This file gives an overview of how to use audit support.
Auditing is performed using SMF records issued by RACF or an equivalent External Security Manager. This means that SMF audit records are cut as part of the WebSphere use of SAF interfaces such as IRRSIA00 (to manage ACEEs) and the RACROUTE macro.
The table
below lists the various security authentication mechanisms and the corresponding
data that is written to each part of the ACEE X500NAME field (this data is
also in the RACO and SMF records). The information under "Service Name" is
the constant string that is included in the "Issuer's Distinguished Name"
field of X500NAME. The information under "Authenticated Identity" is the principal
that is recorded in the "Subject's Distinguished Name" field.
Authentication mechanism | Service name | Authenticated identity |
Custom Registry | WebSphere Custom Registry | Custom registry principal name |
Kerberos | Kerberos for WebSphere Application Server | Kerberos principal, in the "DCE" format used for extracting the corresponding MVS userid using IRRSIM00 (/.../realm/principal) |
RunAs Rolename | WebSphere Role Name | Role name |
RunAs Server | WebSphere Server Credential | MVS userid |
Trust Interceptor | WebSphere Authorized Login | MVS userid |
RunAs Userid/Password | WebSphere Userid/Password | MVS Userid |