7.2 Portal security architecture

7.2 Portal security architecture

Security for Portal Server on z/OS is provided through the Custom User Registry (CUR) feature of WebSphere Application Server on z/OS.

The CUR feature for WebSphere Portal on the distributed platforms refers to an authentication system that does not use any of those provided with the product, for example, LDAP. On the z/OS and OS/390 platform, CUR is provided with WebSphere Portal so that it performs authentication using LDAP and not via RACF.

Portal users can typically be a few hundred existing z/OS intranet users who probably have userids managed through RACF, and potentially thousands of new internet or extranet users. The challenge is to provide these new users direct and secure access to transactions and data via the portal. These new portal users do not need RACF logon to the z/OS system, but do need to be authenticated and granted access to the specific application they need to run which is handled by WebSphere Portal via a portlet. This is where a separate registry using the Lightweight Directory Access Protocol (LDAP) as a Custom User Registry comes into play.

Figure 6-1 on page 225 shows an overview of the security implementation of WebSphere Portal Server on z/OS and OS/390.

Figure 7-1: WebSphere Portal security for z/OS