IBM Tivoli Access Manager for e-business: WebSEAL Administration ...
10.02.2013 Views
Share Embed Flag

IBM Tivoli Access Manager for e-business: WebSEAL Administration ...

IBM Tivoli Access Manager for e-business: WebSEAL Administration ...

IBM Tivoli Access Manager for e-business: WebSEAL Administration ...

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
publib.boulder.ibm.com

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

<strong>WebSEAL</strong><br />

generates<br />

logging<br />

and<br />

auditing<br />

data<br />

using<br />

UTF-8.<br />

To<br />

prevent<br />

possible<br />

data<br />

loss,<br />

it<br />

is<br />

recommended<br />

that<br />

UTF-8<br />

be<br />

used<br />

to<br />

write<br />

the<br />

data<br />

to<br />

the<br />

appropriate<br />

logging<br />

and<br />

auditing<br />

files.<br />

When<br />

the<br />

local<br />

code<br />

page<br />

is<br />

non-UTF-8,<br />

data<br />

must<br />

be<br />

converted<br />

to<br />

non-UTF-8<br />

be<strong>for</strong>e<br />

it<br />

can<br />

be<br />

written.<br />

In<br />

this<br />

case,<br />

the<br />

possibility<br />

of<br />

data<br />

loss<br />

exists.<br />

All<br />

log<br />

audit<br />

files<br />

generated<br />

by<br />

<strong>WebSEAL</strong><br />

are<br />

in<br />

the<br />

language<br />

specified<br />

by<br />

the<br />

locale<br />

in<br />

which<br />

the<br />

server<br />

runs.<br />

The<br />

code<br />

page<br />

used<br />

to<br />

write<br />

the<br />

messages<br />

is<br />

configurable<br />

in<br />

the<br />

<strong>WebSEAL</strong><br />

routing<br />

file.<br />

For<br />

example,<br />

on<br />

UNIX<br />

systems,<br />

the<br />

file<br />

is<br />

/opt/pdweb/etc/routing.<br />

UTF-8<br />

environment<br />

variables<br />

<strong>for</strong><br />

CGI<br />

programs<br />

CGI<br />

scripts<br />

use<br />

environment<br />

variables<br />

are<br />

used<br />

to<br />

communicate<br />

with<br />

<strong>WebSEAL</strong>,<br />

and<br />

the<br />

environment<br />

variables<br />

must<br />

be<br />

in<br />

the<br />

local<br />

code<br />

page.<br />

Legacy<br />

CGI<br />

scripts<br />

expect<br />

raw<br />

(binary)<br />

local<br />

code<br />

page<br />

strings.<br />

To<br />

enable<br />

CGI<br />

scripts<br />

to<br />

understand<br />

environment<br />

variable<br />

values<br />

that<br />

can<br />

consist<br />

of<br />

UTF-8<br />

data,<br />

<strong>WebSEAL</strong><br />

provides<br />

additional<br />

environment<br />

variables.<br />

These<br />

variables<br />

have<br />

the<br />

same<br />

names<br />

as<br />

current<br />

CGI<br />

variables,<br />

but<br />

with<br />

the<br />

characters<br />

″_UTF8″<br />

appended<br />

to<br />

the<br />

end.<br />

The<br />

values<br />

of<br />

these<br />

variables<br />

are<br />

URI<br />

(Uni<strong>for</strong>m<br />

Resource<br />

Indicator)<br />

encoded<br />

UTF-8<br />

strings.<br />

URI<br />

encoding<br />

is<br />

used<br />

to<br />

prevent<br />

data<br />

loss<br />

on<br />

plat<strong>for</strong>ms<br />

which<br />

expect<br />

local<br />

code<br />

page<br />

environment<br />

variables<br />

in<br />

spawned<br />

processes.<br />

The<br />

variables<br />

are:<br />

v<br />

REMOTE_USER_UTF8<br />

v<br />

IV_USER_UTF8<br />

v<br />

HTTP_IV_USER_UTF8<br />

v<br />

IV_GROUPS_UTF8<br />

v<br />

HTTP_IV_GROUPS_UTF8<br />

New<br />

CGI<br />

programs<br />

should<br />

use<br />

these<br />

variables<br />

because<br />

their<br />

values<br />

contain<br />

UTF-8<br />

data.<br />

<strong>WebSEAL</strong><br />

stores<br />

the<br />

data<br />

<strong>for</strong><br />

these<br />

variables<br />

internally<br />

in<br />

UTF-8<br />

<strong>for</strong>mat.<br />

The<br />

data<br />

must<br />

be<br />

converted<br />

to<br />

local<br />

code<br />

page<br />

in<br />

order<br />

<strong>for</strong><br />

CGI<br />

programs<br />

to<br />

use<br />

it.<br />

When<br />

the<br />

old<br />

CGI<br />

variables<br />

(<br />

<strong>for</strong><br />

example,<br />

REMOTE_USER)<br />

are<br />

used,<br />

and<br />

the<br />

local<br />

code<br />

page<br />

is<br />

not<br />

UTF-8<br />

encoded,<br />

the<br />

conversion<br />

of<br />

the<br />

UTF-8<br />

data<br />

to<br />

the<br />

local<br />

code<br />

page<br />

can,<br />

in<br />

some<br />

cases,<br />

result<br />

in<br />

data<br />

corruption.<br />

UTF-8<br />

impact<br />

on<br />

authentication<br />

The<br />

use<br />

of<br />

UTF-8<br />

<strong>for</strong><br />

internal<br />

data<br />

handling<br />

has<br />

the<br />

following<br />

impacts<br />

on<br />

<strong>WebSEAL</strong>’s<br />

processing<br />

of<br />

authentication<br />

requests:<br />

v<br />

UTF-8<br />

logins<br />

over<br />

basic<br />

authentication<br />

not<br />

supported<br />

Use<br />

of<br />

UTF-8<br />

with<br />

basic<br />

authentication<br />

(BA)<br />

login<br />

is<br />

not<br />

supported.<br />

UTF-8<br />

logins<br />

with<br />

BA<br />

cannot<br />

be<br />

supported<br />

because<br />

browsers<br />

transmit<br />

data<br />

in<br />

inconsistent<br />

ways.<br />

In<br />

prior<br />

releases,<br />

<strong>WebSEAL</strong><br />

did<br />

not<br />

support<br />

multi-byte<br />

BA<br />

logins<br />

because<br />

of<br />

browser<br />

inconsistency.<br />

This<br />

is<br />

unchanged<br />

<strong>for</strong><br />

Version<br />

5.1.<br />

<strong>WebSEAL</strong><br />

consumes<br />

BA<br />

login<br />

strings<br />

with<br />

the<br />

expectation<br />

that<br />

they<br />

are<br />

in<br />

local<br />

code<br />

page.<br />

<strong>WebSEAL</strong><br />

supports<br />

7-bit<br />

ASCII<br />

and<br />

single-byte<br />

Latin<br />

code<br />

pages.<br />

Thus,<br />

<strong>for</strong><br />

example,<br />

a<br />

server<br />

that<br />

wants<br />

to<br />

allow<br />

French<br />

users<br />

to<br />

use<br />

BA<br />

logins<br />

must<br />

run<br />

in<br />

a<br />

Latin<br />

locale.<br />

<strong>WebSEAL</strong><br />

consumes<br />

the<br />

BA<br />

login<br />

string<br />

and<br />

converts<br />

it<br />

to<br />

UTF-8<br />

internally.<br />

However,<br />

if<br />

the<br />

French<br />

user<br />

has<br />

a<br />

UTF-8<br />

code<br />

page,<br />

BA<br />

login<br />

is<br />

not<br />

available,<br />

because<br />

the<br />

login<br />

string<br />

will<br />

be<br />

multi-byte.<br />

v<br />

Forms<br />

login<br />

46<br />

<strong>IBM</strong><br />

<strong>Tivoli</strong><br />

<strong>Access</strong><br />

<strong>Manager</strong><br />

<strong>for</strong><br />

e-<strong>business</strong>:<br />

<strong>WebSEAL</strong><br />

<strong>Administration</strong><br />

Guide

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!