107 lines
8.4 KiB
HTML
107 lines
8.4 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="task" />
|
||
|
<meta name="DC.Title" content="Digital certificates and Enterprise Identity Mapping (EIM)" />
|
||
|
<meta name="abstract" content="Using Enterprise Identity Mapping (EIM) and Digital Certificate Mangers (DCM) together allows you to apply a certificate as the source of an EIM mapping lookup operation to map from the certificate to a target user identity associated with the same EIM identifier." />
|
||
|
<meta name="description" content="Using Enterprise Identity Mapping (EIM) and Digital Certificate Mangers (DCM) together allows you to apply a certificate as the source of an EIM mapping lookup operation to map from the certificate to a target user identity associated with the same EIM identifier." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4aagetstarteddcm.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4afinternetvsprivcert.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahumanageuserexpire.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahumanageldaploc.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../rzalv/rzalvmst.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzahuandeim.dita" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Digital certificates and Enterprise Identity Mapping (EIM)</title>
|
||
|
</head>
|
||
|
<body id="rzahuandeim.dita"><a name="rzahuandeim.dita"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Digital certificates and Enterprise Identity Mapping (EIM)</h1>
|
||
|
<div><p>Using Enterprise Identity Mapping (EIM) and Digital Certificate
|
||
|
Mangers (DCM) together allows you to apply a certificate as the source of
|
||
|
an EIM mapping lookup operation to map from the certificate to a target user
|
||
|
identity associated with the same EIM identifier.</p>
|
||
|
<div class="section"><p>EIM is an <span id="rzahuandeim.dita__eserver_logo"><a name="rzahuandeim.dita__eserver_logo"><!-- --></a><img src="eserver.gif" alt="eServer" /></span> technology that allows you to manage user identities in your
|
||
|
enterprise, including user profiles and user certificates. A user name and
|
||
|
password is the most common form of user identity; certificates are another
|
||
|
form of user identity. Some applications are configured to allow users to
|
||
|
be authenticated by means of a user certificate rather than by means of a
|
||
|
user name and password.</p>
|
||
|
<p>You can use EIM to create mappings
|
||
|
between user identities, which allows a user to authenticate with one user
|
||
|
identity and access resources of another user identity without the user having
|
||
|
to supply the needed user identity. You accomplish this in EIM by defining
|
||
|
an association between one user identity and another user identity. User identities
|
||
|
can be in various forms, including user certificates. You can either create
|
||
|
individual associations between an EIM identifier and the various user identities
|
||
|
that belong to a user represented by that EIM identifier. Or, you can create
|
||
|
policy associations, which map a group of user identities to a single target
|
||
|
user identity. User identities can be in various forms, including user certificates.
|
||
|
When you create these associations, user certificates can be mapped to the
|
||
|
appropriate EIM identifiers thereby making it easier for the certificates
|
||
|
to be used for authentication.</p>
|
||
|
<p>To take advantage of this EIM feature
|
||
|
for managing user certificates, you need to perform these EIM configuration
|
||
|
tasks before performing any DCM configuration tasks: </p>
|
||
|
</div>
|
||
|
<ol><li class="stepexpand"><span>Use the <span class="uicontrol">EIM Configuration</span> wizard in <span class="uicontrol">iSeries
|
||
|
Navigator</span> to configure EIM.</span></li>
|
||
|
<li class="stepexpand"><span>Create an EIM identifier for each user that you want to have participate
|
||
|
in EIM. </span></li>
|
||
|
<li class="stepexpand"><span>Create a target association between each EIM identifier and that
|
||
|
user's user profile in the local <span class="keyword">i5/OS™</span> user
|
||
|
registry so that any user certificates that the user assigns through DCM or
|
||
|
creates in DCM can be mapped to the user profile.</span> Use the EIM registry
|
||
|
definition name for the local <span class="uicontrol"><span class="keyword">i5/OS</span></span> user
|
||
|
registry that you specified in the <span class="uicontrol">EIM Configuration</span> wizard.</li>
|
||
|
</ol>
|
||
|
<div class="section"><p>After you complete the necessary EIM configuration tasks, you must
|
||
|
use the <span class="uicontrol">Manage LDAP Location</span> task to configure Digital
|
||
|
Certificate Manager (DCM) to store user certificates in a Lightweight Directory
|
||
|
Access Protocol (LDAP) location instead of with a user profile. When you configure
|
||
|
EIM and DCM to work together, the <span class="uicontrol">Create Certificate</span> task
|
||
|
for user certificates and the <span class="uicontrol">Assign a user certificate</span> task
|
||
|
process certificates for EIM usage rather than assigning the certificate to
|
||
|
a user profile. DCM stores the certificate in the configured LDAP directory
|
||
|
and uses the certificate's distinguished name (DN) information to create a
|
||
|
source association for the appropriate EIM identifier. This allows operating
|
||
|
systems and applications to use the certificate as the source of an EIM mapping
|
||
|
lookup operation to map from the certificate to a target user identity associated
|
||
|
with the same EIM identifier.</p>
|
||
|
<p>Additionally, when you configure EIM and
|
||
|
DCM to work together you can use DCM to check user certificate expiration
|
||
|
at the enterprise level rather than just at the system level.</p>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu4aagetstarteddcm.htm" title="Use this information to help you decide how and when you might use digital certificates to meet your security goals. Use this information to learn about any prerequisites you need to install, as well as other requirements that you must consider before using DCM.">Plan for DCM</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzahurzahu4afinternetvsprivcert.htm" title="Review this information to learn how to determine which type of certificate (public or private) best suits your business needs.">Public certificates versus private certificates</a></div>
|
||
|
</div>
|
||
|
<div class="reltasks"><strong>Related tasks</strong><br />
|
||
|
<div><a href="rzahumanageuserexpire.htm" title="Digital Certificate Manager (DCM) provides certificate expiration management support to allow administrators to check the expiration dates of user certificates on the local iSeries system. DCM user certificate expiration management support can be used in conjunction with Enterprise Identity Mapping (EIM) so that administrators can use DCM to check user certificate expiration at the enterprise level.">Manage user certificates by expiration</a></div>
|
||
|
<div><a href="rzahumanageldaploc.htm" title="Review this information to learn how to configure DCM to store user certificates in a Lightweight Directory Access Protocol (LDAP) server directory location to extend Enterprise Identity Mapping to work with user certificates.">Manage LDAP location for user certificates</a></div>
|
||
|
</div>
|
||
|
<div class="relinfo"><strong>Related information</strong><br />
|
||
|
<div><a href="../rzalv/rzalvmst.htm">EIM Information Center topic</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|