IBM SC34-6814-04 DFH$WBX2, 22

racfcid=uuuuuuuu

is the current userid, obtained from UEPUSER

ibm-httprealm=rrrrrrrr

is the HTTP 401 realm, obtained from UEPREALM (if this exists)

labeledURI=xxxxxxxx

is the target URL, obtained by concatenating “http://” with the hostname

from UEPHOST and the path from UEPPATH

cn=BasicAuth

is an arbitrary suffix that is configured into the LDAP server for the

purpose of storing Basic Authentication credentials.

vIssues DFHDDAP SEARCH_LDAP with this distinguished name

vIf the SEARCH_LDAP fails, DFH$WBX1 removes the REALM parameter from

the distinguished name and repeats the search. If the search fails again,

DFH$WBX1 removes the UID parameter from the distinguished name and

repeats the search. If the search fails for the third time, DFH$WBX1 returns from

the exit with return code UERCERR.

vIf the search was successful, issue DFHDDAP START_BROWSE_RESULTS

vObtains the target username credential by obtaining the value of the UID

attribute with DFHDDAP GET_ATTRIBUTE_VALUE.This is set into the response

area provided by UEPUSNM.

vObtains the target password credential by obtaining the value of the

UserPassword attribute with DFHDDAP GET_ATTRIBUTE_VALUE.This is set

into the response area provided by UEPPSWD.

vReleases the browse storage by issuing DFHDDAP END_BROWSE_RESULTS

vIf the bind token was not stored in the global workarea, terminate the LDAP

session by issuing DFHDDAP UNBIND_LDAP

vIf all is successful, DFHWBX1 returns from the exit with return code

UERCNORM.

DFH$WBX2

This sample global user exit program has the following functions:

vObtains the destination HTTP host from UEPHOST/UEPHOSTL and the

destination HTTP path from UEPPATH/UEPPATHL, and uses them to construct

the URL of the HTTP server for which the basic authentication credentials are

required, as follows: http://hostname/pathname.

vIf a realm exists (that is, if UEPREALML is non-zero), DFH$WBX2 appends the

realm from UEPREALM to the URL created above, separated by a number sign

(#) to make it look like a URL fragment identifier,as follows:

http://hostname/pathname#realm. If necessary, the realm is URL-encoded.

vStores the URL in the DFHWS-SERVICEURI container in the DFHWSTC-V1

channel.

vStores the URL of the Security TokenService (STS), obtained from the global

work area, in the DFHWS-STSURI container in the DFHWSTC-V1 channel.

vStores architecturally appropriate URIs into the DFHWS-STSACTION and

DFHWS-TOKENTYPE containers in the DFHWSTC-V1 channel.

vConstructs a username token from the caller’s userid passed in UEPUSER, and

store it in the DFHWS-IDTOKEN container in the DFHWSTC-V1 channel.

22 Customization Guide