Configuring single sign-on capability with Enterprise Identity Mapping
The Enterprise Identity Mapping (EIM) identity token connection factory is a type of Java™ 2 Connector (J2C) connection factory. Using EIM identity token connection factories along with EIM identity token-enabled products, such as IBM® Toolbox for Java, provides a single sign-on capability for WebSphere® Application Server applications that need to access server data and resources through your user ID.
Before you begin
Edition name | Supported products |
---|---|
Version 8.0 | WebSphere Application Server (base) , Network Deployment EditionWebSphere Application Server Network Deployment for IBM i () |
Version 6.1 | WebSphere Application Server (base) WebSphere Application Server Network Deployment for IBM i (Network Deployment Edition) |
Version 6.0.x | WebSphere Application Server (base) WebSphere Application Server Network Deployment for IBM i (Network Deployment Edition) |
You can configure EIM identity token connection factories for Version 8.5 only. Information about a sample application that might be helpful to you when you develop your own applications is provided.
About this task
The sample application uses an EIM identity token connection factory to provide EIM identity tokens for use with IBM Toolbox for Java com.ibm.as400.access.AS400 objects. For example, if the sample application is deployed on SERVER A, you can log in once to WebSphere Application Server and use the sample application to perform IBM i server commands under your IBM i user profiles on SERVER B, SERVER C, or SERVER D.
When you make a request to the sample application, you must log in with your WebSphere Application Server user ID and password. Each request contains the server command and the target server name where the command runs. When the request is received, the application calls the connection factory to generate an identity token. The connection factory extracts your user ID from a Java Authentication and Authorization Service (JAAS) subject object that is provided by WebSphere Application Server security, and it collaborates with the EIM domain controller to create the identity token that is returned to the application. The application then creates a com.ibm.as400.access.AS400 object for SERVER B and provides it with the identity token (instead of your IBM i user profile) before it passes the server command to run.