(ZOS) removeMapPlatformSubject script
To use distributed identity mapping for System Authorization Facility (SAF), use the removeMapPlatformSubject Jython script provided to remove the unnecessary JAAS login module, MapPlatformSubject, from the security configuration.
The removeMapPlatformSubject script searches for and removes the com.ibm.ws.security.common.auth.module.MapPlatformSubject JAAS login module from these login entries: DEFAULT, WEB_INBOUND, RMI_INBOUND, SWAM_ZOSMAPPING. We can run this script for the global security configuration or for a specific security domain.
Syntax
The following command syntax exists:
wsadmin.sh -conntype NONE -lang jython -f /path/to/script/removeMapPlatformSubject.py [options]Running this script with no options updates the global security configuration.
Parameters
The following options are available for the removeMapPlatformSubject script:
- -securityDomain <securityDomainName>
- To update only the specified security domain. If not specified, the global security configuration is updated.
- -scripthelp
- To see a description of the syntax and options available. A -trace option is also available for debug purposes. The debug output is sent to the stdout stream.
- -trace
- To create a trace we can use to debug a problem with the application of this function. The trace output is sent to the stdout stream.
Usage scenarios
The following examples demonstrate correct syntax.
Use this example to remove the login module from the global security configuration:
wsadmin.sh -conntype NONE -lang jython -f /WebSphere/AppServer/bin/removeMapPlatformSubject.pyUse this example to remove the login modules from the server2Domain security domain:
wsadmin.sh -conntype NONE -lang jython -f /WebSphere/AppServer/bin/removeMapPlatformSubject.py -securityDomain server2Domain
Related:
Distributed identity mapping using SAF Distributed identity filters configuration in z/OS security