MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » February 2014

Re: EIM Domain and SSO



fixed

If you are not using SSO now, then there will be no bad effect of setting up EIM.

All EIM is is a mapping from a Kerberos principal (Windows user ID) to an IBM i user name. It doesn't do anything other than that - it is just USED by Network Authentication when asked.

Also, you can set up 1 person in EIM and leave all the rest alone. Again, YOU can have your 5250 session pop up without needing an additional logon.

I recommend going to THIS site instead of the Infocenter one - http://www.ibm.com/developerworks/ibmi/library/i-sso/index.html

That site was put together by the team that supports ISVs - they helped me tremendously when I added SSO support to a product at my previous employer. I think it's fair to say that my trials were part of why they put that site together.

If you are like me - and that ISV support team - you have found that the minute you try to figure something out from the manuals, you are expected to know something else. Again, that developerworks page helps get around all that.

Good luck! and have fun!

HTH
Vern

On 2/19/2014 3:05 PM, Matt Lavinder wrote:
We have been investigating single-sign-on I am looking at following the
document here (http://is.gd/6xxMCv) for creating a SSO test environment.
I get a bit nervous about making changes as we do not have a test
system. Will the act of creating a new EIM domain have any impact on
existing users or objects?






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact