This IBM Redpaper addresses the need for information in the area of integrating security between WebSphere Application Server on z/OS and the outside world.
In most cases, multiple security registries exist within a company with a different scheme of identities. This is even more likely in companies using z/OS. There are basically two “worlds”: the z/OS (RACF) world in which identities and their authorizations are kept in RACF and the outside world where identities and their authorizations are kept in LDAP, Microsoft Active Directory, or equivalent solutions.
In an e-business environment, the first authentication of a user is usually already performed before a request reaches the z/OS environment based on an ID not known in that exact form on z/OS. There are basically two challenges, and both of them are addressed in this paper:
- Authenticate a user on a distributed server and be able to trust that user when coming into WebSphere Application Server on z/OS.
- Propagate the user ID and eventual security credentials from the distributed environment to WebSphere Application Server on z/OS, and eventually transform the ID and credentials to something that is administered and understood on z/OS.
Chapter 1. Introduction
Chapter 2. End-to-end security scenarios
Chapter 3. z/OS and WebSphere security technology overview
Chapter 4. A sample solution
Appendix A. J2EE security
Appendix B. z/OS Security Server (RACF)