If you are not using SSO now, then there will be no bad effect of
setting up EIM.
All EIM is is a mapping from a Kerberos principal (Windows user ID) to
an IBM i user name. It doesn't do anything other than that - it is just
USED by Network Authentication when asked.
Also, you can set up 1 person in EIM and leave all the rest alone.
Again, YOU can have your 5250 session pop up without needing an
I recommend going to THIS site instead of the Infocenter one -
That site was put together by the team that supports ISVs - they helped
me tremendously when I added SSO support to a product at my previous
employer. I think it's fair to say that my trials were part of why they
put that site together.
If you are like me - and that ISV support team - you have found that the
minute you try to figure something out from the manuals, you are
expected to know something else. Again, that developerworks page helps
get around all that.
Good luck! and have fun!
On 2/19/2014 3:05 PM, Matt Lavinder wrote:
We have been investigating single-sign-on I am looking at following the
document here (http://is.gd/6xxMCv) for creating a SSO test environment.
I get a bit nervous about making changes as we do not have a test
system. Will the act of creating a new EIM domain have any impact on
existing users or objects?