0

I have an application that wants to return a response back to the browser from the EAI. In this case, the response is a dynamically created XML document. WebSEAL seems to drop this response and return a 302. I want both a security session cookie from webseal and the XML response returned in the EAI response to end up at the browser, preferably with an HTTP 200 response, but maybe other response codes.

To elaborate:

  1. form-based authentication, posting userID, password, registered token value to trigger URL
  2. WebSEAL triggers and passes request to EAI
  3. EAI authenticates user ID and password, invokes webservice with user ID and registered token value
  4. web service returns XML in its response
  5. EAI sets authentication headers based on XML content and passes response onto WebSEAL
  6. WebSEAL catches authentication headers and creates security session and set cookie header for the credential
  7. WebSEAL responds with a 302 and removes the response body passed through the EAI from the web service

Question: Can WebSEAL be configured to pass the response untouched other than adding the credential cookie so that the requester gets the credential and the XML message body?

w_mark_c
  • 13
  • 1
  • 4

1 Answers1

0

It sounds like WebSEAL is throwing a 302 back to the EAI because there isn't a valid session. Also, for the other responses, you might need to check your operation handlers in the WebSEAL config and adjust accordingly. Also, make sure your EAI application junction is set to unauthenticated. Otherwise WebSEAL will go into an infinite redirect loop (your browser will eventually stop the madness). Make sure your EAI is passing back the correct authentication data back to WebSEAL so a valid TAM session is created.

There is a good diagram of the process flow for TAM 7 at:

http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=%2Fcom.ibm.isam.doc_70%2Fameb_appl_guide%2Fconcept%2Fcon_ext_authe_intfc_proc_flow.html

Also, a good write up on developing EAIs: http://pic.dhe.ibm.com/infocenter/ieduasst/secv1r0/topic/com.ibm.iea.tam/tam/6.1/authentication/eai_server.pdf

Matt
  • 731
  • 6
  • 7