IBM BPM, V8.0.1, All platforms > Authoring services in Integration Designer > Services and service-related functions > Access external services with adapters > Configure and using adapters > IBM WebSphere Adapters > IBM i > Plan for adapter implementation

User authentication

The adapter supports several methods for supplying the user name and password that are needed to connect to the IBM i system. By understanding the features and limitations of each method, you can pick a method that provides the appropriate level of security and convenience for your application.

At run time, the adapter needs to provide the user name and password to connect to the IBM i system. To connect without user intervention, the adapter must access a saved copy of the user information. In a server environment, there are several methods for saving user information. You can configure the adapter to get your user information, through any of the following methods:

Saving the user name and password in adapter properties is a direct way to provide this information at run time. You provide this user name and password when you use the external service wizard to configure your module. Although directly specifying the user name and password seems the most straightforward method, it has important limitations. Adapter properties are not encrypted; the password is stored as clear text in fields that are accessible to others on the server. Also, when the password changes, you must update the password in all instances of the adapter that access that IBM i system. This includes the adapters embedded in application EAR files and adapters that are separately installed on the server.

Using a J2C authentication data entry, or authentication alias, created with the Java™ Authentication and Authorization Service (JAAS) feature of Java EE security is a robust, secure way to deploy applications. An administrator creates the authentication alias that is used by one or more applications that need to access a system. The user name and password must be known only to that administrator, who can change the password in a single place, when a change is required.

Plan for adapter implementation


Related tasks:

Create an authentication alias