Liberty support for JAAS Login Module embedded in Resource Adapter

[atosak]

devWorks RFE Provide support for JAAS Login Module in j2c resources 98658
devWorks RFE Liberty profile classloader JAAS 83363

link to UFO design document: https://ibm.box.com/s/o6xfys23er5k0s697hua9p6tpcwuovce

CICS TG (CTG) resource adapter (RA) is not working properly on Liberty in some use cases because Liberty doesn't currently support the embedding of JAAS login modules (LM) in RAs. This lack of support is causing CTG identity propagation to fail. Although it is possible to workaround this limitation by extracting the LM into a jar and placing in a shared library, the connector spec requires the ability to embed an LM in an RA:

D.3.1 JAAS Modules

A resource adapter provider can provide a resource adapter-specific custom implementation of a JAAS module. The connector architecture recommends that a resource adapter provider provide a custom JAAS module when the underlying EIS supports an authentication mechanism that is EIS specific and is not supported by an application server. A custom JAAS module can be packaged together with a resource adapter and can be pluggable into an application server using the JAAS architecture.

[atosak]

---

List of Steps to complete or get approvals / sign-offs for Onboarding to the Liberty release (GM date)

Instructions:

• Do the actions below and mark them complete in the checklist when they are done.
• Make sure all feature readiness approvers put the appropriate tag on the epic to indicate their approval.

---

TARGET COMPLETION DATE Before Development Starts or 8 weeks before Onboarding

• POC Design / WAD Review Scheduled (David Chang) or N/A.
• POC Design / WAD Reviewed (Feature Owner) or N/A.
• Complete any follow-ons from the POC Review.
• Design / WAD Approval (Alasdair Nottingham) or N/A.
• No Design / No WAD Approval (Arthur De Magalhaes - cloud / Alasdair Nottingham - server) or N/A.
• SVT Requirements identified. (Epic owner / Feature owner with SVT focal point)
• ID Requirements identified. (Epic owner / Feature owner with ID focal point)
• Create a child task of the epic entitled "FAT Approval Test Summary". Add and fill in the template as described here: https://github.ibm.com/was-liberty/WS-CD-Open/wiki/Feature-Review-(Feature-Test-Summary-Process)

---

TARGET COMPLETION DATE 3 weeks before Onboarding

• Identify all open source libraries that are changing or are new. Work with Legal Release Services (Cass Tucker or Release PM) to get open source cleared and approved. Or N/A. (Epic Owner). New or changed open source impacts license and Certificate of Originality.

---

TARGET COMPLETION DATE ** 3 weeks before Onboarding**

• All new or changed PII messages are checked into the integration branch, before the last translation shipment out. (Epic Owner)

---

TARGET COMPLETION DATE 2 weeks before Onboarding

• Implementation complete. (Epic owner / Feature owner)
• All function tests complete. Ready for FAT Approval. (Epic owner / Feature owner)
• Review all known issues for Stop Ship. (Epic owner / Feature owner / PM)

---

APPROVALS with TARGET COMPLETION DATE 2 to 1 week before Onboarding

Prereq: You must have the Design Approved or No Design Approved label on the GitHub Epic.

• Accessibility - (G Scott Johnston). Accessibility testing is complete or N/A. Approver adds label focalApproved:accessibility to the Epic in Github.
• FAT Liberty SOE - (Kevin Smith). SOE FATS are running successfully or N/A . Approver adds label focalApproved:fat to the Epic in Github.
• Globalization (Sam Wong - Liberty / Simy Cheeran - tWAS). Translation is complete or N/A. TVT - complete or N/A. Approver adds label focalApproved:globalization to the Epic in Github.
• ID - (Kareen Deen). Documentation work is complete or N/A . Approver adds label focalApproved:id to the Epic in Github.
• Performance - (Jared Anderson). Performance testing is complete with no high severity defects or N/A . Approver adds label focalApproved:performance to the Epic in Github.
• Serviceability - (Don Bourne). Serviceability has been addressed.
• STE - (Swati Kasundra). STE chart deck is complete or N/A . Approver adds label focalApproved:ste to the Epic in Github.
• SVT - (Greg Ecock - Cloud, Brian Hanczaryk- APS). SVT is complete or N/A . Approver adds label focalApproved:svt to the Epic in Github.
• Demo - (Liberty only - Tom Evans or Chuck Bridgham). Demo is scheduled for an upcoming EOI. Approver adds label focalApproved:demo to the Epic in Github.

---

TARGET COMPLETION DATE 1 week before Onboarding

• No Stop Ship issues for the feature. (Epic owner / Feature owner / Release PM)
• Ship Readiness Review and Release Notes completed (Epic owner / Feature owner / Release PM)
• Github Epic and Epic's issues are closed / complete. All PRs are committed to the master branch. (Epic owner / Feature owner / Backlog Subtribe PM)

---

NOT REQUIRED FOR A FEATURE

• OL Guides - (Yee-Kang Chang). Assessment for OL Guides is complete or N/A.
• WDT - (Leonard Theivendra). WDT work complete or N/A.

---

Related Deliverables TARGET COMPLETION DATE General Availability

• Blog article writeup (Epic owner / Feature owner / Laura Cowen)

[covener]

WAD actions/fedback from 1/20

• add spec compliance to problem statmenet
• resolve providerRef naming including semantics of when both providerRef and libraryRef are present
  • @NottyCode's preference was not to blow up with both present.
  • include in serviceability slide
• resolve whether WAR scenario is addl stretch user story or followon feature.

[skasund]

@njr-11 Thank you for the STE slides. I've approved this feature.

[njr-11]

Serviceability Approval Comment - Please answer the following questions for serviceability approval:

WAD -- does the WAD identify the most likely problems customers will see and identify how the feature will enable them to diagnose and solve those problems without resorting to raising a PMR?

No, this information was covered in the Skills Transfer doc, not the WAD/Upcoming Feature Overview doc.
Have these issues been addressed in the implementation?
Yes

Test and Demo -- As part of the serviceability process we're asking feature teams to test and analyze common problem paths for serviceability and demo those problem paths to someone not involved in the development of the feature (eg. L2, test team, or another development team).
a) What problem paths were tested and demonstrated?

Login module configured to be loaded from both shared library and application/resource adapter
Login module configured to be loaded from nowhere
Login module configured to be loaded from an application or resource adapter that does not contain it
b) Who did you demo to?
Greg Watts, Mark Swatosh
c) Do the people you demo'd to agree that the serviceability of the demonstrated problem scenarios is sufficient to avoid PMRs for any problems customers are likely to encounter, or that L2 should be able to quickly address those problems without need to engage L3?
Yes. One grammar error was discovered in the NLS message output during the serviceability review, but it has since been corrected.

SVT -- SVT team is often the first team to try new features and often encounters problems setting up and using them. Note that we're not expecting SVT to do full serviceability testing -- just to sign-off on the serviceability of the problem paths they encountered.
a) Who conducted SVT tests for this feature?

CICS Transaction Gateway team (outside of our org). The SVT contact person is Rumana Haque.
b) Do they agree that the serviceability of the problems they encountered is sufficient to avoid PMRs, or that L2 should be able to quickly address those problems without need to engage L3?
If the CICS team does not agree with the serviceability or other aspects of the feature then Rumana will not sign off on the SVT approval.

Which L2 / L3 queues will handle PMRs for this feature? Ensure they are present in the contact reference file and in the queue contact summary, and that the respective L2/L3 teams know they are supporting it. Ask Don Bourne if you need links or more info.

WAS L2: sec
WAS L3: Security SSO

[donbourne]

approving on understanding that @rumanaHaque will not approve SVT if serviceability issues are found.

[chirp1]

Fred indicated that no ID is required. Approving.

[rumanaHaque]

The CICS Team in India completed the SVT for this Feature. Got an email from Reshmi George from that team, which stated that they had completed the testing of CTG Identity Propagation tests with Liberty version Open Liberty Version 20.0.0.4 - (20.0.0.4-202003162010). The functionality worked as expected and there were no issues found. Since SVT is complete, adding the SVT Focal Point approval.

[frowe]

Both RFE's mentioned in the description have been closed as delivered.