Writing a custom System Authorization Facility (SAF) mapping module with non-local operating system

You can customize Java Authentication and Authorization (JAAS) login configurations by writing a customized login mapping module.

Before you begin

The WebSphere Application Server ltpaLoginModule module and the AuthenLoginModule module use the shared state to save state information with the capability to allow LoginModules can modify state information. The ltpaLoginModule initializes the callback array in the login() method using the following code. The callback array is created by ltpaLoginModule only if an array is not defined in the shared state area.

About this task

If a non-local operating system registry is configured and the Authorization option is selected, you must install a mapping class followed by the com.ibm.ws.security.common.auth.module.MapPlatformSubject login module. A sample mapping class, com.ibm.websphere.security.SampleSAFMappingModule, is shipped with WebSphere Application Server and can be used as a starting point. The mapping class must be placed in the JAAS configuration to provide mapping from a registry other than local operating system to a SAF user ID prior to enabling administrative security. The Authorization option is accessible by completing the following steps:

Procedure

  1. Click Security > Secure administration, applications, and infrastructure.
  2. Under Additional properties, click z/OS SAF properties.

What to do next

See other articles about JAAS and SAF.




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 12:02:36 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-zos&topic=tsec_writesafmapmods
File name: tsec_writesafmapmods.html