If you are not using SSO now, then there will be no bad effect of setting up EIM.

All EIM is is a mapping from a Kerberos principal (Windows user ID) to an IBM i user name. It doesn't do anything other than that - it is just USED by Network Authentication when asked.

Also, you can set up 1 person in EIM and leave all the rest alone. Again, YOU can have your 5250 session pop up without needing an additional logon.

I recommend going to THIS site instead of the Infocenter one - http://www.ibm.com/developerworks/ibmi/library/i-sso/index.html

That site was put together by the team that supports ISVs - they helped me tremendously when I added SSO support to a product at my previous employer. I think it's fair to say that my trials were part of why they put that site together.

If you are like me - and that ISV support team - you have found that the minute you try to figure something out from the manuals, you are expected to know something else. Again, that developerworks page helps get around all that.

Good luck! and have fun!


On 2/19/2014 3:05 PM, Matt Lavinder wrote:
We have been investigating single-sign-on I am looking at following the
document here (http://is.gd/6xxMCv) for creating a SSO test environment.
I get a bit nervous about making changes as we do not have a test
system. Will the act of creating a new EIM domain have any impact on
existing users or objects?

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page