com.ibm.eNetwork.security.sso.cms.ZMFAClient

This object provides access to Z MFA-generated pass tickets, allowing for the development of custom Z MFA credential mapper plugins.


Constructor Summary
ZMFAClient() This constructor should be used if you want to use the default trace level when the object is created.
ZMFAClient(int traceLevel) This constructor should be used if you want to specify a trace level when the object is created.


METHOD SUMMARY
void	Destroy() Performs cleanup.
int	Init(String zmfaCtcUrl, int zmfaVersion, String trustStoreName, String trustStorePassword, String trustStoreType) This method should be called after creating the ZMFAClient object.
void	setJwtIdToken(String jwtIdToken) Specify the JWT token that contains the user information.
void	setDontUseFIPS(boolean dontUseFIPS) Specifies whether the FIPS security provider should be used.
com.ibm.eNetwork.security.sso.CMResponse	getPassticket(String hostUserID, String jwtIdToken) This method should be called after creating and initializing the ZMFAClient object to obtain a passticket from the Z MFA server.


Constructor Details
ZMFAClient

public ZMFAClient(): This constructor should be used if you want to use the default trace level when the object is created.

Public ZMFAClient (int traceLevel)

This constructor should be used if you want to specify a trace level and log file name when the object is created.

Parameters:

traceLevel - Trace level (0=None, 1=Minimum, 2=Normal, 3=Maximum)

Method Detail

init

public int init(String zmfaCtcUrl, int zmfaVersion, String trustStoreName, String trustStorePassword, String trustStoreType)

This method should be called after creating the ZMFAClient object. The parameters are stored in the object and remain unchanged throughout the object's lifetime. The trustStoreName should contain the zMFA certificate and the full path name of the file (jks/p12). The trustStorePassword should have been encrypted using the encrypt password tool. It will be decrypted before being stored in the object. The valid return codes are described in the SSOConstants object.

Parameters:

zmfaCtcUrl: IBM z MFA service URL, which generates an authentication code, known as a Cache Token Credential (CTC).

zmfaVersion: The request format. Specify a value of 1.

trustStoreName: The name of the truststore to be used to connect securely with the zMFA service. It should include the full path name.

trustStorePassword: The password of the specified trustStoreName.

trustStoreType: The type of the specified truststore. Valid values are pkcs12 and jks.

Returns:

0 on success, non-zero otherwise. See SSOConstants for return codes.

setJwtToken

void setJwtIdToken(String jwtIdToken)

Specify the JWT token that contains the user information. This token must be a valid token containing the information about the user published via the OIDC authentication server.

setDontUseFIPS

void setDontUseFIPS(boolean dontUseFIPS)

Specifies whether the FIPS security provider should be used.

getPassTicket

public CMResponse getPassticket(String hostUserID, String jwtIdToken)

This method should be called after creating and initializing the ZMFAClient object to obtain a passticket from the Z MFA server. The passticket and the user ID are returned in a CMResponse object. The caller should check the status field of the CMResponse object to see if the call was successful or not. If the call was successful, the status field will be set to SSOConstants.SSO_CMR_SUCCESS (0). Refer to SSOConstants for a list of other valid values for the status field.

Parameters:

hostUserID: The mainframe user ID that should be used for the request.

jwtIDToken: A JWT to check for the request's validity. This JWT should be retrieved from the token endpoint of the OIDC Provider.

Returns:

CMResponse object containing the user ID, passticket, and status code

Destroy

public void Destroy(): Performs cleanup. Must call this code after the getPassticket call.