racfcid=uuuuuuuu
is the current userid, obtained from UEPUSER
ibm-httprealm=rrrrrrrr
is the HTTP 401 realm, obtained from UEPREALM (if this exists)
labeledURI=xxxxxxxx
is the target URL, obtained by concatenating “http://” with the hostname
from UEPHOST and the path from UEPPATH
cn=BasicAuth
is an arbitrary suffix that is configured into the LDAP server for the
purpose of storing Basic Authentication credentials.
v Issues DFHDDAP SEARCH_LDAP with this distinguished name
v If the SEARCH_LDAP fails, DFH$WBX1 removes the REALM parameter from
the distinguished name and repeats the search. If the search fails again,
DFH$WBX1 removes the UID parameter from the distinguished name and
repeats the search. If the search fails for the third time, DFH$WBX1 returns from
the exit with return code UERCERR.
v If the search was successful, issue DFHDDAP START_BROWSE_RESULTS
v Obtains the target username credential by obtaining the value of the UID
attribute with DFHDDAP GET_ATTRIBUTE_VALUE. This is set into the response
area provided by UEPUSNM.
v Obtains the target password credential by obtaining the value of the
UserPassword attribute with DFHDDAP GET_ATTRIBUTE_VALUE. This is set
into the response area provided by UEPPSWD.
v Releases the browse storage by issuing DFHDDAP END_BROWSE_RESULTS
v If the bind token was not stored in the global workarea, terminate the LDAP
session by issuing DFHDDAP UNBIND_LDAP
v If all is successful, DFHWBX1 returns from the exit with return code
UERCNORM.
DFH$WBX2
This sample global user exit program has the following functions:
v Obtains the destination HTTP host from UEPHOST/UEPHOSTL and the
destination HTTP path from UEPPATH/UEPPATHL, and uses them to construct
the URL of the HTTP server for which the basic authentication credentials are
required, as follows: http://hostname/pathname.
v If a realm exists (that is, if UEPREALML is non-zero), DFH$WBX2 appends the
realm from UEPREALM to the URL created above, separated by a number sign
(#) to make it look like a URL fragment identifier, as follows:
http://hostname/pathname#realm. If necessary, the realm is URL-encoded.
v Stores the URL in the DFHWS-SERVICEURI container in the DFHWSTC-V1
channel.
v Stores the URL of the Security Token Service (STS), obtained from the global
work area, in the DFHWS-STSURI container in the DFHWSTC-V1 channel.
v Stores architecturally appropriate URIs into the DFHWS-STSACTION and
DFHWS-TOKENTYPE containers in the DFHWSTC-V1 channel.
v Constructs a username token from the caller’s userid passed in UEPUSER, and
store it in the DFHWS-IDTOKEN container in the DFHWSTC-V1 channel.
v
22 Customization Guide