Skip to Main Content
IBM Data and AI RegTech Ideas Portal - Redirect to Data and AI Portal


Status Planned for future release
Component Security
Created by Guest
Created on Apr 9, 2019

OAC login and authorization by means of TAI that populates WSSubject with user and groups

My customer is using a Trust Association Interceptor (TAI) which provides the end user authentication and authorization. The TAI is setting up the Principal (username) and his Groups in the WSSubject. Their federated repository that is configured with WebSphere is only used for admin users and doesn´t contain the users that login to the OAC. The OAC users are authenticated and authorized by the TAI.

However currently the OAC expects its users to be existing in the user repository because the OAC is doing a getGroupsForUser call on the WAS UserRegistry api. This api call will not return any groups for my customer´s configuration and therefore the OAC user login fails. This request is about having the OAC login take the Principal and Groups from the WSSubject (J2EE api) instead of the WAS UserRegistry api.

I have attached sample code (see SampleCode.pdf) that shows how the groups of a user can be retrieved from the WSSubject.
  • Guest
    Sep 18, 2021

    Getting the easily online latest unscramble words free online game zone to more fun.