(zos)removeMapPlatformSubject script
To use distributed identity mapping for System Authorization Facility (SAF), use the removeMapPlatformSubject Jython script provided to remove the unnecessary Java Authentication and Authorization Service (JAAS) login module, MapPlatformSubject, from the security configuration.
The removeMapPlatformSubject script searches for and removes the com.ibm.ws.security.common.auth.module.MapPlatformSubject JAAS login module from these login entries: DEFAULT, WEB_INBOUND, RMI_INBOUND, SWAM_ZOSMAPPING. We can run this script for the global security configuration or for a specific security domain.
Syntax
The following command syntax exists:
wsadmin.sh -conntype NONE -lang jython -f /path/to/script/removeMapPlatformSubject.py [options]
Running this script with no options updates the global security configuration.
Parameters
The following options are available for the removeMapPlatformSubject script:
- -securityDomain <securityDomainName>
- Specifies to update only the specified security domain. If this option is not specified, the global security configuration is updated.
- -scripthelp
- Specifies to see a description of the syntax and options that are available. A -trace option is also available for debug purposes. The debug output is sent to the stdout stream.
- -trace
- Specifies to create a trace that we can use to debug a problem with the application of this function. The trace output is sent to the stdout stream.
Usage scenarios
The following examples demonstrate correct syntax.
Use this example to remove the login module from the global security configuration:
wsadmin.sh -conntype NONE -lang jython -f /WebSphere/AppServer/bin/removeMapPlatformSubject.py
Use this example to remove the login modules from the server2Domain security domain:
wsadmin.sh -conntype NONE -lang jython -f /WebSphere/AppServer/bin/removeMapPlatformSubject.py -securityDomain server2Domain
Related concepts
Distributed identity mapping using SAF
Distributed identity filters configuration in z/OS security