racfcid=uuuuuuuu
is the current userid, obtained from UEPUSER
ibm-httprealm=rrrrrrrr
is the HTTP 401 realm, obtained from UEPREALM (if this exists)
labeledURI=xxxxxxxx
is the target URL, obtained by concatenating “http://” with the hostname
from UEPHOST and the path from UEPPATH
cn=BasicAuth
is an arbitrary suffix that is configured into the LDAP server for the
purpose of storing Basic Authentication credentials.
vIssues DFHDDAP SEARCH_LDAP with this distinguished name
vIf the SEARCH_LDAP fails, DFH$WBX1 removes the REALM parameter from
the distinguished name and repeats the search. If the search fails again,
DFH$WBX1 removes the UID parameter from the distinguished name and
repeats the search. If the search fails for the third time, DFH$WBX1 returns from
the exit with return code UERCERR.
vIf the search was successful, issue DFHDDAP START_BROWSE_RESULTS
vObtains the target username credential by obtaining the value of the UID
attribute with DFHDDAP GET_ATTRIBUTE_VALUE.This is set into the response
area provided by UEPUSNM.
vObtains the target password credential by obtaining the value of the
UserPassword attribute with DFHDDAP GET_ATTRIBUTE_VALUE.This is set
into the response area provided by UEPPSWD.
vReleases the browse storage by issuing DFHDDAP END_BROWSE_RESULTS
vIf the bind token was not stored in the global workarea, terminate the LDAP
session by issuing DFHDDAP UNBIND_LDAP
vIf all is successful, DFHWBX1 returns from the exit with return code
UERCNORM.
DFH$WBX2
This sample global user exit program has the following functions:
vObtains the destination HTTP host from UEPHOST/UEPHOSTL and the
destination HTTP path from UEPPATH/UEPPATHL, and uses them to construct
the URL of the HTTP server for which the basic authentication credentials are
required, as follows: http://hostname/pathname.
vIf a realm exists (that is, if UEPREALML is non-zero), DFH$WBX2 appends the
realm from UEPREALM to the URL created above, separated by a number sign
(#) to make it look like a URL fragment identifier,as follows:
http://hostname/pathname#realm. If necessary, the realm is URL-encoded.
vStores the URL in the DFHWS-SERVICEURI container in the DFHWSTC-V1
channel.
vStores the URL of the Security TokenService (STS), obtained from the global
work area, in the DFHWS-STSURI container in the DFHWSTC-V1 channel.
vStores architecturally appropriate URIs into the DFHWS-STSACTION and
DFHWS-TOKENTYPE containers in the DFHWSTC-V1 channel.
vConstructs a username token from the caller’s userid passed in UEPUSER, and
store it in the DFHWS-IDTOKEN container in the DFHWSTC-V1 channel.
v
22 Customization Guide