C. Edit the CMS-related parameters.

In this step, you will edit two of the three INIT parameters in the web.xml file. INIT parameters adapt the servlet to your environment. You will not edit the CMPINetworkSecurity parameter name or value.

  1. Locate the CMPICredentialMappers parameter and change the name of its current value (echo) to the name of your HCM plug-in. In this example, the HCM plug-in is CMPIVaultPlugin:
  2. Locate the echo parameter and change the name of its current value (echo) with the name of the parameter value that you specified for the HCM plug-in (CMPIVaultPlugin).

    Now, replace the parameter value with a compound value that contains the full class path name of the implementing class, the authentication type to be used by the HCM plug-in, and the host mask. Separate these values with commas. In this example, com.ibm.eNetwork.security.sso.cms.CMPIVault is the full class path name, AuthType_All is the authentication type, and * is the host mask.

    Full class path name

    The CMS uses the value of the full class path name to create a class object of the specified type. That object is then used to handle CMS or HCM requests. The specified class file must be in the ...\WEB-INF\classes subdirectory in a loose file (not as a JAR file). From this location, the CMS will be able to access and use it whenever the need arises.

    Authentication type

    This value is used to identify the type of authentication that the requestor needs. Once you specify the desired authentication type, the CMS can better identify which credential mapper to select to handle the request. You can pair multiple authentication types together to give HCMs the freedom to support multiple authentication types. Use the vertical bar character to join multiple authentication types.

    The five identified authentication types are listed in Table 1:
    top Graphic Image
    Authentication used in Secure Shell (SSH) on VT emulation or sftp sessions are not supported by the HCM plug-in.
    Table 1. Authentication types and descriptions
    Authentication type Description
    AuthType_3270Host Identifies the credentials to be used with a 3270 emulation
    AuthType_5250Host Identifies the credentials to be used with 5250 emulation
    AuthType_VTHost Identifies the credentials to be used with VT emulation
    AuthType_FTPPassword Credentials used to access an FTP host
    AuthType_ConfigServer Credentials identified by the token used to identify the user to the Z and I Emulator for Web configuration server (if you are using the Configuration server-based model
    AuthType_All Identifies the credentials to be used for all authentication types

    Host mask

    The host mask is a secondary selection criteria used by the CMS to identify the most appropriate credential mapper. This value can contain one or more host addresses. Use the vertical bar character to join multiple addresses. Use the asterisks character to wildcard a host address. The wildcard character may start, end, or start and end a host address.

    Table 2 lists valid wild-carded addresses:
    Table 2. Host masks and values matched
    Host mask Value matched
    *.raleigh.hcl.com Matches all addresses that end with .raleigh.hcl.com
    ralvm* Matches all addresses that start with ralvm
    * Matches all
    *xyz* Matches any host address that contains xyz
    Code example:
      <param-value>com.ibm.eNetwork.security.sso.cms.CMPIVault, AuthType_All, *