Agent for IBM WebSphere Application Server 6.0 is designed to facilitate Single Sign-On (SSO) and enforce access control for application resources hosted by IBM WebSphere Application Server 6.0. When a user requests access to a hosted and protected application resource, the agent ensures the following:
The user has already been authenticated. If not, the agent coordinates with Access Manager Authentication Service to ensure successful user authentication by participating in a choreographed sequence of HTTP interactions. Once authenticated, the user's identity is established within IBM WebSphere Application Server's J2EE container. This identity is further propagated to any down-stream EJB container if the request processing results in access to a resource within that container.
The propagation of the security identity information of a particular user to a down-stream EJB container might require additional configuration changes in some cases. Such cases typically include clustered deployments and other specialized configurations.
The user's privileged attributes are available for membership evaluation of roles and other constraints as required to enforce any declarative or programmatic security policies within the application.
Privileged attributes for a user in an Access Manager environment can range from simple LDAP Role membership information to highly customized attribute information provided via protected session properties. Other examples include custom identity types configured within the Access Manager Identity Repository Service.
Any URL Policies defined within Access Manager Policy Service for securing access to the requested URLs are enforced as necessary.
Agent for IBM WebSphere Application Server 6.0 provides per instance configuration that allows you to enable or disable a part of the above functionality as necessary in certain deployment scenarios. For instance, the agent allows you to choose if the identity of the user should be established within Agent for IBM WebSphere Application Server's J2EE container. Furthermore, the agent provides a great deal of other functionality that allows you to customize its behavior in the most appropriate way to suit your site's deployment.