Windows-based Single Signon and the EIM Framework on the IBM eServer iSeries Server
An IBM Redbooks publication
Note: This is publication is now archived. For reference only.
Published on 23 April 2004, updated 23 April 2004
ISBN-10: 0738498998
ISBN-13: 9780738498997
IBM Form #: SG24-6975-00
Authors: Gary Lakner, Gregory Bobak, Jan Cifka, Kim Greene, Axel Lachmann, John Taylor and Craig Wayman
Support for a Kerberos based Network Authentication Service and the introduction of Enterprise Identity Mapping (EIM) were exciting OS/400® V5R2 announcements during 2002.
A Kerberos based Network Authentication Service enables the iSeries (and any kerberized application) to use a Kerberos ticket for authentication instead of a user ID and password. This enables you to sign on once in the morning to your Kerberos based security server and not be prompted again when accessing your enabled applications. This is called Single Signon (SSO).
Enterprise Identity Mapping (EIM) is a cross platform solution that involves a wide range of technologies including Kerberos, LDAP, and Kerberos Network Authentication Service. Basically, EIM is a framework provided by IBM that allows the mapping of authenticated users to OS/400 (and application) userids. This extends the power of SSO to the enterprise.
Because the iSeries is well known as a server that can consolidate a wide range of application programming environments into one manageable system, this IBM Redbooks publication, then, studies the implementation of Kerberos and EIM in a SCON environment that includes OS/400, Windows, and applications that are right now being updated to support the new framework. We provide easy to follow examples that demonstrate all the pieces working together.
Part 1. Introduction to single signon and Enterprise Identity Mapping
Chapter 1. An overview of single signon
Chapter 2. Planning for Network Authentication Service and Enterprise Identity Mapping implementation
Chapter 3. The redbook example scenario
Part 2. Building blocks for single signon and Enterprise Identity Mapping
Chapter 4. Kerberos Network Authentication
Chapter 5. iSeries Network Authentication Service
Chapter 6. Enterprise Identity Mapping
Part 3. Installation and configuration
Chapter 7. Enabling Network Authentication Service and Enterprise Identity Mapping
Chapter 8. Other scenarios
Chapter 9. Programming APIs and examples
Part 4. Appendices
Appendix A. Backup and recovery
Appendix B. Troubleshooting
Appendix C. Windows 2000 Kerberos tools
Appendix D. Planning forms
Appendix E. Available EIM products
Appendix F. Java code listings and output examples
Appendix G. Additional material