ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahu_5.4.0.1/rzahuandeim.htm

107 lines
8.4 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Digital certificates and Enterprise Identity Mapping (EIM)" />
<meta name="abstract" content="Using Enterprise Identity Mapping (EIM) and Digital Certificate Mangers (DCM) together allows you to apply a certificate as the source of an EIM mapping lookup operation to map from the certificate to a target user identity associated with the same EIM identifier." />
<meta name="description" content="Using Enterprise Identity Mapping (EIM) and Digital Certificate Mangers (DCM) together allows you to apply a certificate as the source of an EIM mapping lookup operation to map from the certificate to a target user identity associated with the same EIM identifier." />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4aagetstarteddcm.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4afinternetvsprivcert.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahumanageuserexpire.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahumanageldaploc.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzalv/rzalvmst.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahuandeim.dita" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Digital certificates and Enterprise Identity Mapping (EIM)</title>
</head>
<body id="rzahuandeim.dita"><a name="rzahuandeim.dita"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Digital certificates and Enterprise Identity Mapping (EIM)</h1>
<div><p>Using Enterprise Identity Mapping (EIM) and Digital Certificate
Mangers (DCM) together allows you to apply a certificate as the source of
an EIM mapping lookup operation to map from the certificate to a target user
identity associated with the same EIM identifier.</p>
<div class="section"><p>EIM is an <span id="rzahuandeim.dita__eserver_logo"><a name="rzahuandeim.dita__eserver_logo"><!-- --></a><img src="eserver.gif" alt="eServer" /></span> technology that allows you to manage user identities in your
enterprise, including user profiles and user certificates. A user name and
password is the most common form of user identity; certificates are another
form of user identity. Some applications are configured to allow users to
be authenticated by means of a user certificate rather than by means of a
user name and password.</p>
<p>You can use EIM to create mappings
between user identities, which allows a user to authenticate with one user
identity and access resources of another user identity without the user having
to supply the needed user identity. You accomplish this in EIM by defining
an association between one user identity and another user identity. User identities
can be in various forms, including user certificates. You can either create
individual associations between an EIM identifier and the various user identities
that belong to a user represented by that EIM identifier. Or, you can create
policy associations, which map a group of user identities to a single target
user identity. User identities can be in various forms, including user certificates.
When you create these associations, user certificates can be mapped to the
appropriate EIM identifiers thereby making it easier for the certificates
to be used for authentication.</p>
<p>To take advantage of this EIM feature
for managing user certificates, you need to perform these EIM configuration
tasks before performing any DCM configuration tasks: </p>
</div>
<ol><li class="stepexpand"><span>Use the <span class="uicontrol">EIM Configuration</span> wizard in <span class="uicontrol">iSeries
Navigator</span> to configure EIM.</span></li>
<li class="stepexpand"><span>Create an EIM identifier for each user that you want to have participate
in EIM. </span></li>
<li class="stepexpand"><span>Create a target association between each EIM identifier and that
user's user profile in the local <span class="keyword">i5/OS™</span> user
registry so that any user certificates that the user assigns through DCM or
creates in DCM can be mapped to the user profile.</span> Use the EIM registry
definition name for the local <span class="uicontrol"><span class="keyword">i5/OS</span></span> user
registry that you specified in the <span class="uicontrol">EIM Configuration</span> wizard.</li>
</ol>
<div class="section"><p>After you complete the necessary EIM configuration tasks, you must
use the <span class="uicontrol">Manage LDAP Location</span> task to configure Digital
Certificate Manager (DCM) to store user certificates in a Lightweight Directory
Access Protocol (LDAP) location instead of with a user profile. When you configure
EIM and DCM to work together, the <span class="uicontrol">Create Certificate</span> task
for user certificates and the <span class="uicontrol">Assign a user certificate</span> task
process certificates for EIM usage rather than assigning the certificate to
a user profile. DCM stores the certificate in the configured LDAP directory
and uses the certificate's distinguished name (DN) information to create a
source association for the appropriate EIM identifier. This allows operating
systems and applications to use the certificate as the source of an EIM mapping
lookup operation to map from the certificate to a target user identity associated
with the same EIM identifier.</p>
<p>Additionally, when you configure EIM and
DCM to work together you can use DCM to check user certificate expiration
at the enterprise level rather than just at the system level.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu4aagetstarteddcm.htm" title="Use this information to help you decide how and when you might use digital certificates to meet your security goals. Use this information to learn about any prerequisites you need to install, as well as other requirements that you must consider before using DCM.">Plan for DCM</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzahurzahu4afinternetvsprivcert.htm" title="Review this information to learn how to determine which type of certificate (public or private) best suits your business needs.">Public certificates versus private certificates</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzahumanageuserexpire.htm" title="Digital Certificate Manager (DCM) provides certificate expiration management support to allow administrators to check the expiration dates of user certificates on the local iSeries system. DCM user certificate expiration management support can be used in conjunction with Enterprise Identity Mapping (EIM) so that administrators can use DCM to check user certificate expiration at the enterprise level.">Manage user certificates by expiration</a></div>
<div><a href="rzahumanageldaploc.htm" title="Review this information to learn how to configure DCM to store user certificates in a Lightweight Directory Access Protocol (LDAP) server directory location to extend Enterprise Identity Mapping to work with user certificates.">Manage LDAP location for user certificates</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../rzalv/rzalvmst.htm">EIM Information Center topic</a></div>
</div>
</div>
</body>
</html>