Enabling support for distributed network security credentials
IMS TM resource adapter can pass the original, distributed network security credentials, including the network session ID and the network user ID, between Java™ EE applications and IMS. The network security credentials that are passed by IMS TM resource adapter are written to IMS log records.
The network session ID that can be passed by the IMS TM resource adapter is, by default, the IP address and port of the authentication server that is used. The maximum length for a network session ID is 254 bytes.
The network user ID that can be passed by the IMS TM resource adapter is a distinguished name that is defined in the authentication server. The maximum length for a network user ID is 246 bytes.
- The JAAS login module prompts the user to enter network security credentials and captures the credentials.
- The network security credentials are passed by WebSphere Application Server or WebSphere Liberty to an external user account registry, such as an LDAP server, for authentication.
- If the security credentials are successfully authenticated by the user account registry, the credentials are set in a Java principal object and passed to IMS TM resource adapter.
- IMS TM resource adapter extracts the network user ID and the network session ID and includes the security credentials in the security-data section of the OTMA message prefix. The OTMA message is then sent to IMS Connect with the network security credentials.
- IMS Connect passes the OTMA message with network security credentials to IMS, and the credentials are written to IMS log records.
You can also enable IMS TM resource adapter to support network security credentials from IMS in synchronous and asynchronous callout messages.