View Source

In the DualShield authentication server we need to create an Application which will be used for the multi-factor authentication in Tivoli WebSeal.
An Application in DualShield is also associated with a Login Procedure, which defines how users must authenticate (the Logon Steps) when they initiate a Login to the Application.

Logon Procedure

Login to the DualShield Administration Console.
Navigate to "Authentication | Logon Procedures:
Click the "+ CREATE" button
Enter an appropriate "Name" for the new Logon Procedure, plus set 'Type' as "Web SSO":

DualShield MFA Platform > DualShield Configuration [WSL] > image-2024-11-28_16-52-14.png

Click the context "..." menu on the new Logon Procedure, then select "Logon Steps"
Select the "+ ADD" button, then select an authenticator from the list. Then "SAVE".
Repeat for the Second Logon Step. For this implementation we have chosen "Static Password" (AD account) and "One-Time Password":

DualShield MFA Platform > DualShield Configuration [WSL] > image-2024-11-28_16-55-25.png

Create Web Application

The next step is to create an Application in DualShield for the Web application in your WebSeal.
Navigate to "Authentication | Applications".
Click the "+ CREATE" button to create a new Application
Provide an appropriate "Name" for this new Application
Select from the drop-down your internal "Realm"
Plus select the Login Procedure created in the previous Step.

DualShield MFA Platform > DualShield Configuration [WSL] > image-2024-11-28_17-0-0.png

Click "SAVE" to create the new Application.

DualShield MFA Platform > DualShield Configuration [WSL] > image-2024-11-28_17-4-37.png

Select the Application context "..." menu and select "Agents". Connect the Application to "Single Sign-on Server / SSO Server".
Click "SAVE" to confirm.

Select the Application context "..." menu and select "Self Test", to confirm the Application is correctly setup:

DualShield MFA Platform > DualShield Configuration [WSL] > image-2024-11-28_17-5-34.png

Service Provider

We also need to create an SSO Service Provider for the WebSeal Appliance.
Navigate to "SSO | Service Providers"
Click the "+ CREATE" button
SSO Server: Select "Single Sign-on Server"
Application: Select the Application previously created for WebSeal.
Name: Enter an appropriate Name for this Service Provider
Type: Ensure this is set to "Generic"
Entity ID: Enter a text string that will uniquely identify this Service Provider. The EntityID should only contains alphanumeric characters.

DualShield MFA Platform > DualShield Configuration [WSL] > image-2024-11-28_17-16-55.png

Select the "Attributes" Tab...
Click to "+ CREATE" a new Attribute, using the following credentials....
Location: HTTP Header
Name: Use the specific string "am-eai-user-id" then 'Maps to an identity attribute'....
Browse your AD Identity Source, for user account attribute "Login Name".
Then click "SAVE", and "SAVE" again at the next window, to add this Attribute.

DualShield MFA Platform > DualShield Configuration [WSL] > image-2024-11-28_17-24-7.png

You can add any other attributes as / if necessary.