You can customize Java Authentication and Authorization (JAAS) login configurations by writing a customized login mapping module.
If a non-local operating system registry is configured and the Authorization option is selected, you must install a mapping class followed by the com.ibm.ws.security.common.auth.module.MapPlatformSubject login module. A sample mapping class, com.ibm.websphere.security.SampleSAFMappingModule, is shipped with WebSphere Application Server and can be used as a starting point. The mapping class must be placed in the JAAS configuration to provide mapping from a registry other than local operating system to a SAF user ID prior to enabling administrative security. The Authorization option is accessible by completing the following steps:
See other articles about JAAS and SAF.