
<custom-credential-field>=<http-header-field>
180 f> 3.8
![Page 201: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/201.jpg)
custom-credential-field N}DvVk|Z pd.conf dCD~D
[ldap-ext-cred-tags] Zj+`,#;|,0tagvalue_10:#KN}
GxVs!4D#http-header-field N}8(KCZf"}]D HTTP 7
D{F#}g:
*aTsOD HTTP-Tag-Value )9t
T:
ldap-employee-number=employee-id
C'>$PR=Du?M5:
tagvalue_ldap-employee-number:09876
HTTP 7PfEDu?M5: employee-id:09876
1 WebSEAL +C'ks+]=sK&CLr~qw1,|+iRZ*
aTsOdCDNN HTTP-Tag-Value )9tT#
I9C pdadmin object modify set attribute |nT)9tTdC*
a:
pdadmin> object modify <obj-name> set attribute <attr-name> <attr-value>
}g:
pdadmin> object modify /WebSEAL/WS1/junctionA set attributeHTTP-Tag-Value ldap-employee-number=employee-id
I(}9C`v pdadmin object modify set attribute |n8(`v
HTTP-Tag-Value )9tT(?v|n8(;vtT),+`vC'tT
}]+]=*aD~qw#
9((FvT/~qWeb E'x>rt/3fG/ID Web >c~q,|G+/,XzI
TX(C'ICD Web J4(FPm#b)J4I|,2,Z]"'V
~qM'0$_#E'x>dvm>yZXbC'CJmI(DJ4D
vT/Pm#t/3fvT>C'_P}7CJmI(DG)J4#
I9C WebSEAL dC!nMZ( API Jq~qZ Policy Director 7
3P9((FE'x>bv=8#
181Tivoli SecureWay Policy Director WebSEAL \m8O
8.&
CL
r/
I
![Page 202: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/202.jpg)
9((F WebSEAL E'x>~qDxLw|,TBwn:
1. 4(\#$TsUdDX(xr,T(;E'x>J4Ts/#
2. +`&DT= ACL =S=?vJ4Ts#
3. `- WebSEAL dCD~,+ URL |,=E'x>~q"|,E'
x>J4DTsUd76MC'CJb)J4yhDmI(;#
4. TZ?vTE'x> URL DC'ks,WebSEAL 9C(^Jq~
q4QwKTsUd,"zIzcCC'Z(u~DJ4Pm#
5. WebSEAL +KE"EZ+"M=sK(*aD)E'x>~qwD
PD_PORTAL HTTP 7P#
6. ;ZsK~qwOD(FE'x>~q(}g CGI r!~qLr)A
! PD_PORTAL 7Z],"(}g)3db)Z]=+Z Web 3f
O*C'T>DhvM URL 4S#KE"m>yZCJXFmI(
TC'ICJ4DvT/Pm#
*vT/~qdC WebSEAL1. 4(=vT/~qDB WebSEAL *a#}g:
pdadmin> server task <server-name> create -t tcp-h portalhost.abc.com /portal-jct
2. `- webseald.conf dCD~,mSBD [portal-map] Z:
[portal-map]
3. CZPDu?j6E'x>~qLrD~qw`X URL M*ICD
\#$E'x>J4QwDTsUd,.szfDGCJyhDm
I(#bGEZ PD_PORTAL 7PDPm#
[portal-map]<URL> = <object-space-region>:<permission>
":Qw}LPv!q_PT=hC ACL(|,CC'mI(D%
d)DJ4Ts#
4. mSZM`&D3du?s,XkXBt/ WebSEAL(webseald)#
182 f> 3.8
![Page 203: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/203.jpg)
vT/~q>}
¶ 4(AE'x>~qwD*a:
pdadmin> server task webseald-WS1 -t ssl -h PORTAL1 /portal
¶ (e WebSEAL \#$TsUdDxr,KUd|,TvT/~qI
CDJ4:
pdadmin> objectspace create /Resources“Portal Object Hierarchy” 10pdadmin> object create /Resources/Content ““ 10ispolicyattachable yespdadmin> object create /Resources/Support ““ 10ispolicyattachable yespdadmin> object create /Resources/Content/CGI ““ 11ispolicyattachable yespdadmin> object create /Resources/Support/Servlet ““ 11ispolicyattachable yes
":TZ?vJ4,0 ispol icyat tachable1Td?XkhC*
0yes1#QwzFv!q_PT=hC ACL D^(J4Ts#
¶ WebSEAL dC(webseald.conf):
[portal-map]/portal/servlet/PortalServlet = /Resources:r
¶ C'9CDE'x> URL:
https://WS1/portal/servlet/PortalServlet
a)T/, URL DCJXF
10 Web 733hC'TlY|DE"D"4CJ(#m` Web &C
LrZl&?vC'ks1/,XzI3;J4(;w(URL)#b)
/, URL I\;fZ\L1d#!\|G_PY1T,/, URL T;
h*?#$,T@9;k*D9CMCJ#
/, URL i~3)4SD Web &CLr$_9Cj< web /@w(} Web ~qw
D CGI SZk&CLr~qw(E#
yPb)$_<9C/, URL M~XDm%*XZksDYw(xPd
N}5)M&CLr~qw.d(E#/, URL 9CXZX(Yw0d
183Tivoli SecureWay Policy Director WebSEAL \m8O
8.&
CL
r/
I
![Page 204: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/204.jpg)
N}5DE")dj< URL X7# URL Di/V{.?V* Web &
CLrSZa)Yw"N}M5#
+ ACL Ts3dA/, URLWebSEAL 9C\#$TsUd#MM_T#e(ACL)#$/,zID
URL,}gG)I}]bkszID URL#w*Z(xLDZ;=,?
v WebSEAL Dks<+bv*X(DTs#JCZTsD ACL f(
K3d=CTsDNN/, URL yhD#$#
r*/, URL vY1fZ,$dCDZ(_T}]bP;I\P|GD
u?#Policy Director (}a);V+m`/, URL 3d=%;2,\
#$TsDzFbvb;Jb#
STs=#=D3d#fZ?D>D~P:
/opt/PolicyDirector/www/lib/dynurl.conf
CD~D;C(`TZ~qwy?<)I webseald.conf dCD~D
[server] ZPD dynurl-map N}(e:
[server]dynurl-map = lib/dynurl.conf
Xk4(KD~;1!ivB,CD~;fZ#CD~(xPu?)D
fZtC/, URL T\#
< 37. (} URL +}]+]= CGI xX
184 f> 3.8
![Page 205: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/205.jpg)
`-KD~I^Db)3d#D~Pu?Dq=G:
<object> <template>
Policy Director 9C UNIX bGLr#=%d(|((d{)DS/,
(e9ITsUdP;vTsDN}/#kG)N}%dDN;/,
URL <3d=CTs#
Policy Director 'VTB UNIX bGLr#=%dV{:
V{ hv
\ 41\sDV{GXbrPD;?V#}g, GFm{#2
ITwC**e{#
? %d%vV{D(d{#}g,V{.0abcde1kmo=
0ab?de1%d
* %dcvr`vV{D(d{#
[] (e;5PV{,I%d`v#}g,V{.0abcde1k
frmo=0ab[cty]de1%d#
^ 8>G{E#}g,mo= [^ab] k}0a1r0b1V{T
bDNbV{%d#
TB>}{vK4PEC=bi/D/, URL Dm%:
http://<server-name>/home-bank/owa/acct.bal?acc=<account-number>
m>K/, URL DTs+T>gB:
http://<server-name>/home-bank/owa/acct.bal?acc=*
P8liK>}PD/, URL,|T>KhvDX(JE#home-bank&J'acDTsT>,IZCu?(acc=*)Dns?V9C%dy
PV{DGE(d{, ACL mI(JCZNNJ'#
B<{vK3d=X(\#$TsDX(/, URL Dj{=8:
185Tivoli SecureWay Policy Director WebSEAL \m8O
8.&
CL
r/
I
![Page 206: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/206.jpg)
*/, URL |B WebSEAL9C dynurl update |nI9C dynurl.conf dCD~P("Du?
|B WebSEAL \#$TsUd#
1. 4("`-r>} dynurl.conf dCD~PD/, URL u?#
2. xP|D.s,9C dynurl update |n|B~qw:
pdadmin> server task webseald-<server-name> dynurl update
server-name Td?m> WebSEAL zwD4^(Dwz{#
bvTsUdPD/, URLbv/, URL A;vTs!vZ dynurl.conf dCD~Pu?D3r#
Z"T+/, URL 3d=Tsu?1,+S%AW(h dynurl.conf D
~PD3dPm,1=R=Z;v%d#=*9#ZR=Z;v%dD
#=s,+9C`&DTsu?xP.sDZ(li#
< 38. /, URL OZ(
186 f> 3.8
![Page 207: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/207.jpg)
g{R;=%dD#=,WebSEAL M9C URL >m,u%76D
http://<server> ?V#
k#Vkn\^FD ACL T&D3d&ZPmDOK#}g,g{z[
)%&CLrD book.sales }L+;^FZ;vi/cV?i,+z[
)%&CLrD#`?VITI+?C'CJ,r3d&4BmPT>
DNrEP:
TsUdu? URL #e
/ows/sales/bksale /ows/db-apps/owa/book.sales*
/ows/sales/general /ows/db-apps/owa/*
k"b,g{3du?&Zfr3r,/ows/db-apps/owa ?<Pf"D
+?}L<+3d* /ows/sales/general Ts#IZKmsDTsUd
bv,I\a<B2+T%f#
1+ URL }rmo=3d*TsUdu?1,URL &ICS GET =
(zzDq= * ^[}Z9C POST 9G GET =(#
Z}]+dD GET =(P,/,}](}g3vC'Zm%Pa)D}
])+=S= URL#
Z}]+dD POST =(P,ksDwePM|(K/,}]#
ACL @@
;)/, URL Qbv*TsUdu?,r+9Cj< ACL LP#M7
(Gq&&mr{9ks(IZX(;c)#
T POST ksdC^F
POST ksDZ]|,ZksweP#mb,POST ks9|,/@w(
eDZ]$H,"PvVZ5#
post-max-read
187Tivoli SecureWay Policy Director WebSEAL \m8O
8.&
CL
r/
I
![Page 208: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/208.jpg)
webseald.conf dCD~D [server] ZPD post-max-read N}^F
s POST ksZ WebSEAL OD0l,|G(}+*AkDVZ\?8
(*4T POST ksweDZ]4^FD#WebSEAL AkDZ]+\
=(^li,g>Z0Dyv#
1 P O S T k s C Z / , U R L & m r q=O$1, * < G
post-max-read N}5#1!5* 4096 VZ:
[server]post-max-read = 4096
k"bKN}";^Fns POST Z]s!(|G;\^FD)#KN}
#$ WebSEAL,9.\b&ms!;OmD POST ks#
dynurl-allow-large-posts
!\ post-max-read N}^FK WebSEAL AM&mD POST Z]?,
+G|";j+@9ks+]=&CLr~qw#ZK=8P,4i$
DZ]++]=&CLr~qw#g{&CLr~qwTm;PZ(\
&,rKivI\a<B2+TgU#
dynurl-allow-large-posts N}JmzXF WebSEAL &m POST ks
(b)ksDZ]$HsZ max-post-read 8(D$H)D=(#g{
N}5hC*0no1(1!5),r WebSEAL +j+\xZ]$Hs
Z max-post-read 8($HDNN POST ks#
[server]dynurl-allow-large-posts = no
gNN}5hC*0yes1,r WebSEAL +S\{v POST ks,+G
vi$k max-post-read 5`HDZ]?#
[server]dynurl-allow-large-posts = yes
>} 1:
¶ SU=s POST ks(sZ post-max-read D5)#
¶ dynurl-allow-large-posts = no
¶ QtC/, URL#
188 f> 3.8
![Page 209: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/209.jpg)
¶ a{:{9ms{"#
>} 2:
¶ SU=s POST ks(sZ post-max-read D5)#
¶ dynurl-allow-large-posts = yes
¶ QtC/, URL#
¶ a{:WebSEAL +3d post-max-read 58(Dn`Z]?=T
sUdu?,"yZCTs4P(^li##BDZ]";3d=
TsUdu?,R;4PkKTs`X*D(^li#
¶ TB#e|,K}ps POST kssCD#=%dEPD`M:
/rtpi153/webapp/examples/HitCount\?*action=reset*
\aM<u"M\a:
¶ *dC WebSEAL T2+X&m/, URL,k4(TBD~:
/opt/PolicyDirector/www/lib/dynurl.conf
¶ D~Xk|,;Pr`PTBq=DZ]:
<object> <template>
¶ g{D~;fZ,r*U,r+;tC/, URL &\#
¶ D~&ms,Ts{F+w*SJ4Z WebSEAL TsUdPvV#
¶ #eI|,j<#=%dV{DS/##e2ITG;P#=%d
V{D-V{.#
TBy> dynurl.conf D~(eK}vTs,|Gm>w* IBM
WebSphere z7D;?VD;)y> Web &CLr:
Tsu? URL #e
/app_showconfig /rtpi153/webapp/examples/ShowConfig*
/app_snoop /rtpi153/servlet/snoop
/app_snoop /rtpi025/servlet/snoop
/app_hitcount/ejb /rtpi153/webapp/examples/HitCount\?source=EJB
/app_hitcount /rtpi153/webapp/examples/HitCount*
189Tivoli SecureWay Policy Director WebSEAL \m8O
8.&
CL
r/
I
![Page 210: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/210.jpg)
<u"M:
¶ I+`v URL #e3d=,;Ts(}g,app_snoop 3d=v;
,~qwOD URL)#
¶ TsI6W(}g app_hitcount M app_hitcount/ejb)#
¶ xk URL ks+4US%?=W?D3r,k#exPHO#g{
R=%d,r&m#9#rK,k+^FTO?D#eEZD~%
?#
¶ *$n dynurl.conf D~PD(e,I"v dynurl update |n
(9C pdadmin server task)#
+"4"z|B;Z"B\#$TsUdS<1,Web Portal Manager
P+vVb)Ts#
¶ Ts{Pk\b9Cs4V{#v9C!4V{#
¶ k;*9C\#$TsUdPQ-fZDTs{#
¶ Z>} dynurl.conf D~PDTs.0,k}%=SACTsDNN
ACL#
/, URL >}:Travel KingdomTB>}{vKs5Z?xgN#$I0Oracle Web l}w1zID
URL#
>>}P9CD/, URL Web ~qwG0Oracle Web l}w1#K<
u,yIT&CZd| URL Web ~qw#
&CLrTravel Kingdom G;vi/,|(}rXxrM'za)CN$)~q#
b;5qrcZ Web ~qwOYw=v Oracle }]b&CLr * I
S+>@p=Z?M(}rXxxPCJ#
1. CN$)53
190 f> 3.8
![Page 211: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/211.jpg)
qZ(DKMITxP6L$),"i/{GD10$)#Travel
Kingdom $wK1IT*g0KMxP$)"&md|M4Pm`d
|Bq#IZb?KMCEC('6~q,CE"D+dXk\O
q#$#
2. \m\mw
kd|s`}+>`F,Travel Kingdom ,$D\m}]b|,=
."0;MDzE"#K}]9xP?v+>I1DU,#
SZdC0Oracle Web ~qw1a)T}]bPTBf"}LDCJ(:
/db-apps/owa/tr.browse 3hyPC'i/XZCN?DX"[qH
HD\&#
/db-apps/owa/tr.book CZxP$)(CNzmK1rqO$DK
M)#
/db-apps/owa/tr.change CZ4ir_|D10$)#
/db-apps/owa/admin.browse CZCNN$wK1i4G^FDK1E
",}g)9E,gSJ~X7MU,#
/db-apps/owa/admin.resume 3h$wK1i4r|D\m}]bP{G
T:DrzE"D\&#
/db-apps/owa/admin.update I\mK1CZ|BPX$wK1DE"#
Web Uda9
WebSEAL ~qwCZ* Travel Kingdom D3; Web Uda)2+S
Z#
¶ ("KT,1KPCN$)&CLrM\m&CLrD0Oracle Web
~qw1D*a(/ows)#
2+T_T*Kr Web J4a)J1D2+T,,1#tWZ9CD53,C5q
Q-("KTB2+T?j:
1. CNzmK1TyP$)_Pj+XF(#
2. qO$DKMIT4(M|D{GT:D$),+;\I$d|q
O$KMDCN}]#
191Tivoli SecureWay Policy Director WebSEAL \m8O
8.&
CL
r/
I
![Page 212: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/212.jpg)
3. \m$wK1TyP\mE"_Pj+CJ(#
4. }\m?ETbDd| Travel Kingdom $wK1<IT|D{GT
:DrzE","i4d|$wK1D?VE"#
TsUd3dD/, URL*jIOv2+T?j,h*dCS/, URL = ACL Tsu?D3
d,gBmy>#
kG!,Tb)3dxPErG5V0f2=D2+T?jDX*?
V#
TsUdu? URL #=
/ows/tr/browse /ows/db-apps/owa/tr.browse\?dest=* &date=??/??/????
/ows/tr/auth /ows/db-apps/owa/tr.book\?dest=*&depart=??/??/????&return=??/??/????
/ows/tr/auth /ows/db-apps/owa/tr.change
/ows/admin/forall /ows/db-apps/owa/admin.resume
/ows/admin/forall /ows/db-apps/owa/admin.browse\?empid=[th]???
/ows/admin/auth /ows/db-apps/owa/admin.update\?empid=????
2+M'zM'z(}2+"S\D(@T WebSEAL xPO$#
k*9C Web SZDKM9Xkr Travel Kingdom Web \m1"a,
TSUJ'#
J'Mia9
Z53O4( 4 vi:
Staff Travel Kingdom i/DI1#
TKStaff Travel Kingdom CNzmK#
AdminStaff Travel Kingdom \m?EDK1#k"b\m$wK1
2Z Staff iP#
Customer k*(}rXxxPCN$)D Travel Kingdom DK
M#
192 f> 3.8
![Page 213: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/213.jpg)
r?vC'3h2+rPD;vJ',byMII WebSEAL ~qw%
@j6#C'm]2++]=0Oracle Web ~qw1,Ta)+? Web
J4D%;"abv=8#
CJXF
BmPvK&C0fDE"szzDCJXF:
/ows/tr/browse 4O$ Tr +O$ Tr
/ows/tr/auth 4O$ - +O$ - i TKStaff Tr i
Customer PTr
/ows/admin/forall 4O$ - +O$ - i Staff Tr
/ows/admin/auth 4O$ - +O$ - i AdminStaff Tr
}KKMXkTE"S\(#\TmI()Tb,KMM TKStaff T$)
MCNF.,$Ts_P`,DX(,SxZ(};IEDrXxa;
tP}](}gEC(E")13hKMx;=D2+T#
a[Kr%>}{vK?p_PTB\&D53DEn:
¶ #$tPE"
¶ O$C'
¶ Z(CJtPE"
mb,WebSEAL ~qwM Oracle Web ~qw<*@53DqO$C'
Dm],Rb)m]ICZa)IsF"%;"abv=8#
193Tivoli SecureWay Policy Director WebSEAL \m8O
8.&
CL
r/
I
![Page 214: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/214.jpg)
194 f> 3.8
![Page 215: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/215.jpg)
webseald.conf N<
webseald.conf dCD~
`pMZ:
¶ WEBSEAL GENERAL
[server]
¶ LDAP
[ldap]
¶ SSL
[ssl]
¶ JUNCTION
[junction]
[filter-url]
[filter-schemes]
[script-filtering]
[gso-cache]
[ltpa-cache]
¶ AUTHENTICATION
[ba]
[forms]
[token]
A
195Tivoli SecureWay Policy Director WebSEAL \m8O
A.
web
seald.co
nf
N<
![Page 216: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/216.jpg)
[certificate]
[http-headers]
[auth-headers]
[ipaddr]
[authentication-levels]
[mpa]
[cdsso]
[cdsso-peers]
[failover]
[e-community-sso]
[inter-domain-keys]
[authentication-mechanisms]
[ssl-qop]
[ssl-qop-mgmt-hosts]
[ssl-qop-mgmt-networks]
[ssl-qop-mgmt-default]
¶ SESSION
[session]
¶ CONTENT
[content]
[acnt-mgt]
[cgi]
[cgi-types]
[cgi-environment-variables]
[content-index-icons]
[icons]
[content-cache]
[content-mime-types]
[content-encodings]
196 f> 3.8
![Page 217: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/217.jpg)
¶ LOGGING
[logging]
¶ AUTHORIZATION API
[aznapi-configuration]
[aznapi-entitlement-services]
¶ POLICY DIRECTOR
[policy-director]
[manager]
WEBSEAL GENERAL
N} hv
[server] Z
SYSTEM
unix-user WebSEAL ~qwD UNIX C'J'#
unix-group WebSEAL ~qwD UNIX iJ'#
unix-pid-file PID D~D;C#
server-root WebSEAL ~qwDy?<#
server-name WebSEAL ~qw5}{F#
THREADS AND CONNECTIONS
worker-threads WebSEAL $wLr_LD}?#
client-connect-timeout u<M'z,S,1#
persistent-con-timeout HTTP/1.1 VC,S,1#
HTTPS CLIENT
https Jm HTTPS CJ#
https-port CZ2+ HTTPS ksDKZ#
HTTP CLIENT
http JmG2+ HTTP(TCP)CJ#
http-port CZG2+ HTTP ksDKZ#
POST REQUESTS
post-max-read *S POST ksweAk(w*Z])Dns
VZ}#
DYNURL
dynurl-map URL *\#$Ts3dD~D;C#
197Tivoli SecureWay Policy Director WebSEAL \m8O
A.
web
seald.co
nf
N<
![Page 218: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/218.jpg)
WEBSEAL GENERAL
N} hv
dynurl-allow-large-posts + WebSEAL \;A!D POST ks}^F
Z post-max-read 8(D}?.Z#
URI HANDLING
utf8-url-spport-enabled
LDAP
N} hv
[ldap] Z
ldap-server-config ldap.conf dCD~D;C(ZdCZdh
C)#
cache-enabled tCM{C>X LDAP _Y:f#
prefer-readwrite-server Jm!qI4D LDAP ~qw(IC1)#
auth-using-compare Jm9CHO\kYwx;G LDAP s(4
xP|lDO$li#
default-policy-override-support li1!_TrX(ZC'D_T#
user-and-group-in-same-suffix QwT\#m>ikC'GC`,D LDAP
s:(eD#
ssl-enabled * WebSEAL A LDAP (EtCM{C
SSL#
ssl-keyfile SSL \?D~D;C#
ssl-keyfile-dn SSL \?D~PD$ij)(g{P)#
ssl-keyfile-pwd SSL \?D~\k#
bind-dn WebSEAL X$LrD(P{F(ZdCZd
hC)#
bind-pwd WebSEAL X$LrD\k(ZdCZdh
C)#
enabled
host
port
SSL
N} hv
[ssl] Z
198 f> 3.8
![Page 219: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/219.jpg)
SSL
N} hv
webseal-cert-keyfile 3v\?D~D;C,CD~|, WebSEAL
-L SSL a01"M=/@wD~qw$
i#
webseal-cert-keyfile-pwd WebSEAL $i(C\?\k#
webseal-cert-keyfile-stash WebSEAL (C\?\kf"D~D;C#
webseal-cert-keyfile-label *9CD WebSEAL $iG1!{F#
ssl-keyfile CZZ?(ED WebSEAL $i\?D~D;
C#
ssl-keyfile-pwd WebSEAL $i(C\?\k(CZZ?(
E)#
ssl-keyfile-stash WebSEAL (C\?\kf"D~D;C(C
ZZ?(E)#
ssl-keyfile-label *9CD$iG1!{F(CZZ?(E)#
disable-ssl-v2 !qTX{C SSL V2 'V#
disable-ssl-v3 !qTX{C SSL V3 'V#
disable-tls-v1 !qTX{C TLS V1 'V#
ssl-v2-timeout SSL V2 ,SD GSKit _Y:fa0j6,
1#
ssl-v3-timeout SSL V3 ,SD GSKit _Y:fa0j6,
1#
ssl-max-entries GSKit SSL a0j6_Y:fPDns""u
?}#
ssl-ldap-server CZ CRL liD LDAP ~qw#
ssl-ldap-server-port K LDAP ~qw*xP CRL lixl}1y
ZDKZE#
ssl-ldap-user LDAP ~qwD\mC'#
ssl-ldap-user-password LDAP ~qwD\mC'D\k#
ssl-auto-refresh
ssl-listening-port
ssl-pwd-life
ssl-authn-type
199Tivoli SecureWay Policy Director WebSEAL \m8O
A.
web
seald.co
nf
N<
![Page 220: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/220.jpg)
JUNCTION
N} hv
[junction] Z
junction-db *a}]bD;C#
jmt-map *a * ks3dm(JMT)D;C#
http-timeout ryZ TCP D*a"MMSC*aA!1
yCD,1#
https-timeout ryZ SSL D*a"MMSC*aA!1
yCD,1#
ping-time WebSEAL * Q*a~qw ping }LD1
ddt#
basicauth-dummy-passwd (}0-b supply1*aa)y>O$}]1
D+V\k#
worker-thread-hard-limit *X(*a&mksD$wLr_L\}
DYVH#
worker-thread-soft-limit *X(*a&mksD$wLr_L\}
DYVH#
io-buffer-size S*aA!M4k*ayCD:exs
!#
DOCUMENT FILTERING
[filter-url] Z
<tag> = <attribute> WebSEAL ZQ*a~qwDl&P}KD
URL tT#
[filter-schemes] Z
scheme = <scheme-name> WebSEAL ZQ*a~qwDl&P}KD
URL #=DPm#
[script-filtering] Z
script-filter tCM{CT*aD~qwOE>DxT
URL D}K#
GSO CACHE
[gso-cache] Z
gso-cache-enabled tCM{C GSO _Y:f#
gso-cache-size GSO _Y:fPDu?}#
gso-cache-entry-lifetime GSO _Y:fu?Dn$P'Z#
gso-cache-entry-idle-timeout Gn/ GSO _Y:fu?Dn$P'Z#
LTPA CACHE
200 f> 3.8
![Page 221: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/221.jpg)
JUNCTION
N} hv
[ltpa-cache] Z
ltpa-cache-enabled tCM{C LTPA _Y:f#
ltpa-cache-size LTPA _Y:fPDu?}#
ltpa-cache-entry-lifetime LTPA _Y:fu?Dn$P'Z#
ltpa-cache-entry-idle-timeout Gn/ LTAPA _Y:fu?Dn$P'
Z#
AUTHENTICATION
N} hv
BASIC AUTHENTICATION
[ba] Z
ba-auth tCM{Cy>O$zF#
basic-auth-realm Z/@w BA G<a>{PT>Dr{F#
FORMS
[forms] Z
forms-auth tCM{C9Cm%O$#
TOKEN
[token] Z
token-auth tCM{C9CjG(PzkO$#
CERTIFICATE
[certificate] Z
accept-client-certs dC WebSEAL M'zK$i&m#
HTTP HEADERS
[http-headers] Z
http-headers-auth tCM{C9C HTTP 7O$#
[auth-headers] Z
header CZO$DX( HTTP 7#
IP ADDRESS
[ipaddr] Z
ipaddr-auth tCM{C9C IP X7E"O$#
STEP UP
[authentication-levels] Z
201Tivoli SecureWay Policy Director WebSEAL \m8O
A.
web
seald.co
nf
N<
![Page 222: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/222.jpg)
AUTHENTICATION
N} hv
level = unauthenticated level= password
]}O$dC#
MULTIPLEXING PROXY AGENTS
[mpa] Z
mpa tCM{CT(}`74C/PzmxPO
$D'V#
CDSSO
[cdsso] Z
cdsso-auth tCM{C9C CDSSO jGO$#
authtoken-lifetime CDSSO O$jGDnsP'Z5#
[cdsso-peers] Z
<machine-name> =<keyfile-location>
Nh CDSSO DTHr#
FAILOVER
[failover] Z
failover-auth tCM{CS\JO*F cookie#
failover-cookies-keyfile I cdsso_key_gen zID cookie S\\?
D;C(xT76{)#
failover-cookie-lifetime JO*F cookie Z]P'D1d^F#
enable-failover-cookie-for-domain
+JO*F cookie `MSX(Z~qwD
cookie |D*X(ZrD cookie#
e-COMMUNITY SSO
[e-community-sso] Z
e-community-sso-auth tCM{CgSgx SSO#
e-community-name vVZ0$51jGMksPDgSgx{
F#
intra-domain-key CZ#$ DNS rP WebSEAL 5}.d(E
D\?D~D;C#
is-master-authn-server +>Xzw8(*w WebSEAL O$~qw#
master-authn-server w WebSEAL O$~qw(g{;G>Xz
w)D{F#
master-http-port wO$~qwl}1yZDGj< HTTP K
Z#
202 f> 3.8
![Page 223: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/223.jpg)
AUTHENTICATION
N} hv
master-https-port wO$~qwl}1yZDGj< HTTPS K
Z#
vf-token-lifetime 0$51jGP'Z5#
vf-url 0$51URL#
ec-cookie-lifetime gSgx cookie P'Z5#
[inter-domain-keys] Z
<domain-name> = <keyfile> NkgSgxDd|rD\?D~#
AUTHENTICATION MECHANISMS AND LIBRARIES
[authentication-mechanisms] Z
passwd-cdas passwd-ldappasswd-uraf token-cdasc e r t - s s l c e r t - c d a sh t t p - r e q u e s t c d s s op a s s w d - s t r e n g t hcred-ext-attrs
\'VDO$zFMX*D2mbDPm#
SSL QUALITY OF PROTECTION MANAGEMENT
[ssl-qop] Z
ssl-qop-mgmt tCM{C#$6p\m#
[ssl-qop-mgmt-hosts] Z
<ip-address> %@wzD QOP S\6p#
[ssl-qop-mgmt-networks] Z
<ip-address/mask> %@xgD QOP S\6p#
[ssl-qop-mgmt-default] Z
default yPd|;%dD IP X7D1! QOP S\
6p#
SESSION
N} hv
[session] Z
max-entries WebSEAL >$/a0_Y:fPDns""
u?}#
timeout WebSEAL >$/a0_Y:fPu?Dn$
P'Z#
203Tivoli SecureWay Policy Director WebSEAL \m8O
A.
web
seald.co
nf
N<
![Page 224: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/224.jpg)
SESSION
N} hv
inactive-timeout WebSEAL >$_Y:fPGn/u?DP'
Z#
SSL CLIENT SESSIONS
ssl-id-sessions 9C SSL j6,$ HTTPS G<a0#
SHARING SESSIONS
use-same-session TZ HTTP M HTTPS .dP;DM'z9C
`,Da0j6#
SENDING SESSION COOKIES
resend-webseal-cookies Z?Nl&M'z1"MNbQdCa0M
JO*F cookie#
CONTENT
N} hv
[content] Z
LOCAL DIRECTORIES AND FILES
doc-root Web D5wDy?<#
directory-index ?<w}D~D{F#
delete-trash-dir \m1>}DD~DY1,xd?<#
LOCAL USER DIRECTORIES
user-dir ?<G|,+2 HTML D5DC'w?<
w#
ERROR PAGES
error-dir |, WebSEAL mshvD~D?<#
ACCOUNT MANAGEMENT PAGES
[acnt-mgt] Z
mgt-pages-root J'\m3fDy?<#
login j<G<m%D{F#
logout I&"zsT>D3f{F#
account-locked O$rx(DJ'x'\1T>D3fD{
F#
passwd-expired O$r''\kx'\1T>D3fD{
F#
passwd-change |DD\km%D{F#
204 f> 3.8
![Page 225: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/225.jpg)
CONTENT
N} hv
passwd-change-success \k|DksI&1T>D3fD{F#
passwd-change-failure \k|Dks'\1T>D3fD{F#
help |,P'\m3fD4SD3fD{F#
token-login jGG<m%D{F#
next-token B;vjGm%D{F#
stepup-login ]}O$G<m%D{F#
LOCAL CGI
[cgi] Z
cgi-timeout 4kS CGI xLMSS CGI xLA!1yC
D,15#
[cgi-types] Z
bat = cmd cmd = cmd pl =perl sh = sh tcl = tclsh76
8((T Win32 ~qw)TXb CGI D~)
9{4PDLr#
[cgi-environment-variables] Z
ENV +I CGI LrLPD73d?#
ICONS
[content-index-icons] Z
image/* video/* audio/* text/html
t e x t / * a p p l i c a t i o n / x - t a r
application/*
8(?<w}I WebSEAL zI1(1;P
index.html 1"zbViv)*9CD<N<
j#
[icons] Z
diricon CZS?<D<j#
backicon CZ8?<D<j#
unknownicon CZ4*D~`MD<j#
DOCUMENT CACHING
[content-cache] Z
text/html image/* */* (e WebSEAL f"ZZfPDX(D5
MIME `MD_Y:f`MMs!#
MIME TYPES
[content-mime-types] Z
<extension> = <type> (eX(D5)9{D MIME `M#
deftype D5`M4Z3dmPPv1*9CD1!
MIME `M#
CONENT ENCODINGS
205Tivoli SecureWay Policy Director WebSEAL \m8O
A.
web
seald.co
nf
N<
![Page 226: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/226.jpg)
CONTENT
N} hv
[content-encodings] Z
gz Z +D5)9{3d*'VZ]`kD/@w
D;V`k`M#
LOGGING
N} hv
[logging] Z
server-log ~qwmsU>D~D;C#
max-size HTTP U>DU>D~*fP5#
flush-time HTTP U>D~:exD"B5J#
requests tCM{C HTTP ksU>#
requests-file HTTP ksU>D;C#
referers tCM{C HTTP N<E"U>#
referers-file HTTP N<E"U>D;C#
agents tCM{C HTTP zmU>#
agents-file HTTP zmU>D;C#
gmt-time T GMT 1dx;G>X1xG<ks#
AUTHORIZATION API
N} hv
[aznapi-configuration] Z
db-file >XM'zD_T}]b_Y:fD~D;
C#
cache-refresh-interval (e|B(V/)wZ(~qwDli1d
dt#
listen-flags tCM{CSU_T_Y:f|B(*Dj
>#
tcp-port l}wD TCP KZ#
udp-port l}wD UDP KZ#
AUTHORIZATION API LOGGING
logclientid=webseald
logsize \msFU>DU>D~*fP5#
logflush \msFU>D~:exD"B5J#
206 f> 3.8
![Page 227: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/227.jpg)
AUTHORIZATION API
N} hv
logaudit tCM{CsF#
auditlog sFU>D;C#
auditcfg = azn 6qZ(B~#
auditcfg = authn 6qO$B~#
auditcfg = wand 6q WebSEAL B~#
AZNAPI SERVICE DEFINITIONS
<service-id>
mode
azn-server-name
pd-user-name
[aznapi-entitlement-services] Z
AZN_ENT_EXT_ATTR
POLICY DIRECTOR
N} hv
[policy-director] Z
config-file pd.conf dCD~D;C#
[manager] Z
master-host
master-port
master-dn
207Tivoli SecureWay Policy Director WebSEAL \m8O
A.
web
seald.co
nf
N<
![Page 228: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/228.jpg)
208 f> 3.8
![Page 229: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/229.jpg)
WebSEAL *aN<
pdadmin 5CLra);%=|nPa>{,ITSCa>{4P
WebSEAL *aNq#
wbw}:
¶ :9C0pdadmin server task14(*a;
¶ Z2113D:*a|n;
¶ Z2123D:*u<~qw4(B*a;
¶ Z2143D:+=S~qwmS=VPD*a;
9C0pdadmin server task14(*aZ9C pdadmin 0,zXkw* sec_master \mC'G<=2+r#
}g:
UNIX:
# pdadminpdadmin> loginEnter User ID: sec_masterEnter Password:pdadmin>
Windows:
B
209Tivoli SecureWay Policy Director WebSEAL \m8O
B.
Web
SE
AL
*a
N<
![Page 230: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/230.jpg)
MSDOS> pdadminpdadmin> loginEnter User ID: sec_masterEnter Password:pdadmin>
r_,9C_PTB!nD%|nPqC`,a{:
# pdadmin -a sec_master -p <password>pdadmin>
*4( WebSEAL *a,k9C pdadmin server task |n:
pdadmin> server task <server-name> <task>
server-name Td?G5Jzw{FMC|n9CD Policy Director i~
(}g WebSEAL)Dj+mo=#
<policy-director-component>-<machine-name>
}g,g{zw{F* cruz R Policy Director i~* WebSEAL,r
server-name *:
webseald-cruz
9C server list |ni$ server-name mo=:
pdadmin> server listwebseald-cruz
4(y> WebSEAL *aDXh|n!n|(:
¶ sK&CLr~qwDwz{(–h !n)
¶ *a`M * tcp"ssl"tcpproxy"sslproxy M local(–t !n)
¶ *ac(20c)
pdadmin> server task <server-name> create –t <type>–h <host-name> <jct-point>
210 f> 3.8
![Page 231: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/231.jpg)
*a|n
TB*a|nT pdadmin server task IC:
|n hv
create *u<~qw4(B*a#
add +=S~qwmS=VPD*ac#
remove S*ac}%~qw#
o(:remove –i <server-id> <junction-point>
9C show |nI7(Xb~qwDj6#
delete }%*ac#
o(:delete <junction-point>
list PvK~qwODyP*ac#
o(:list
show T>*aDj8E"#
o(:show <junction-point>
jmt load jmt clear jmt load |n* WebSEAL a)*a3dm}]
(jmt.conf),IXF&m/,zID~qw`T
URL#
jmt clear |nrS WebSEAL }%*a3dm}]#
help Pv*a|n#
o(:help
help <command> T>XZX(*a|nDj8oz#
exit Kv pdadmin 5CLr#
o(:exit
b)|n0X*D!n+ZTBwZP[v#
211Tivoli SecureWay Policy Director WebSEAL \m8O
B.
Web
SE
AL
*a
N<
![Page 232: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/232.jpg)
*u<~qw4(B*aYw:4(B*ac,"*au<~qw#
o(:
create –t <type> –h <host-name> [<options>] <junction-point>
*a`M
–t <type> ** Xh **
* a ` M # t c p " s s l "
tcpproxy"sslproxy"local .;#
–t tcp D1!KZ* 80#–t ssl D1!KZ*
443#
wz{
–h <host-name> ** Xh **
?jsK~qwD DNS wz{r IP X7#
!n
(} SSL D`%O$
–K <key-label> WebSEAL 9CM'z$iTsK~qwxPO
$#
–B WebSEAL 9C BA 7E"TsK~qwxP
O$#*s –U"–W M –b filter !n#
–U <“username”> WebSEAL C'{#k –B ;p9CI+ BA
7E""M=sK~qw#
–W <“password”> WebSEAL \k#k –B ;p9CI+ BA 7
E""M=sK~qw#
–D <“DN”> 8( s K ~ q w$iD ( P { F
(Distinguished Name)#K5k5JD$i DN
`%d,v?KO$#
zm*a!n(h* –t tcpproxy r –t sslproxy)
–H <host-name> zm~qwD DNS wz{r IP X7#
–P <port> zm~qwD TCP KZ#
a) BA 7E"
212 f> 3.8
![Page 233: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/233.jpg)
–b <BA-value> (e WebSEAL ~qwgN+ HTTP BA O$
E"+]=sK~qw#*BP5.;:
filter(1!)"ignore"supply"gso
#C TCP M SSL *a!n
–c <id-types> + Policy Director M'zm]ek{v HTTP
7PD HTTP 7#id-types Td?I|,TB
Policy Director HTTP 7`MDNbiO:
iv-user"iv-user-l"iv-groups"iv-creds M all#
–i WebSEAL ~qw&m URL 1G;xVs!4
D#
–j a) cookie PD*aj6,&mE>zID~
qw`T URL#
–k "Ma0 cookie AsKE'x>~qw#
–p <port> sKZ}=~qwD TCP KZ#TZ TCP *
a,1!5* 80;TZ SSL *a,1!5*
443#
–q <url> query_contents E>D`T URL#Policy
Director Z /cgi_bin/ PiR query_contents#
g{K?<;,r query_contents D~QX
|{,9CK!nIr WebSEAL 8>D~D
B URL#
–r +dkD IP X7ek{v*aPD HTTP
7#
–s 8(*a&'V4,#f&CLr#1!iv
B,*a;G4,#fD#
– T < r e s o u r c e /
resource-group>
GSO J4rJ4iD{F#T –b gso !nG
XhD,2;k -b gso !n;p9C#
–u <UUID> 8((}4,#fac(–s)k WebSEAL ,
SDsK~qwD UUID#
213Tivoli SecureWay Policy Director WebSEAL \m8O
B.
Web
SE
AL
*a
N<
![Page 234: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/234.jpg)
–v <virt-host-name> sK~qwOyzmDibwz{#K!n'
VsK~qwODibwzhC#
1sK*a~qwh*wz{D71,k9C
–v,r*b1z}Z*aC~qwD;vib
5}#/@wD1! HTTP 7ks";*@s
K~qw_P`v{FM`vib~qw#X
kdC WebSEAL ZTsK~qw(QhC*
ibwz)*?DXDksPa)nbD7E
"#
–w Win32 D~53'V#
LTPA *a
–A tCM{C LTPA *a#
–F <“keyfile”> C4S\ LTPA cookie }]D\?D~D;
C#
– Z
<“keyfile-password”>
\?D~D\k
WebSEAL * WebSEAL D SSL *a
–C 0K WebSEAL ~qwksK WebSEAL ~q
w.d(} SSL `%O$#*sP –t ssl r
–t sslproxy `M#
>X*a!n(k –t local ;p9C)
–d <dir> *aD>X?<#** Xh#**
–f ?Ff;VPD*a#
*ac
WebSEAL {FUdP*4(*aD;C#
+=S~qwmS=VPD*aYw:+=S~qwmS=VPD*ac#
o(:
add –h <host-name> [<options>] <junction-point>
wz{
214 f> 3.8
![Page 235: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/235.jpg)
–h <host-name> ** Xh **
?jsK~qwD DNS wz{r IP X7#
!n
(} SSL D`%O$
–D <“DN”> 8(sK~qw$iD(P{F#K5k5J
D$i DN `%d,v?KO$#
zm*a!n(ZP –t tcpproxy M –t sslproxy 1GXhD)
–H <host-name> zm~qwD DNS wz{r IP X7#
–P <port> zm~qwD TCP KZ#
#C TCP M SSL *a!n
–i WebSEAL ~qw&m URL 1G;xVs!4
D#
–j a) cookie PD*aj6,&mE>zID~
qw`T URL#
–p <port> sKZ}=~qwD TCP KZ#TZ TCP *
a,1!5* 80;TZ SSL *a,1!5*
443#
–q <url> query_contents E>D`T URL#Policy
Director Z /cgi_bin/ PiR query_contents#
g{K?<;,r query_contents D~QX
|{,9CK!nIr WebSEAL 8>D~D
B URL#
–u <UUID> 8((}4,#fac(–s)k WebSEAL ,
SDsK~qwD UUID#
–v <virt-host-name> sK~qwOyzmDibwz{#K!n'
VsK~qwODibwzhC#
1sK*a~qwh*wz{D71,k9C
–v,r*b1z}Z*aC~qwD;vib
5}#/@wD1! HTTP 7ks";*@s
K~qw_P`v{FM`vib~qw#X
kdC WebSEAL ZTsK~qw(QhC*
ibwz)*?DXDksPa)nbD7E
"#
–w Win32 D~53'V#
*ac
+~qwmS=KVPD*ac#
215Tivoli SecureWay Policy Director WebSEAL \m8O
B.
Web
SE
AL
*a
N<
![Page 236: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/236.jpg)
216 f> 3.8
![Page 237: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/237.jpg)
9C iKeyman \m$i
iKeyman 5CLrG;V$_,IC4\m}V$i#9C iKeyman,
IT4(B\?}]b"BbT}V$i,+ CA root mS=}]b,
+$iS;v}]b4F=m;v}]b,r CA ksMSU}V$i,
hC1!\?M|D\k#
iKeyman 5CLrG Policy Director a)D Global Security
Kit(GSKit)m~|D?~#
wbw}:
¶ Z2183D:t/ iKeyman 5CLr;
¶ Z2193D:r*1! WebSEAL \?}]b;
¶ Z2213D:4(B\?}]b;
¶ Z2233D:4(BT)}V$i;
¶ Z2253D:mSBy CA $i;
¶ Z2253D:>}y CA $i;
¶ Z2263D:Z}]bd4F$i;
¶ Z2303D:ks~qw$i;
¶ Z2313D:SU}V$i;
¶ Z2323D:>}}V$i;
¶ Z2323D:8(B1!$i;
C
217Tivoli SecureWay Policy Director WebSEAL \m8O
C.
9C
iKeym
an\
m$
i
![Page 238: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/238.jpg)
¶ Z2333D:|D}]b\k;
t/ iKeyman 5CLrSYw53|nPa>{t/ iKeyman 5CLr:
Windows:
MSDOS> /Program Files/IBM/gsk4/bin/gsk4ikm.exe
UNIX:
# /usr/bin/gsk4ikm
vV0IBM \?\m10Z#
< 39. 0IBM \?\m10Z
218 f> 3.8
![Page 239: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/239.jpg)
r*1! WebSEAL \?}]b\?}]b|,~qwMM'zK$i0 WebSEAL &myZ$iDO
$yhDy CA $i#
201,WebSEAL a)1!$i\?}]b(pdsrv.kdb)#\?D~|
,1! WebSEAL $i(\?j) = Policy Director)MI)!qD+
2y CA $i#
*r*1! WebSEAL \?}]b,kq-b)=h:
1. S0IBM \?\m10Z,Z0\?}]bD~1K%!q0r*1#
2. S0r*1/@0Z,/@TB?<:
UNIX: /opt/PolicyDirector/lib/certs
Windows: C:\Program Files\Tivoli\Policy Director\lib\certs
3. !q:
pdsrv.kdb
4. %w0r*1#
vV0\ka>1T0r#
5. dk1! WebSEAL \k:
pdsrv
6. %w07(1#
}]bE"2k\m0Z#
k"b0vK$i10ZPvV1! WebSEAL $i#$iD\?j)
G “Policy Director”#Kj)s`vVGErj>C$i*1!$i#
kNDZ2203D<40#
+$i!nB-K%S0vK$i1|D*0){_$i1#vV+2
yO$PD(CA)$iDPm#
kNDZ2203D<41#
219Tivoli SecureWay Policy Director WebSEAL \m8O
C.
9C
iKeym
an\
m$
i
![Page 240: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/240.jpg)
< 40. 1! WebSEAL pdsrv.kdb \?D~:WebSEAL $i
< 41. 1! WebSEAL pdsrv.kdb \?D~:){_$i
220 f> 3.8
![Page 241: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/241.jpg)
4(B\?}]b\?}]b|,~qwMM'zK$i0 WebSEAL &myZ$iDO
$yhDy CA $i#
201,WebSEAL a)1!$i\?}]b(pdsrv.kdb)#\?D~|
,1! WebSEAL $i(\?j) = Policy Director)MI)!qD+
2y CA $i#
ITLx9CK1!\?}]b,r_4(B}]b#g{4(B}]
b"#{ WebSEAL +C}]bw*1!}]b9C,rXk(*
WebSEAL,bI(}dC secmgrd.conf D~PD ssl-keyfile N}4
xP#kNDZ373D:dC WebSEAL D\?}]bN};#
*4(B\?}]bD~,kq-b)=h:
1. S0IBM \?\m10Z,Z0\?}]bD~1K%!q0B
(1#
vV0B(1T0r#
2. Z0\?}]b`M1VN!q0CMS \?}]bD~1#
3. dk0D~{1,}g key.kdb#
4. S\0;C1VND1!5,rdkCVNDB5,r9C0/
@14%!qB5#
< 42. 0B(1T0r
221Tivoli SecureWay Policy Director WebSEAL \m8O
C.
9C
iKeym
an\
m$
i
![Page 242: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/242.jpg)
5. %w07(1#
vV0\ka>10Z#
6. Z0\k1VNdk\k,"Z07O\k1VNPYNdkC\
k#
7. (I!)!P0hC''1d14!r,"dkJ1D5#
8. (I!)!P0+\kf"=D~14!r#
f"D~|,TB)9{:.sth
Xkr WebSEAL (*bvBf"D~,bI(}dC
secmgrd.conf dCD~PD ssl-keyfile-stash N}4xP#
kNDZ373D:dC WebSEAL D\?}]bN};#
9. %w07(1#
vV07O10Z,C0Zi$zGqQ-4(B\?}]b#
10. %w07(1#
zQ-I&4(B\?}]b#XBvV0IBM \?\m10Z#
VZD0IBM \?\m10Z43KzDB\?D~{,"T>){_
$i#
TB){_}V$iGI iKeyman a)D:
¶ RSA Secure Server CA
¶ Thawte Personal Premium CA
¶ Thawte Personal Freemail CA
¶ Thawte Personal Basic CA
¶ Thawte Premium Server CA
¶ Thawte Server CA
¶ VeriSign Class 1 Public Primary CA
¶ VeriSign Class 2 Public Primary CA
¶ VeriSign Class 3 Public Primary CA
¶ VeriSign Test CA Root Certificate
222 f> 3.8
![Page 243: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/243.jpg)
b)){_}V$iGQ("DO$PD(CA)Dy$i#WebSEAL 9
Cb)y$ii$M'zK$i#
g{h*9C4ZKPmPvVD){_$i,rXkr CA ksC$
i,"+dmS=\?}]b#
kNDZ2253D:mSBy CA $i;#
":VeriSign Test CA Root Certificate GIEHOMD CA,+d|(
ZZG*KCZbT#&Z+\?}]b`Ekzz&CLr.0
}%bvy#
B}]b9h*|( CA )pD~qw$i,by WebSEAL MIT+
TmTM'zrd|~qwO$#K$iGf"Z0\m10ZD0v
K$i1?VD#
kNDZ2303D:ks~qw$i;#
kNDZ2313D:SU}V$i;#
4(BT)}V$i
*"zz&CLr1,zI\kZjIz7DbT.sYCf5D}V
$i4P$iO$#9C iKeyman,IT4(CZbTDT)}V$
i#T)}V$iGz"xT:DY1}V$i(TTm* CA)#
":;*"<xPT)}V$iDzz&CLr;;P/@wrM'z
\;6pzD~qwr2+Xk.(E#
201,WebSEAL a)F* “Policy Director” DT)$i#IT+K$
iCZbT,r_IT4(BT)$i#
*4(BDT)}V$i,kq-b)=h:
1. 9C iKeyman r* pdsrv.kdb \?D~,rr*m;v(F\?D
~#
0IBM \?\m10Zjb8T>K!(\?}]bD~D{F,"
8>CD~Qr*MMw#
223Tivoli SecureWay Policy Director WebSEAL \m8O
C.
9C
iKeym
an\
m$
i
![Page 244: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/244.jpg)
2. SB-Pm!q0vK$i1#
3. %w0B(T)14%#
vV04(BDT)$i1T0r#
4. dk0\?j)1,}g “test-cert”#
5. dk0+C{F1M0i/1(=_y*Xh),"!q0zR/X
x1#TZd`VN,ITS\1!5,2ITdkr!qB5#
kND<43#
6. %w07(1#
0IBM \?\m10Z0vK$i1VNT>Kz4(DT)}V$
iD{F#
< 43. 4(BDT)$i
224 f> 3.8
![Page 245: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/245.jpg)
mSBy CA $i
WHXkrX( CA ksBy$i,;sEIT*C CA mSK$i#
?v CA <_PKNqD(;}L#XZKE",k*5`&D CA#
r CA ks"U=y$i.s,I+dmS=\?}]b#s`}}V
y$i<9Cq= *.arm(}g cert.arm)#
*+y CA $imS=}]b,kq-b)=h:
1. Z0IBM \?\m10ZP,SB-Pm!q0){_$i1#
2. %w0mS1#
vV0SD~mS CA D$i10Z#
1. S0}]`M1B-K%!q0Base64 `kD ASCII }]1#
2. dky CA $iD0$iD~{1M0;C1,r_%w0/@1!
q{FM;C#
3. %w07(1#
vV0dkj)1T0r#
4. dky CA $iD\?j),}g VeriSign Root CA Certificate,"
%w07(1#
by,0){_$i1VN|,KzUmSDy CA $iDj)#
>}y CA $i
g{;kY'VzD){_$iPmPD3v)"_,rh*>}`&
Dy CA $i#
< 44. 0mS CA D$i1T0r
225Tivoli SecureWay Policy Director WebSEAL \m8O
C.
9C
iKeym
an\
m$
i
![Page 246: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/246.jpg)
":>}y CA $i.0,H4(C$iD8]1>,by,TsIT
XB4(`,D CA y$i#
*S}]b>}y CA $i,kq-b)=h:
1. Z0IBM \?\m10ZP,SB-Pm!q0){_$i1#
2. !q(;vT>)*>}Dy CA $i#
3. %w0>}1#
vV07O10Z#
4. %w0G1#
zU>}Dy CA $iDj);YZ0){_$i1VNPvV#
Z}]bd4F$i
hC(CENxgr+T)$iCZbT1,zI\"Vh*+$iS
;v}]b4FMmS=m;v}]b#Z}]b.dF/$iD=(
P 3 V:
¶ +$ii!=D~;SD~mS$i
¶ S}]b1S<k$i
¶ +$i1S<v=}]b
+$ii!=D~;SD~mS$i*+$iS(4)\?}]bi!=D~,;s+C$imS=(?
j)\?}]b,kq-b)=h:
1. r*041\?}]b#
2. S0IBM \?\m10ZB-K%,!q*<vD$iD`M:0v
K1r0){_1#
3. !q*mS=m;}]bD$i#
4. g{!q0vK1,r%w0i!$i14%#g{!q0){
_1,r%w0i!14%#
vV0+$ii!=D~10Z#
5. S0}]`M1B-K%!q0Base64 `kD ASCII }]1#
226 f> 3.8
![Page 247: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/247.jpg)
}] ` M h * k$iD~Pf " D$iD}] ` M ` % d #
iKeyman $_'V Base64 `kD ASCII D~M~xF DER `k
D$i#
6. dk$iD~{M*f"$iD;C,r_%w0/@1!q{F
M;C#
7. %w07(1#
+$i4=8(DD~#
*+$iSD~mS=?j}]b,kq-b)=h:
1. r*?j\?}]b#
2. !q+*mSD$iD`M:0vK1r0){_1#
3. T0){_1`M$i%w0mS1#T0vK1`M$i%w0S
U1#
4. dkzi!$i19CD0$iD~{1M0;C1#2IT9C
0/@14%#
5. %w07(1#
< 45. +$ii!=D~
< 46. SD~SU$i
227Tivoli SecureWay Policy Director WebSEAL \m8O
C.
9C
iKeym
an\
m$
i
![Page 248: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/248.jpg)
6. 07O10Z*s!qK$iGq+w*1!$i#%w0G1r
0q1#
by,$iMmS=?j}]b,"vVZ$iDPmP#
S}]b1S<k$i*+$iS(4)\?}]b<k=(?j)\?}]b,kq-b)
=h:
1. r*0?j1\?}]b#
2. S0IBM \?\m10ZB-K%,!q*<vD$iD`M:0v
K1r0){_1#
3. %w0<v/<k14%#
T>0<v/<k\?10Z#
4. S0!qYw`M1!q0<k1#
5. S0\?1D~`MB-K%,!q CMS \?}]bD~#
6. dk4\?}]bD0D~{1M0;C1,C}]b|,z*<
kD$i#2IT9C0/@14%#
7. %w07(1#
T>0\ka>10Z#
8. dk\k"%w07(1#
vV0S\?j)Pm!q10Z#
9. !q*<kD$i"%w07(1#
< 47. <v/<k\?
228 f> 3.8
![Page 249: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/249.jpg)
by,C$iMvVZ?j}]bDPmP#
+$i1S<v=}]b*+$iS(4)\?}]b<v=(?j)\?}]b,kq-b)
=h:
1. r*041\?}]b#
2. S0IBM \?\m10ZB-K%,!q*<vD$iD`M:0v
K1r0){_1#
3. !q(;vT>)*<vD$i#
4. %w0<v/<k14%#
T>0<v/<k\?10Z#
5. S0!qYw`M1!q0<v1#
6. S0\?1D~`MB-K%,!q CMS \?}]bD~#
7. dkz*"M$i1yZD?j\?}]bD0D~{1M0;
C1#2IT9C0/@14%#
":vVXZf;K}]bD~DIE{"#%w0G1#Q<v
D$i+;mS=?j}]b#;a*'NNE"#
8. %w07(1#
T>0\ka>10Z#
9. dk?j}]bD\k"%w07(1#
< 48. <v/<k\?
229Tivoli SecureWay Policy Director WebSEAL \m8O
C.
9C
iKeym
an\
m$
i
![Page 250: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/250.jpg)
10. r*?j}]b1,Q<vD$i+vVZ$iDPmP#
ks~qw$i
WebSEAL *s CA )pD$i+dTmO$= SSL M'z#WebSEAL
I\*sP;,D$iI)d|DO$*s9C(}gl&9C
junctioncp –K xP*aD&CLr~qw)#
iKeyman 5CLrJmzI$iks,zIT+Cks"MA`&D
CA#
*zI$iks,kq-b)=h:
1. Z0IBM \?\m10ZP,SB-Pm!q0vK$iks1#
2. %w0B(1#
vV04(BD\?M$iks1T0r#
3. dk$iksD0\?j)1#
4. dk0+C{F1M0i/1,"!q0zR/Xx1#
< 49. 4(BD\?M$iks
230 f> 3.8
![Page 251: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/251.jpg)
TZd`VN,ITS\1!5,2ITdkr!qB5#
5. Z0ZW?,dkD~D{FM;C#2IT9C0/@14%#
6. %w07(1#
vV07O10Z,C0Zi$zGqQ-I&4(B}V$iD
ks#
7. %w07(1#
0vK$iks1VNT>Kz4(DB}V$iksD\?j
)#
8. +D~"M=`&D CA IksB}V$i,r_+CksS CA D
Web >cty=ksm%#
SU}V$i
CA rz"MB)pD}V$i.s,zh*+|mS=\?}]b(S
C}]bzIks)#
*SU}V$i,kq-b)=h:
1. Z0IBM \?\m10ZP,SB-Pm!q0vK$i1#
2. %w0SU1#
vV0SD~SU$i10Z#
3. S0}]`M1B-K%P,!q0Base64 `kD ASCII }]1#
4. dkB}V$iD0$iD~{1M0;C1#2IT9C0/@1
4%#
":g{ CA +$iw*gSJ~{"D;?V"M,rXk+$i
ty=;v@"DD~#
5. %w07(1#
6. vV0dkj)10Z#
7. dkB$iDj)"%w07(1#
by,0vK$i1VNM|,KB}V$iDj)#
231Tivoli SecureWay Policy Director WebSEAL \m8O
C.
9C
iKeym
an\
m$
i
![Page 252: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/252.jpg)
>}}V$i
g{;Yh*3v}V$i,rh*+dS}]bP>}#
":>}}V$i.0,k4(8]1>,T8TsXB4(}V$i
19C#
*>}}V$i,kq-b)=h:
1. Z0IBM \?\m10ZP,SB-Pm!q0vK$i1#
2. !q(;vT>)*>}D}V$i"%w0>}1#
vV07O10Z#
3. %w0G1#
!(}V$iDj)+;YvVZ0vK$i1VNP#
8(B1!$i
iKeyman 5CLrJm8(1!}V$i,T) WebSEAL Z\?}]
b|,`v0vK$i1u?19C#(g{zZH}!( CA DY=}
V$i1*<9C&CLrPDT)}V$i(CZbT),r}]b
PI\P`v}V$i#)
U=4T CA DQ)p}V$i.s,ITCT)}V$itZ}]b
P,"*<9C CA "vD}V$i,bIT(}+d8(*1!}V
$i4xP#}V$ij)0fPGE(*)r8>Cu?*1!}V
$i#
SU=DZ;v}V$irw*T)}V$i4(DZ;v}V$i+
T/jG*1!}V$i#?NSU;vB}V$ir4(;vT)}
V$i1,MCz!q+bvB}V$iw*1!}V$i#+z2I
Tf1w7X|D1!}V$i#
*|D1!}V$i,kq-b)=h:
1. Z0IBM \?\m10ZP,SB-Pm!q0vK$i1#
}V$ij)0fPGE(*)r8>Cu?*1!}V$i#
232 f> 3.8
![Page 253: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/253.jpg)
2. !qz*hC*1!}V$iDm;}V$i"%w0i4/`
-1#2IT+wCu?#
T>$iD0\?E"10Z#
3. !P0+C$ihC*1!$i14!r"%w07(1#
by,C$iMT>*1!}V$i,dj)0fPGE(*)#
|D}]b\k
iKeyman $_Jm|D\?}]bD\k#
*|D\?}]b\k,kq-b)=h:
1. r*;v\?}]b#
2. S0\?}]bD~1B-K%P,!q0|D\k1#
vV0|D\k10Z#
3. Z0\k1VNdkB\k,"Z07O\k1VNPYNdkC
\k#
4. !P0hC''1d14!r(g{J1)#
5. !P0+\kf"=D~14!r(g{J1)#
6. %w07(1#
4,8PD{"8>ksQI&jI#
233Tivoli SecureWay Policy Director WebSEAL \m8O
C.
9C
iKeym
an\
m$
i
![Page 254: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/254.jpg)
234 f> 3.8
![Page 255: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/255.jpg)
w}
[A]2+T_T
f. 4
)9tT 4
\#$Ts_T 4
ACL _T 4
[B]#$6p 3
1!6p 40
xg 41
wz 41
#$6p POP _T 66
#$J4 3
jGO$ 97
j)5 178
m%O$ 89
[C]N<E" 45
,1 75
,1N}
HTTP M HTTPS 23
[D]zmLr 45
%;"a
gSgx 108
En 162
dC GSO _Y:f 170
+V"a(GSO) 167
Z BA 7Pa)M'zm] 162
CDSSO 103
LTPA(WebSphere) 171
-b filter 166
-b gso 166
-b ignore 165
-b supply 163
G<
a>u~ 85
G<a>
u~ 85
]}G< 61
]}O$ 58
gSgxO$ 108
gSgx cookie 116
S\0$51jG 118
xLw 112
dC 119
Xw 111
0$51jG 118
0$51ksM&p 117
gSgx cookie 116
/,LqJq 178
/, URL
T POST kshC^F 187
Ev 183
|B,dynurl update 186
bv 186
235Tivoli SecureWay Policy Director WebSEAL \m8O
w}
![Page 256: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/256.jpg)
/, URL (x)
>} 190
a)CJXF 183
3d ACL Ts 184
\aM<u"M 189
dynurl-allow-large-posts 188
dynurl-map 184
GET M POST =( 187
post-max-read 187
[F]1>Z(}]b;C 43
4F0K WebSEAL ~qw 43
[G]_Y:f3FE" 30
vT/~q
Ev 181
dC WebSEAL 182
>} 183
y?<,WebSEAL 20 19
|B(*l} 42, 43
JO*F cookie,dC 80
}K2, HTML URL
xT URL 153
server-relative-URL 153
[H]sK&CLr'V 177
a0j6}]`M 79
a0_Y:f
GSKit 73
a0_Y:f (x)
WebSEAL 73
a0}]`M 70
a04,
\m 73
a0 cookie 76
tCa0 cookie 77
P'Da0j6}]`M 79
a0 cookie 76
tC 77
[J]y>O$
dC 87
yZxgDO$ POP _T 63
G<U>,HTTP 45
[K]IluT 11
4FDsK~qw 14
Q4FD0K~qw 11
[L]*a
20`v~qw 153
&m4TE>D URL(-j) 142
4(-r 127
zm*a(-H"-P) 135
Ev 8, 126
}K2, HTML URL 153
+a0 cookie "M=E'x>~qw
(-k) 141
236 f> 3.8
![Page 257: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/257.jpg)
*a (x)
`M!n(-t) 129
*a3dm 146
|nN< 209
?FB*a(-f) 138
?FmI( 154
+V"a(GSO) 167
9C*a3d&m`TZ~qwD
URL 146
9C BA 7DO$(-B"-U"-W) 134
yh!n 129
`%O$(-D"-K"-B"-U"-W) 132
CE>}K&mxT URL 145
C cookie &m`TZ~qwD URL 144
Z HTTP 7Pa)M'zm](-c) 139
Z HTTP 7Pa)M'z IP X7
(-r) 140
$iO$ 155
'V;xVs!4D URL(-i) 142
8(sK UUID(-u) 148
wz!n(-h) 129
4,#fac'V(-s"-u) 147
DN %d(-D) 133
gso !n(-b gso,-T) 169
LTPA(-A,-F,-Z) 171
pdadmin server task 128
WebSEAL M'z$i(-K) 133
WebSEAL A WebSEAL(-C) 136
Windows D~53(-w) 152
-b !nTZ`%O$*aD0l 134
-b filter 166
-b gso 166
-b ignore 165
-b supply 163
V/ 42
V/Z(}]b 43
[M]\k?H_T 54
\?}]bD~`M 36
?<w}<j 27
[N]Z]$H,request.log 47
[P]>$
ek LDAP }] 179
)9tT 178
Z HTTP 7Pek}] 179
>$q!
Ev 6
EPAC 7
[Q]0K WebSEAL ~qw
4F 43
ks 45
+V"a(GSO) 167
[R]O$
jG 97
m% 89
G<a> 85
gSgx 108
237Tivoli SecureWay Policy Director WebSEAL \m8O
w}
![Page 258: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/258.jpg)
O$ (x)
Ev 4
y>O$ 87
Kb}L 70
?D 5
dC`v=( 85
dCEv 83
\'VD=( 71
\'VDa0}]`M 70
$i 91
CDSSO 103
HTTP 7 95
IP X7 97
MPA 98
O$=(,\a 71
O$?H POP _T 58
[S]}N%wG<_T 53
Z(}]b1>;C 43
"B_Y:f 30
[T]7 95
[W]4O$DC',XF 67
D5_Y:f 28
_Y:f3FE" 30
"B_Y:f 30
D5y?<
|D;C 25
[X]`%O$D*a 132
[Y]&CLr'V,sK 177
[Z]$5ksM&p 117
$i
\m 35
\?}]bD~`M 36
GSKit 36
iKeyman 36
$iO$ 91
"z 86
Jq,/,Lq 178
Aaccept-client-certs 93
account-locked 34
acct_locked.html 35
ACL _T,X(Z WebSEAL 51
acnt-mgt Z 34
agents-file 45
agent.log 45
>} 48
authentication-levels Z 58, 64
authtoken-lifetime 107
aznapi-configuration Z 43
238 f> 3.8
![Page 259: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/259.jpg)
Bbackicon 27
basicauth-dummy-passwd 163
basic-auth-realm 87
ba-auth 87
Ccache-refresh-interval 43
CDMF 2mb 104
cdsso 106
CDSSO O$ 103
cdssoauthn 106
cdsso-auth 105
cdsso-peers Z 107
cdsso_key_gen 82, 107, 118
cert-ssl 94
CGI `L
'V 175
'V WIN32 73d? 176
cgi-environment-variables Z 176
cgi-timeout 24
cgi-types Z 27
client-connect-timeout 23
content-caches Z 28
CRL li 40
Ddb-file 43
default-webseal ACL _T 52
directory-index 26
diricon 27
disable-ssl-v2 22
disable-ssl-v3 22
disable-tls-v1 22
doc-root 25
dynurl update 186
dynurl-allow-large-posts 188
dynurl-map 184
dynurl.conf 184
Eec-cookie-lifetime 121
entrust-client 95
e-community-name 120
e-community-sso-auth 119
Ffailover-auth 82
failover-cookies-keyfile 82
failover-cookie-lifetime 83
filter-url Z 47, 154
flush-time 47
forms-auth 89
GGET =( 187
gmt-time 46
GSKit 36
D~`M 36
GSKit a0_Y:f 73
dC 75
GSO 167
dC GSO _Y:f 170
GSO _Y:f,dC 170
gso-cache-enabled 170
gso-cache-entry-idle-timeout 170
239Tivoli SecureWay Policy Director WebSEAL \m8O
w}
![Page 260: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/260.jpg)
gso-cache-lifetime 170
gso-cache-size 170
Hhelp 34
help.html 35
HTML (F3f 34
j'V 35
http 21
HTTP ms{" 31
j'V 33
HTTP +2U>q= 48
HTTP G< 45
HTTP 7O$ 95
HTTP 7PD LDAP }] 178
httpauthn 96
https 21
https-port 21
https-timeout(*a) 24
http-headers-auth 95
http-port 21
http-request 96
HTTP-Tag-Value 180
http-timeout(*a) 24
HTTP_IV_CREDS 139, 176, 178
HTTP_IV_GROUPS 139, 176, 178
HTTP_IV_REMOTE_ADDRESS 140
HTTP_IV_USER 139, 176, 178
IiKeyman 38
4(BD\?}]b 221
4(BDT)$i 223
r*1!\?}]b 219
iKeyman (x)
Ev 39
|D}]b\k 233
SU$i 231
t/ 218
ks~qw$i 230
>}y CA $i 225
>}$i 232
mSBy CA $i 225
`%O$ SSL *a 132
Z}]bd4F$i 226
8(B1!$i 232
SSL `M*a 131
WebSEAL bT$i 93
inactive-timeout 75
inter-domain-keys Z 118, 122
intra-domain-key 118, 120
IP X7O$ 97
ipaddr-auth 97
is-master-authn-server 120
iv-creds 139, 178
iv-groups 139, 178
iv-remote-address 140
iv-user 139, 178
Jjmt load 146
jmt-map 146
jmt.conf 146
junction-db 126
240 f> 3.8
![Page 261: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/261.jpg)
Lldapauthn 88, 89
ldap-ext-cred-tags Z 179, 180
libcdssoauthn 106
libhttpauthn 96
libldapauthn 88, 89
libsslauthn 94
libtokenauthn 97
listen-flags 43
logging Z 47
login 34
login.html 35, 90
logout 34
logout.html 35
log-filtered-pages 47
LTPA _Y:f,dC 172
LTPA(WebSphere) 171
dC*a 171
dC LTPA _Y:f 172
ltpa-cache Z 172
ltpa-cache-enabled 172
ltpa-cache-entry-idle-timeout 172
ltpa-cache-entry-lifetime 172
ltpa-cache-size 172
Mmaster-authn-server 121
master-https-port 120
master-http-port 120
max-entries 74
max-size 46
mgt-pages-root 34
mpa 102
MPA O$ 98
Nnexttoken.html 35
next-token 34
Ppasswd-change 34
passwd-change-failure 34
passwd-change-success 34
passwd-expired 34
passwd-ldap 88, 89
passwd.html 35
passwd_exp.html 35
passwd_rep.html 35
pdadmin _T
disable-time-interval 53
max-login-failures 53
max-password-repeated-chars 54
min-password-alphas 54
min-password-length 54
min-password-non-alphas 54
password-spaces 54
pdadmin server task(*a) 128
pd.conf 179
PD_PORTAL header 182
pd_start |n 20
persistent-con-timeout 23
ping-time(*a) 24
pkmscdsso 108
pkmslogout 86
pkmspasswd 86
pkmsvouchfor 117, 121
POP _T
#$6p 66
yZxgDO$ 63
O$?H(]}) 58
portal-map Z 182
241Tivoli SecureWay Policy Director WebSEAL \m8O
w}
![Page 262: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/262.jpg)
POST =( 187
dC^F 187
post-max-read 187
Qquery_contents 155
20 156
#$ 160
(F 158
query_contents.c 156
query_contents.cfg 156
query_contents.exe 156
query_contents.html 156
query_contents.sh 156
Rreferers-file 45
referer.log 45
>} 49
REMOTE_USER 176
requests-file 45
request.log 45
dCG<Z]$H 47
>} 48
resend-webseal-cookies 77
Sscript-filter 145
script-filtering Z 145
server-name 43
server-root 20
SSL a0j6 77
sslauthn 94
ssl-id-sessions 77
ssl-keyfile 39
ssl-keyfile-label 39
ssl-keyfile-pwd 39
ssl-keyfile-stash 39
ssl-ldap-server 40
ssl-ldap-server-port 40
ssl-ldap-user 40
ssl-ldap-user-password 40
ssl-max-entries 76
ssl-qop-mgmt 40
ssl-qop-mgmt-default Z 40
ssl-qop-mgmt-hosts Z 41
ssl-qop-mgmt-networks Z 41
ssl-v2-timeout 76
ssl-v3-timeout 76
stepuplogin.html 35, 61
stepup-login 34
Ttcp-port 43
tokenauthn 97
tokenlogin.html 35
token-auth 97
token-cdas 97
token-login 34
Uudp-port 43
unknownicon 27
use-same-session 77, 78
242 f> 3.8
![Page 263: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/263.jpg)
Vvf-token-lifetime 121
vf-url 121
WWebSEAL
Ev 1
t/M#9~qw 20
WebSEAL a0_Y:f 73
dC 74
WebSEAL *a,kND*a 125
webseald.conf
N< 195
Ev 18
;C 18
webseal-cert-keyfile 37
webseal-cert-keyfile-label 37, 93, 155
webseal-cert-keyfile-pwd 37
webseal-cert-keyfile-stash 37
webseal-mpa-servers i 101, 102
WebSphere LTPA 171
WIN32 73d?,'V 176
worker-threads 22
243Tivoli SecureWay Policy Director WebSEAL \m8O
w}
![Page 264: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/264.jpg)
244 f> 3.8
![Page 265: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/265.jpg)
![Page 266: Tivoli SecureWay Policy Director WebSEAL ¹ÜÀíÖ¸ÄÏpublib.boulder.ibm.com/tividd/td/SW_30/GC32-0684-01/zh_CN/PDF/ws-admguide.pdf6Tivoli SecureWay Policy Director WebSEAL 208O7](https://reader033.fdocuments.us/reader033/viewer/2022041920/5e6b9ed88711a92ffc4f8d47/html5/thumbnails/266.jpg)
Pz!"
GB84-0408-01