Credential Mapper plug-ins
- DCAS/RACF/JDBC Credential Mapper
Note:DCAS and RACF® are used with the zOS operating system to obtain passtickets. A JDBC-accessible repository is required to map the user's network ID to the user's host ID.
- Certificate-based DCAS/RACF Credential Mapper
Note:DCAS and RACF® are used with the zOS operating system to obtain passtickets. This plug-in does not require a JDBC-accessible repository because a certificate is passed directly to DCAS, and a host ID and passticket pair is returned.
- Z MFA OIDC Credential Mapper
This plug-in is used to obtain the passticket from the IBM Z MFA OIDC service. When using this plug-in, ensure that you provide the appropriate OIDC configuration in the HATS Project Properties. To configure HATS for OIDC, refer OIDC Configuration for Securing HATS Web Application.
Note:- If you are using a custom OpenID Connect (OIDC) implementation in HATS that is not configured through the HATS Project properties, you must ensure the following: The active HTTP session object must contain an attribute named id_token. The value of this attribute must be the JWT Token received from your OIDC provider.
- In case this id_token doesn’t contain the equivalent RACF ID of the user, then you must create a custom plug-in or a business logic to provide such mapping.
- JDBC Vault Credential Mapper
Note:Any JDBC/ODBC compliant repository, such as DB2®, Oracle, even an Excel spreadsheet on Windows® can be used. This repository is used to store host user IDs and passwords.
- WebSphere® Portal
Credential Vault Credential mapper
Note:
- This plug-in only appears in the Add built-in Credential Mapper plugin dialog for a portlet project.
- This mapper retrieves a user ID and password pair from a specified credential vault slot.
- Two settings are required for this credential mapper plug-in, the SLOT_ID (default HATS) and SLOT_TYPE (default 2).
- The slot ID specifies the prefix for the slot name to use in the
credential vault. The complete slot name is constructed as follows:
Slot id + (space) + full host name + (space) + application id- For example,
HATS zserveros.demos.ibm.com CICSA
- If no application ID exists, there must be a trailing space after the host name when accessing the slot.
- The slot type specifies the type of credential vault slot:
- 0 Private
- 1 Shared
- 2 Administrative (default)
- 3 System
- The Portal administrator is responsible for setting up the slot ID and slot type.
- For more information see the documentation for your level of HCL Digital Experience (formerlyWebSphere® Portal): https://help.hcltechsw.com/digital-experience/welcome_hcl_dx.html.
- Test Credential Mapper
Note:This plug-in is included to test WEL macros. It is only for testing in the HATS Toolkit because it uses hard coded host user IDs and passwords that you provide.
You also have the choice of adding a custom Credential Mapper plug-in by selecting Add custom Credential Mapper plugin and entering the name of the fully qualified plug-in in the text box. For information about creating a custom plug-in, see the chapter, Creating plug-ins for Web Express Logon.
Once you have selected your Credential Mapper plug-in, the details, such as class, name, description and author, are filled in the Details section. The Initialization section displays a set of parameters configured for the plug-in you selected. By clicking the Add button, you can specify additional parameters for your plug-in. You can also select Remove to remove selected parameters. Only parameters which are not required can be removed.