ICTX Java API

The ICTX Java API is the primary interface for working with the z/OS Identity Cache. The z/OS Identity Cache (described in The z/OS Identity Cache) can be used by applications to communicate user authentication information across security domain boundaries. An application running on a z/OS or non-z/OS system can use the ICTX Java API to store identity context information in the Identity Cache on the local, or on a remote, z/OS system.

The ICTX Java API provides two logical sets of services – one for specifying and parsing authentication information, and one for storing that information in, and retrieving it from, the z/OS Identity Cache. These two logical sets of services are provided in three packages.
  • The /com/ibm/ictx/authenticationcontext package contains interfaces and public classes for specifying and parsing user authentication information called an authentication context. The authenticating application uses the classes and methods provided in this package to build an authentication context for a user, and ultimately transforms it into an identity context object that can be stored into a z/OS Identity Cache. The terms authentication context and identity context are largely synonymous; the difference is that an identity context is just an array of bytes that can be stored in, and retrieved from, the z/OS Identity Cache. The authenticating application specifies the authentication context information using the various classes in this package, and then builds the identity context so that information can be stored in the z/OS Identity Cache. The application that retrieves the identity context can use the classes and methods of this class to parse the identity context for the authentication context information supplied by the authenticating application.
  • The /com/ibm/ictx/identitycontext package contains interfaces and public classes for storing an identity context in, and retrieving an identity context from, the z/OS Identity Cache. Two storage mechanism classes are provided in this package for interacting with a z/OS Identity Cache. The LdapStorageMechanism class is designed for applications that will access a z/OS Identity Cache remotely using a z/OS IBM TDS server configured with ICTX extended operations, and the zOSStorageMechanism class is for applications that are accessing a z/OS Identity Cache locally. A special factory class (StorageMechanismFactory) for instantiating an object of the appropriate storage-mechanism class (based on the location of the executing code, certain configuration settings, and information supplied by the application) is also provided in this package.
  • The /com/ibm/ictx/util package contains utility classes used by the classes in the other two packages. Classes are provided for representing an identity context and exceptions thrown by other classes.

The ICTX Java API is provided in the ictx.jar file, which is located in the /usr/lpp/eim/lib HFS directory.

The information provided here is only an overview of the ICTX Java API. While the interfaces and classes are listed, and the basic tasks an application can perform are summarized, detailed syntax information is not provided. For full details on the ICTX Java API, see the reference documentation provided in Javadoc format at:
http://www.ibm.com/systems/z/os/zos/downloads/
Parent topic: Working with remote services