Configuring your application to use EIM

Before you configure your applications to use EIM, you will need to import an external connector resource archive (RAR) file into your workspace. If you are using WebSphere Development Studio Client for iSeries V5.1.2, refer to the section at the end of this document.
  1. From the IDE, select File > Import.
  2. Select RAR file and click Next.
  3. In the Connector Import dialog, select Browse and navigate to \Program Files\IBM\Rational\SDP\6.0\radi_prod\eclipse\plugins\com.ibm.etools.iseries.webtools.ae_6.0.0\lib.
  4. Select the eimIdTokenRA.rar file and click Open to add it to the Connector Import dialog.
  5. Select your EAR project from the list.

    Note: Two RAR files are provided. eimIdTokenRA.rar encapsulates eim.jar and facilitates deployment. idTokenRA.rar does not contain eim.jar, and requires the user to add it and configure the Server classpath.
  6. Click Finish to import the RAR file into a new project.

    Now configure the resource adapter to use the EIM domain created previously.

  7. In the Project Navigator, expand the EAR folder for your project and double-click the EAR Deployment Descriptor file (application.xml) under META-INF to open it in the editor.
  8. Click the Deployment tab and expand the Authentication section.
  9. Click Add to configure JAAS authentication for the LDAP administrator. Enter the user ID and password for this administrator and click OK.
  10. Expand the J2C Options section.
  11. Click Add next to J2C Resource Adapters. The Create Resource Adapter dialog is displayed with the resource adapter name eimIdTokenRA in the Resource Adapter Name field. Click OK to close the dialog.
  12. Click Add next to J2C Connection Factories. The Create Connection Factory dialog is displayed.
  13. Enter a name for the connection factory.
  14. Enter a JNDI name for this connection factory in the JNDI name field (for example, eis/idTokenRoot).
  15. Set Max connections to 6.
  16. Select the LDAP administrator for the Container-managed and Component-managed authentication aliases and click OK.

  17. Under Resource Properties, enter your iSeries host name as the value for LdapHostName, the name of your EIM domain (specified during EIM configuration) as the value for EimDomainName, and System_A_WAS as the value for SourceRegistryName.
    • LDAPHostName - enter your LDAP host name
    • EimDomainName - enter the name of your EIM domain, specified during EIM configuration
    • ParentDomain - enter the base distinguished name for the directory service. This value was also used during LDAP and WAS configuration.
    • SourceRegistryName - enter the name of your LDAP registry, for example, System_A_WAS

  18. Save and close the server configuration.
  19. In the Servers view, right-click the test server and select Restart to start it.
Related concepts
Deployment descriptor

Configuring authentication settings for your WebFacing application

If you are using the WebFacing Tool, configure authentication settings in the Run Time properties for your project. See Setting authentication options for more information on setting authentication options for WebFacing applications.

  1. To open your WebFacing project properties, right-click the project and select Properties. The host name in the project settings is that of the system containing the target registry.
  2. Click the Authentication tab to view the authentication settings.
  3. Click the Use single signon radio button.
  4. For this example, check the Specify EIM resource reference field and enter idTokenRR.
    Note: The string idTokenRR can be any string. It is used when mapping this resource reference to the actual adapter name configured in WAS. This string is case sensitive.
  5. Click OK to finish.

Configuring authentication settings using Web Tools

If you are using Web Tools, enable single signon using the iSeries Web Tools Run-time Configuration wizard. See Configuring your iSeries run time for more information on defining authentication values when using Web Tools.

  1. In the Web perspective, right-click and select iSeries Web Tools Run-time Configuration.
  2. Click the Single signon radio button.
  3. Enter Click the Use single signon radio button.
  4. Enter the name of the host where the program resides in the Host name field and idTokenRR in the EIM resource reference field.
    Note: The string idTokenRR can be any string. It is used when mapping this resource reference to the actual adapter name configured in WAS. This string is case sensitive.
  5. Click Finish to complete the wizard.

Adding a resource reference to the Web Deployment Descriptor

Now update the Web Deployment Descriptor for both Web Tools and WebFacing applications.

  1. In the Project Navigator, expand the Web project folder and double-click the Web Deployment Descriptor (web.xml) file for your project to open it in the editor.
  2. Now click the References tab to configure the resource references.
  3. Click Add and select Resource reference to specify the resource reference for the application.
  4. Click Next.
  5. In this example, type idTokenRR for the resource reference, enter ibm.jca.idtoken.ConnectionFactoryImpl in the Type field, and select Container from the Authentication list.
  6. Click Finish.
  7. Under WebSphere Bindings, enter eis/idTokenRoot for the JNDI name. This is the name you specified when configuring EIM.
  8. Save and close the Web Deployment Descriptor file.

Configuring your application to use EIM (V5.x)

After you have configured EIM on your iSeries server, you can update the security and authentication settings for your application to use single signon. You will also need to import an external connector resource archive (RAR) file into your project.
  1. From the Web Perspective, select your Web project and click File > Import.
  2. Select RAR file and click Next.
  3. In the Connector Import dialog, select Browse and navigate to <WDSC>\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.ae\lib.
  4. Select the eimIdTokenRA.rar file and click Open to add it to the Connector Import dialog.

  5. Click Finish to import the RAR file into the Web project.

    Next, you need to configure authentication settings for your application.

  6. If you are using the WebFacing Tool, configure authentication settings in the Run Time properties for your project. See Setting authentication options for more information on setting authentication options for WebFacing applications. For this example, check the Specify EIM resource reference field and enter idTokenRR.

  7. If you are using Web Tools, enable single signon using the iSeries Web Tools Run-time Configuration wizard. See Configuring your iSeries run time for more information on defining authentication values when using Web Tools. For this example, enter idTokenRR in the EIM resource reference field in the wizard.

  8. In the Project Navigator, expand the Web project folder and double-click the Web Deployment Descriptor file for your project to open it in the editor.
  9. Now click the References tab to configure the resource references.
  10. At the top of this page, click the Resource tab and then click Add to specify the resource reference for the application. This is the same value as the one you specified when you enabled single signon in the run-time configuration parameters for Web Tools, or in the project properties for your WebFacing application.
  11. In this example, type idTokenRR for the resource reference and enter eis/idTokenRoot in the JNDI Name field under WebSphere Bindings.

  12. Save and close the Web Deployment Descriptor file.
  13. Now configure the server for Web security and the idToken JCA connector.

  14. From the Server perspective, right-click Servers and select New > Server and Server Configuration to create a test server. Type a server name (for example, test sso), specify Test Environment for the server type, and click Finish.
  15. Double-click the new server configuration in the Server Configuration pane and click the Trace tab.
  16. Check Enable trace. Enter com.ibm.jca.idtoken. at the beginning of the trace string.

  17. Click the Security tab and then click Add to configure the JAAS authentication for the LDAP administrator. Enter the user ID and password for this administrator and click OK.

  18. Click the J2C tab and click Add in the Server Settings panel to add a new J2C resource adapter. The Create Resource Adapter dialog is displayed with the resource adapter name eimIdTokenRAConnector in the Resource Adapter Name field. Click OK to close the dialog.
  19. Select the new resource adapter name under J2C Resource Adapters and click Add under J2C Connection Factories. The Create Connection Factory dialog is displayed.
  20. Enter a name for the connection factory.
  21. Enter eis/idTokenRoot in the JNDI name field.
  22. Set Max connections to 6.
  23. Select the LDAP administrator for the Container-managed and Component-managed authentication aliases and click OK.

    Th
  24. Under Resource Properties, enter your iSeries host name as the value for LdapHostName, the name of your EIM domain (specified during EIM configuration) as the value for EimDomainName, and System_A_WAS as the value for SourceRegistryName.
    • LDAPHostName - enter your host name
    • EimDomainName - enter the name of your EIM domain, specified during EIM configuration
    • ParentDomain - enter the base distinguished name for the directory service. This value was also used during LDAP and WAS configuration.
    • SourceRegistryName - enter the name of your LDAP registry, for example, System_A_WAS.

  25. Save and close the server configuration.
  26. In the Server Configuration view, right-click the test server and select Restart to start it.