 |
If you decide to customize Web Express Logon, you may take either of the following two approaches — (1) customize the existing Credential Mapper Servlet (CMS) (opens new browser) or (2) replace the entire CMS with your own custom version. Although the first approach requires some J2EE knowledge, it is easier to implement than the second approach and does not require experience creating servlets.
The CMS is the core of the credential-mapping framework. It is supplied with Host On-Demand and must be deployed to a J2EE-compliant Web application server. At a high level, the CMS is responsible for the following tasks: (1) determine the client's identity (called a network ID), (2) map the user's network ID to the host ID, and (3) return the host credentials to the client as an XML document. It accomplishes these tasks through credential mapper Java classes called plug-ins. Web Express Logon provides two Network Security plug-ins (one for Tivoli Access Manager and one for Siteminder) to perform the request part of the process and two Host Credential plug-ins (one for DCAS and one for Vault) to perform the response part.
The Network Security plug-in retrieves the user's credentials from the network security application after the user has made an HTTPS request to the CMS. It identifies the user by way of the network user ID and password and then passes it on to the appropriate Host Credential plug-in. The Host Credential plug-in then determines the host user ID and acquires the host access credentials.
If you take the first approach, you can create a Network Security plug-ins and/or a HCM plug-in. For example, if your network security application is not one of three applications supported by Web Express Logon, you can create a Network Security plug-in to meet the requirements of your application. Also, if you want to use an LDAP directory as your HCM database instead of a JDBC database such as IBM DB2, for example, you can customize create your own HCM plug-in.
Click Next to learn more about these two approaches.