...
A Trust Authentication Interceptor (TAI) is a pluggable security component that is installed and configured at the IBM WebSphere Application Cell level. As such, any managed server on the Cell will have this component installed in and activated once defined in the WAS Security configuration.
A TAI implements the WAS specific interface com.ibm.wsspi.security.tai.TrustAssociationInterceptor
. The WAS specific API for security layer customization is explained in details at the following:
The Fediz Plugin for Websphere provides a TAI implementation which leverages the Fediz Core.
...
The file defined in groups.mapping.file
must have the following structure:
Code Block | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
<?xml version="1.0" encoding="UTF-8"?> <mapping> <samlToJ2EE> <claim>User</claim> <groups> <j2eeGroup>Authenticated</j2eeGroup> <j2eeGroup>Users</j2eeGroup> </groups> </samlToJ2EE> <samlToJ2EE> <claim>Manager</claim> <groups> <j2eeGroup>Manager</j2eeGroup> <j2eeGroup>Authenticated</j2eeGroup> </groups> </samlToJ2EE> <samlToJ2EE> <claim>Admin</claim> <groups> <j2eeGroup>Admin</j2eeGroup> <j2eeGroup>Authenticated</j2eeGroup> </groups> </samlToJ2EE> </mapping> |
...