Customizing Web Express Logon

If you decide to customize Web Express Logon, you may take either of the following two approaches — (1) customize the existing CMS or (2) replace the entire CMS with your own custom version. Although the first approach requires some J2EE knowledge, it is easier to implement than the second approach and does not require experience creating servlets.

The CMS is the core of the credential-mapping framework. It is supplied with Z and I Emulator for Web and must be deployed to a J2EE-compliant Web application server. At a high level, the CMS is responsible for determining the client's identity and returning the host credentials to the client as an XML document. It accomplishes these tasks through credential mapper Java classes called plug-ins. Web Express Logon provides two Network Security plug-ins (one for Tivoli Access Manager and one for Siteminder) to perform the request part of the process and three Host Credential plug-ins (two for DCAS and one for Vault) to perform the response part.

The Network Security plug-in retrieves the user's credentials from the network security application after the user has made an HTTPS request to the CMS. It identifies the user by way of the network user ID and then passes it on to the appropriate Host Credential plug-in. The Host Credential plug-in then determines the host user ID and acquires the host access credentials.

If you take the first approach, you can create a Network Security plug-ins and/or a HCM plug-in. For example, if your network security application is not one of three applications supported by Web Express Logon, you can create a Network Security plug-in to meet the requirements of your application. Also, if you want to use an LDAP directory as your HCM database instead of a JDBC database such as IBM DB2, for example, you can create your own HCM plug-in.