What is most valuable?
Tivoli Access Manager's proxy product (WebSEAL) is extremely fast. The configuration options are mysterious and old-school, but they are a rich and small enough set that you can comprehend them and get it working right. The auth and policy product has a reasonable LDAP implementation.
How has it helped my organization?
Step-up authentication in WebSEAL is a hook. You write a function to a particular spec, register it, and it gets called. The hook is in C, which makes sense because WebSEAL is fast and could not be written in an interpreted or high-level language.
Note that this is a way to improve WebSEAL modules, not a way to defer authentication to another server. For more, compare the second and last entries on this page.
What needs improvement?
There is only a single step-up authentication path, but I have sometimes seen the need for several steps or a divergent path. It’s getting hard to find people willing to admit that they still write in C programming language.
For how long have I used the solution?
We have used this solution since 2003.
What do I think about the stability of the solution?
No stability issues. This solution fulfills the common expectations about IBM software. It is fussy to configure, but runs like iron once you’ve got it right.
What do I think about the scalability of the solution?
No scalability issues. I get problems with the LDAP or the underlying machine first.
How are customer service and technical support?
They provide very good technical support. Perimeter security is a hot-button topic and you can get some serious help if it’s not right.
Which solution did I use previously and why did I switch?
While there are many products in this field, most companies use either this solution or CA SSO. I encountered others on rare occasions, such as Oracle, Entrust, Ping Identity, and NetIQ.
What about the implementation team?
I am not an admin for this solution, but it holds no special terrors.
What's my experience with pricing, setup cost, and licensing?
Which other solutions did I evaluate?
I am a consultant and typically work with the IBM stack.
What other advice do I have?
This solution’s pricing is by usage, not by instance. That means you can set up as many instances as you like. Never craft a really complicated configuration. In other words, put functionality A over here, functionality B over there, and let your F5 (e.g.) direct the flow of traffic.