IBM RegTech Ideas Portal



Our team welcomes any feedback and suggestions you have for improving our offerings. This forum allows us to connect your product improvement ideas with IBM product and engineering teams.


For product documentation, see Knowledge Center.
Create and View Support Cases and Use the Discussion Forum here


Reminder: This is not the place to submit defects or support needs, please use normal support channel for these cases


The shorter URL for this site is:

IBMers, please visit the WFSS Internal Ideas portal


note: The IBM ICM IDEAS Portal is no longer available at this location. If you have reached this page, please look for a new link in the Varicent Administrator. Direct links are found under the "?" in the upper right corner.
A period of transition is likely to impact this service, while ICM becomes Varicent. Please contact Varicent support if you have additional challenges or concerns.

OAC login and authorization by means of TAI that populates WSSubject with user and groups

My customer is using a Trust Association Interceptor (TAI) which provides the end user authentication and authorization. The TAI is setting up the Principal (username) and his Groups in the WSSubject. Their federated repository that is configured with WebSphere is only used for admin users and doesn´t contain the users that login to the OAC. The OAC users are authenticated and authorized by the TAI.

However currently the OAC expects its users to be existing in the user repository because the OAC is doing a getGroupsForUser call on the WAS UserRegistry api. This api call will not return any groups for my customer´s configuration and therefore the OAC user login fails. This request is about having the OAC login take the Principal and Groups from the WSSubject (J2EE api) instead of the WAS UserRegistry api.

I have attached sample code (see SampleCode.pdf) that shows how the groups of a user can be retrieved from the WSSubject.
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Apr 9 2019
  • Planning to Implement
Component Security
Priority Urgent - Blocker
  • Attach files