You can create a new application login that uses the Tivoli Access Manager GSO database to store the login credentials.
Module class name: com.tivoli.pdwas.gso.AMPrincipalMapper
Use Login Module Proxy: enable
Authentication strategy: REQUIRED
The Tivoli Access Manager principal mapping module uses the authDataAlias configuration string to retrieve the correct user name and password from the security configuration.
Scenario 1
Auth Data Alias - BackendEIS/eisUser
Resource - BackEndEIS
User - eisUser
Principal Mapping Parameters
Name | Value |
delegate | com.tivoli.pdwas.gso.AMPrincipalMapper |
com.tivoli.pd.as.gso.AliasContainsUserName | true |
com.tivoli.pd.as.gso.AliasContainsNodeName | false |
com.tivoli.pd.as.gso.AMLoggingURL | file:///jlog_props_path |
debug | false |
Scenario 2
Auth Data Alias - BackendEIS
Resource - BackEndEIS
User - Currently authenticated WebSphere Application Server user
Principal Mapping Parameters
Name | Value |
delegate | com.tivoli.pdwas.gso.AMPrincipalMapper |
com.tivoli.pd.as.gso.AliasContainsUserName | false |
com.tivoli.pd.as.gso.AliasContainsNodeName | false |
com.tivoli.pd.as.gso.AMLoggingURL | file:///jlog_props_path |
debug | false |
Scenario 3
Auth Data Alias - nodename/BackendEIS/eisUser
Resource - BackEndEIS
User - eisUser
Principal Mapping Parameters
Name | Value |
delegate | com.tivoli.pdwas.gso.AMPrincipalMapper |
com.tivoli.pd.as.gso.AliasContainsUserName | true |
com.tivoli.pd.as.gso.AliasContainsNodeName | true |
com.tivoli.pd.as.gso.AMLoggingURL | file:///jlog_props_path |
debug | false |
Scenario 4
Auth Data Alias - nodename/BackendEIS/eisUser
Resource - nodename/BackEndEIS (notice that node name is not removed)
User - eisUser
Principal Mapping Parameters
Name | Value |
delegate | com.tivoli.pdwas.gso.AMPrincipalMapper |
com.tivoli.pd.as.gso.AliasContainsUserName | true |
com.tivoli.pd.as.gso.AliasContainsNodeName | false |
com.tivoli.pd.as.gso.AMLoggingURL | file:///jlog_props_path |
debug | false |
Scenario 5
Auth Data Alias - BackendEIS/eisUser
Resource - BackEndEIS
User - eisUser
Principal Mapping Parameters
Name | Value |
delegate | com.tivoli.pdwas.gso.AMPrincipalMapper |
com.tivoli.pd.as.gso.AliasContainsUserName | false |
com.tivoli.pd.as.gso.AliasContainsNodeName | true |
com.tivoli.pd.as.gso.AMLoggingURL | file:///jlog_props_path |
debug | false |
Scenario 6
Auth Data Alias - nodename/BackendEIS/eisUser
Resource - nodename/BackendEIS/eisUser
(notice that the resource is the same as Auth Data Alias).
User - Currently authenticated WebSphere Application Server user
Principal Mapping Parameters
Name | Value |
delegate | com.tivoli.pdwas.gso.AMPrincipalMapper |
com.tivoli.pd.as.gso.AliasContainsUserName | false |
com.tivoli.pd.as.gso.AliasContainsNodeName | false |
com.tivoli.pd.as.gso.AMLoggingURL | file:///jlog_props_path |
debug | false |
To create the J2C authentication aliases, from the WebSphere Application Server administrative console, click Security >Secure administration, applications, and infrastructure. Under Authentication, click Java Authentication and Authorization Service > J2C authentication data, and then click New for each new entry. Refer to the previous table for scenario inputs.
The resource adapter can be standalone and does not need to be packaged with the application. The resource adapter is configured from Resources > Resource Adapters for standalone scenarios.
In this information ...Related concepts
| IBM Redbooks, demos, education, and more(Index) Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience. This feature requires Internet access. Most of the following links will take you to information that is not part of the formal product documentation and is provided "as is." Some of these links go to non-IBM Web sites and are provided for your convenience only and do not in any manner serve as an endorsement by IBM of those Web sites, the material thereon, or the owner thereof. |