IBM SC34-6814-04 User Manual

Page 44

Advertising
background image

racfcid=uuuuuuuu

is the current userid, obtained from UEPUSER

ibm-httprealm=rrrrrrrr

is the HTTP 401 realm, obtained from UEPREALM (if this exists)

labeledURI=xxxxxxxx

is the target URL, obtained by concatenating “http://” with the hostname
from UEPHOST and the path from UEPPATH

cn=BasicAuth

is an arbitrary suffix that is configured into the LDAP server for the
purpose of storing Basic Authentication credentials.

v

Issues DFHDDAP SEARCH_LDAP with this distinguished name

v

If the SEARCH_LDAP fails, DFH$WBX1 removes the REALM parameter from
the distinguished name and repeats the search. If the search fails again,
DFH$WBX1 removes the UID parameter from the distinguished name and
repeats the search. If the search fails for the third time, DFH$WBX1 returns from
the exit with return code UERCERR.

v

If the search was successful, issue DFHDDAP START_BROWSE_RESULTS

v

Obtains the target username credential by obtaining the value of the UID
attribute with DFHDDAP GET_ATTRIBUTE_VALUE. This is set into the response
area provided by UEPUSNM.

v

Obtains the target password credential by obtaining the value of the
UserPassword attribute with DFHDDAP GET_ATTRIBUTE_VALUE. This is set
into the response area provided by UEPPSWD.

v

Releases the browse storage by issuing DFHDDAP END_BROWSE_RESULTS

v

If the bind token was not stored in the global workarea, terminate the LDAP
session by issuing DFHDDAP UNBIND_LDAP

v

If all is successful, DFHWBX1 returns from the exit with return code
UERCNORM.

DFH$WBX2

This sample global user exit program has the following functions:

v

Obtains the destination HTTP host from UEPHOST/UEPHOSTL and the
destination HTTP path from UEPPATH/UEPPATHL, and uses them to construct
the URL of the HTTP server for which the basic authentication credentials are
required, as follows: http://hostname/pathname.

v

If a realm exists (that is, if UEPREALML is non-zero), DFH$WBX2 appends the
realm from UEPREALM to the URL created above, separated by a number sign
(#) to make it look like a URL fragment identifier, as follows:
http://hostname/pathname#realm

. If necessary, the realm is URL-encoded.

v

Stores the URL in the DFHWS-SERVICEURI container in the DFHWSTC-V1
channel.

v

Stores the URL of the Security Token Service (STS), obtained from the global
work area, in the DFHWS-STSURI container in the DFHWSTC-V1 channel.

v

Stores architecturally appropriate URIs into the DFHWS-STSACTION and
DFHWS-TOKENTYPE containers in the DFHWSTC-V1 channel.

v

Constructs a username token from the caller’s userid passed in UEPUSER, and
store it in the DFHWS-IDTOKEN container in the DFHWSTC-V1 channel.

v

22

Customization Guide

Advertising
Popular Brands
Popular manuals