WebSphere application security role mapping to external groups

How To

Summary

When WebSphere is configured SAML web SSO or OIDC SSO, web users are able to accessing applications. These web users and groups are sent from an external SAML identity provider (IdP) or OIDC provider (OP) and might not be part of WebSphere user repositories.

How can we map application security roles to these external users and groups? Since the users and groups are not part of WebSphere user repository, it is not possible to do the mapping from WebSphere Application Server admin console. For example, Applications > Application types > WebSphere enterprise applications > application_name > Security role to user or group mapping.

This can be done by manually editing ibm-application-bnd.xmi or ibm-application-bnd.xml files of application after the application is deployed to WebSphere.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m3p000000F7xdAAC","label":"WebSphere Application Server traditional-All Platforms"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Tips

WebSphere application security role mapping to external groups

How To

Summary

Document Location

Log InLog in to view more of this document

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?