Use this task to modify configurations to perform System Authorization Facility (SAF) identity mapping.
A mapping module must be placed in the Java Authentication and Authorization Service (JAAS) configuration to provide the mapping from a non-local OS registry to a SAF user ID. The com.ibm.ws.security.common.auth.module.MapPlatformSubject login module follows this mapping module in the configuration. You can do this using either the Simple WebSphere Authentication Mechanism (SWAM) or the Lightweight Third Party Authentication (LTPA) authentication mechanism.
You cannot use an Integrated Cryptographic Service Facility (ICSF) authentication mechanism.
Refer to Selecting an authentication mechanism for more information. Refer to Java Authentication and Authorization Service for more information.
Application login configurations do not require changes to modify configurations to perform SAF identity mapping. The WebSphere application login configuration entry WSLogin, calls a system login module that is configured as the default, which performs the mapping if SAF authorization is required.
To modify configurations to perform System Authorization Facility (SAF) identity mapping and if WebSphere Application Server is configured, you must take the following steps.
When LTPA is configured, if you are mapping the WebSphere Application Server user registry to a SAF user ID, the following system login configuration entries must be configured to provide the user mapping:
WebSphere Application Server administrative console requests and a subset of administrative functions, including file transfer, authenticate using this login configuration entry.
When SWAM is configured and you are mapping the WebSphere Application Server user registry to a SAF identity, configure the following system login configuration entry to provide the user mapping:
In this information ...Related concepts
Related reference
| IBM Redbooks, demos, education, and more(Index) |