My current client has decided to try a new workflow product called Serena Business Manager. This product is a windows based product and available at http://serena.com/.
The scope of the project was to integrate a IBM Security Framework called Tivoli Access Manager and Tivoli Identity Manager with Serena Business Manager. My intention is to blog about the architecture and custom coding used to accomplish the end result.
The architecture is fairly simple. Tivoli Access Manager is responsible for all authentication duties within this architecture. Tivoli Access Manager has a reverse proxy (WebSeal) which is the one and only entry point to the Serena application and provides single sign on to Serena. WebSeal resides in the DMZ behind the internet facing firewall and in front of the firewall that separates the DMZ and secure zones.
Serena lives behind the firewall that protects the secure layer. Serena receives the authenticated user id via a http header and provides single sign on into the different serena components. Serena local repository still provides the detailed authorization by duplicating the TIM userids within its local repository.
Tivoli Identity Manager and SBM
Tivoli Identity Manager is the enterprise repository that maintains all user ids for this customer. Serena uses its local SQL Server based repository for Serena based authorization so the identities maintained in TIM must be duplicated in SBM local repository. To accomplish this, userids are created/modified or deleted automatically via a interface between Serena and Tivoli Identity Manager.
If a userid needs to be created with Serena entitlement, then the custom class is used to interface with Serena Web Services described in the SBM Web Services Development Guide. If the userid needs to be modified or deleted then similar actions take place via the custom developed interface between TIM and SBM.
View Robert Wehrle's profile
Wehrle Consulting 
Nice write up