Skip to main content

WebSphere Application Server on z/OS and Security Integration

An IBM Redpaper publication

Note: This is publication is now archived. For reference only.


Published on 05 July 2006

  1. .PDF (1.2 MB)

Share this page:   

IBM Form #: REDP-4161-00

Authors: Alex Kooijmans Louwe, Marc van der Meer and Tony Nix

    menu icon


    This IBM Redpaper addresses the need for information in the area of integrating security between WebSphere Application Server on z/OS and the outside world.

    In most cases, multiple security registries exist within a company with a different scheme of identities. This is even more likely in companies using z/OS. There are basically two “worlds”: the z/OS (RACF) world in which identities and their authorizations are kept in RACF and the outside world where identities and their authorizations are kept in LDAP, Microsoft Active Directory, or equivalent solutions.

    In an e-business environment, the first authentication of a user is usually already performed before a request reaches the z/OS environment based on an ID not known in that exact form on z/OS. There are basically two challenges, and both of them are addressed in this paper:

    - Authenticate a user on a distributed server and be able to trust that user when coming into WebSphere Application Server on z/OS.

    - Propagate the user ID and eventual security credentials from the distributed environment to WebSphere Application Server on z/OS, and eventually transform the ID and credentials to something that is administered and understood on z/OS.

    Table of Contents

    Chapter 1. Introduction

    Chapter 2. End-to-end security scenarios

    Chapter 3. z/OS and WebSphere security technology overview

    Chapter 4. A sample solution

    Appendix A. J2EE security

    Appendix B. z/OS Security Server (RACF)


    Others who read this also read