This topic gives an overview of how to use audit support.
Auditing is performed using SMF records
issued by RACF® or an equivalent External Security Manager.
This means that SMF audit records are cut as part of the WebSphere® Application Server use of SAF
interfaces such as IRRSIA00 (to manage ACEEs) and the RACROUTE macro.
Table 1. Security authentication mechanisms and the corresponding
data that is written to each part of the ACEE X500NAME field. The following table lists the various security authentication
mechanisms and the corresponding data that is written to each part
of the ACEE X500NAME field (this data is also in the
RACO and SMF records).
Authentication mechanism |
Service name |
Authenticated identity |
Custom
Registry |
WebSphere Custom Registry |
Custom
registry principal name |
Kerberos |
Kerberos
for WebSphere Application Server |
Kerberos
principal, in the "DCE" format used for extracting the corresponding MVS™ userid
using IRRSIM00 (/.../realm/principal) |
RunAs
Rolename |
WebSphere Role Name |
Role
name |
RunAs
Server |
WebSphere Server Credential |
MVS userid |
Trust
Interceptor |
WebSphere Authorized Login |
MVS userid |
RunAs
Userid/Password |
WebSphere Userid/Password |
MVS Userid |
|
In addition to tracking by MVS userid,
events need to be traced to an originating userid. This is especially
true for originating userids that are not MVS-based, such as EJB Roles,
Kerberos principals, and Custom Registry principals.