This topic applies only on the i5/OS operating system.

Deploying the Enterprise Identity Mapping sample application

You can deploy the sample application into the WebSphere Application Server environment.

Before you begin

Using Enterprise Identity Mapping (EIM) identity token connection factories requires that WebSphere Application Server administrative security be enabled. However, no restrictions or limitations exist on how you choose to configure administrative security.

Before you deploy the sample application, you must enable WebSphere Application Server administrative security. This step is not required if you already have administrative security enabled for your WebSphere Application Server profile. For more information on how to configure security, see Enabling security.

About this task

The source code files that are used to implement the sample application are contained in the testIdentityToken.ear file and can be used as a model for creating your own applications.

The com.ibm.identitytoken.IdentityTokenTest class is a servlet in the sample application. After the application is deployed, the source code file for the IdentityTokenTest servlet is in this directory:
profile_root/installedApps/testIdentityToken.ear/testIdentityTokenWeb.war
/WEB-INF/source/com/ibm/identityToken/IdentityTokenTest.java
Note the IdentityTokenTest servlet design features when you implement your own application.
  • A profile variable with a String type and the name, sourceApplicationID, is set in the init method of the IdentityTokenTest servlet. This variable is later used with the setSourceApplicationID method of a ConnectionSpecImpl object to uniquely identify the application to Enterprise Identity Mapping (EIM). When you implement your own applications, use a similar convention to assign a unique SourceApplicationID ID.
  • After an identity token is generated, it is used to create a com.ibm.as400.access.AS400 object, which is stored in an HTTPSession object immediately after the AS400 object is used to run the OS/400 server command on the selected host server. Only the AS400 object persists across requests to the server (not the IdentityToken object), which provides improved performance for subsequent requests, and the identity token does not expire.

The following steps help you deploy the sample application into the WebSphere Application Server environment.

Procedure

  1. Restart your application server.

    See Starting an application server and Stopping an application server for more information on how to restart your application server.

  2. Deploy the sample application.
    1. In the WebSphere Application Server administrative console, click Applications > Install applications.
    2. Select Local path if you have a drive mapped to your iSeries server. Otherwise, select Server path.
    3. Specify the path name or browse to the path name for the testidentitytoken.ear enterprise archive (EAR) file. This file is found in the /QIBM/ProdData/OS400/security/eim/ directory on your i5/OS V5R3 (or later) server.
    4. Click Next.
    5. Optional: Change the virtual host values.
    6. Click Next.
    7. Select your installation options, and click Next.
    8. Decide whether to map modules to servers and click Next.
    9. Select your module in the Map resource references to resources panel and click Next.
    10. Optional: Change the Java Naming and Directory Interface (JNDI) name for the eis/IdentityToken_Shared_Reference reference binding . Do this step if you configured your connection factory with a JNDI name other than eis/IdentityToken.
    11. Accept the default values for the remainder of the panels and click Next.
    12. On the Summary panel, click Finish.
    13. Expand System administration and click Save Changes to Master Repository.
    14. Click Save.
  3. Run the sample application.
    1. In the WebSphere Application Server administrative console, click Applications > Enterprise applications.
    2. Select the testIdentityToken application.
    3. Click Start.
    4. Open a new session of your Web browser.
    5. If you mapped the sample application Web module to an external Web server, refresh your WebSphere Application Server Web server plug-in.
      To refresh the Web server plug-in, perform the following steps:
      1. Click Servers > Web servers > Web_server_name.
      2. Click Generate Plug-in.
    6. Specify the application welcome page from your Web browser. Use the following Web address:
      http://your.server.name:port/testIdentityTokenWeb/IDTknTest.jsp

      The your.server.name and port variables are the values for your external Web server or internal HTTP transport (WebSphere Application Server container).

    7. Specify a value for OS/400 host system name and for OS/400 command. For example, if you have EIM configured for the my_server server, specify my_server in the OS/400 host system name field. Specify crtlib my_library in the OS/400 command field.
    8. Click Submit.
    9. Specify a user ID and password at the login prompt.

      After you click Submit, the request is sent to the IdentityTokenTest servlet, which is protected by the allUsers role. The allUsers role is bound to the AllAuthenticated special subject so any user in the WebSphere Application Server user registry is authorized to access the IdentityTokenTest servlet.

    10. Click OK. If you specified my_library, the response is similar to the following example:
      Library my_library created.
      
    11. Verify that the library is created under the user profile that is mapped by EIM:
      1. From a CL command line, enter wrklnk '/QSYS.LIB/my_library.lib'.
      2. On the Work with Object Links screen, enter 8 in the option field to the left of my_library.lib.
      3. Verify that the value of the Owner attribute for the my_library library is the user profile that is mapped by EIM.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 4:28:44 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-mp&topic=tsec_idtokenconfigdep
File name: tsec_idtokenconfigdep.html