C. Edit the CMS-related parameters.
In this step, you will edit two of the three INIT parameters in the web.xml file. INIT parameters adapt the servlet to your environment. You will not edit the CMPINetworkSecurity parameter name or value.
- Locate the CMPICredentialMappers parameter and change the name
of its current value (echo) to the name of your HCM plug-in. In this
example, the HCM plug-in is CMPIVaultPlugin:
<init-param> <param-name>CMPICredentialMappers</param-name> <param-value>CMPIVaultPlugin</param-value> </init-param>
- Locate the echo parameter and change the name of its current value
(echo) with the name of the parameter value that you specified for
the HCM plug-in (CMPIVaultPlugin).
Now, replace the parameter value with a compound value that contains the full class path name of the implementing class, the authentication type to be used by the HCM plug-in, and the host mask. Separate these values with commas. In this example, com.ibm.eNetwork.security.sso.cms.CMPIVault is the full class path name, AuthType_All is the authentication type, and * is the host mask.
Full class path name
The CMS uses the value of the full class path name to create a class object of the specified type. That object is then used to handle CMS or HCM requests. The specified class file must be in the
...\WEB-INF\classes
subdirectory in a loose file (not as a JAR file). From this location, the CMS will be able to access and use it whenever the need arises.Authentication type
This value is used to identify the type of authentication that the requestor needs. Once you specify the desired authentication type, the CMS can better identify which credential mapper to select to handle the request. You can pair multiple authentication types together to give HCMs the freedom to support multiple authentication types. Use the vertical bar character to join multiple authentication types.
The five identified authentication types are listed in Authentication types and descriptions:Authentication used in Secure Shell (SSH) on VT emulation or sftp sessions are not supported by the HCM plug-in. Table 1. Authentication types and descriptions Authentication type Description AuthType_3270Host
Identifies the credentials to be used with a 3270 emulation AuthType_5250Host
Identifies the credentials to be used with 5250 emulation AuthType_VTHost
Identifies the credentials to be used with VT emulation AuthType_FTPPassword
Credentials used to access an FTP host AuthType_ConfigServer
Credentials identified by the token used to identify the user to the Z and I Emulator for Web configuration server (if you are using the Configuration server-based model AuthType_All
Identifies the credentials to be used for all authentication types Host mask
The host mask is a secondary selection criteria used by the CMS to identify the most appropriate credential mapper. This value can contain one or more host addresses. Use the vertical bar character to join multiple addresses. Use the asterisks character to wildcard a host address. The wildcard character may start, end, or start and end a host address.
Host masks and values matched lists valid wild-carded addresses:Code example:Table 2. Host masks and values matched Host mask Value matched *.raleigh.hcl.com
Matches all addresses that end with .raleigh.hcl.com
ralvm*
Matches all addresses that start with ralvm
*
Matches all *xyz*
Matches any host address that contains xyz
<init-param> <param-name>CMPIVaultPlugin</param-name> <param-value>com.ibm.eNetwork.security.sso.cms.CMPIVault, AuthType_All, * </param-value> </init-param>