This topic applies only on the z/OS operating system.

Custom one to one LDAP to System Authorization Facility (SAF) mapping modules

You can customize Java™ Authentication and Authorization (JAAS) login configurations by writing a customized login mapping module.

WebSphere® Application Server for z/OS® has the ability to provide mapping from a remote method invocation (RMI) inbound request with LDAP credentials to the system authorization facility (SAF) Identity. The use case is a WebSphere Application Server on any platform that is configured to LDAP and sends a RMI/IIOP request to a second server configured to a SAF User Registry. The WebSphere Application Server (release 5.1 and higher) sends a RMI request using LTPA Token representing the LDAP identity to the WebSphere Application Server for z/OS that is configured to SAF. The following figure illustrates this mapping.


Figure 1. Mapping from RMI inbound request with LDAP credentials to SAF Identity




Related tasks
Writing a custom System Authorization Facility (SAF) mapping module with non-local operating system
Installing and configuring a custom System Authorization Facility mapping module for WebSphere Application Server
Developing custom login modules for a system login configuration
Developing programmatic logins with the Java Authentication and Authorization Service
Concept topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 10:43:27 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v602web&product=was-nd-mp&topic=csec_LDAP_SAF_loginmods
File name: csec_LDAP_SAF_loginmods.html