Interoperating with previous product versions

Before you begin

IBM WebSphere Application Server, Version 5 interoperates with the previous product versions (such as Version 4 and Version 3.5). Interoperability is achieved using the zSAS security mechanism for localOS and SAF-based authorization.

Steps for this task

  1. Enable security with the LTPA authentication mechanism and the Local OS user registry.
    Make sure that the same Local OS user registry is shared by all the product versions.
  2. If SSL is configured on a previous product version, your servers must have a basis to establish trust. Using Resource Access Control Facility (RACF), your system can check to ensure that the intermediate server can be trusted (to confer this level of trust, CBIND authorization is granted by administrators to RACF user IDs that run secure system code). System SSL repertoires use a System Authorization Facility (SAF) keyring to retrieve the personal certificate and trust stores. You must connect the trust basis for the server certificates (on the default setup the certificate authority certificate) of the previous version server into the keyring of the WebSphere Application Server for z/OS Version 5.0 server.
  3. If you wish to share a single signon (SSO) domain with a WebSphere Application Server for z/OS Version 4.0 or Version 3.5 server, Integrated Cryptographic Services Facility (ICSF) must be chosen as the authentication mechanism.
    Additionally, the ICSF key label must be used by the WebSphere Application Server for z/OS Version 5 server (and the previous versions of the servers such as WebSphere Application Server for z/OS Version 4.0 or Version 3.5).
  4. Verify that the application uses the correct JNDI name.
    In Version 5, the enterprise beans are registered with long JNDI names like, (top)/nodes/node_name/servers/server_name/HelloHome. Whereas in previous releases, enterprise beans are registered under a root like, (top)/HelloHome. Therefore, EJB applications from previous versions perform a lookup on the Version 5 enterprise beans.

    You can also create EJB name bindings in Version 5 that are compatible with the previous version. To create an EJB name binding at the root Version 5, start the administrative console and click Environment > Naming > Naming Space Bindings > New > EJB > Next. Complete all the fields and enter a short name (for example, -HelloHome) as the JNDI Name. Click Next and Finish.

  5. Stop and restart all the servers.
  6. Make sure that the correct naming bootstrap port is used to perform naming lookup.
    In previous product versions, the naming bootstrap port is 900. In Version 5, the bootstrap port is 2809.



Searchable topic ID:   tsecinteroperaten
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_interoperaten.html

Library | Support | Terms of Use | Feedback