Credential Mapper Plug-ins

The following built-in Credential Mapper plug-ins can be selected for WEL. Click the Add button, select Add built-in Credential Mapper plugin, and then select from the following list:
  • DCAS/RACF/JDBC Credential Mapper
    Note:
    DCAS and RACF® are used with the zOS operating system to obtain passtickets. A JDBC-accessible repository is required to map the user's network ID to the user's host ID.
  • Certificate-based DCAS/RACF Credential Mapper
    Note:
    DCAS and RACF® are used with the zOS operating system to obtain passtickets. This plug-in does not require a JDBC-accessible repository because a certificate is passed directly to DCAS, and a host ID and passticket pair is returned.
  • Z MFA OIDC Credential Mapper

    This plug-in is used to obtain the passticket from the IBM Z MFA OIDC service. When using this plug-in, ensure that you provide the appropriate OIDC configuration in the ZIETrans Project Properties. To configure ZIETrans for OIDC, refer OIDC Configuration for Securing ZIETrans Web Application.

    Note:
    • If you are using a custom OpenID Connect (OIDC) implementation in ZIETrans that is not configured through the ZIETrans Project properties, you must ensure the following: The active HTTP session object must contain an attribute named id_token. The value of this attribute must be the JWT Token received from your OIDC provider.
    • In case this id_token doesn’t contain the equivalent RACF ID of the user, then you must create a custom plug-in or a business logic to provide such mapping.
  • JDBC Vault Credential Mapper
    Note:
    Any JDBC/ODBC compliant repository, such as DB2®, Oracle, even an Excel spreadsheet on Windows® can be used. This repository is used to store host user IDs and passwords.
  • Test Credential Mapper
    Note:
    This plug-in is included to test WEL macros. It is only for testing in the ZIETrans Toolkit because it uses hard coded host user IDs and passwords that you provide.

You also have the choice of adding a custom Credential Mapper plug-in by selecting Add custom Credential Mapper plugin and entering the name of the fully qualified plug-in in the text box. For information about creating a custom plug-in, see the chapter, Creating plug-ins for Web Express Logon.

Once you have selected your Credential Mapper plug-in, the details, such as class, name, description and author, are filled in the Details section. The Initialization section displays a set of parameters configured for the plug-in you selected. By clicking the Add button, you can specify additional parameters for your plug-in. You can also select Remove to remove selected parameters. Only parameters which are not required can be removed.