api-layer
api-layer copied to clipboard
Identity propagation (to SAF identity)
Introduction Distributed user identity is not known to the mainframe security system and can't be used for actual access to mainframe resources.
Product requirements
- Match user ID's from the distributed side with the user ID known to the concrete mainframe security system
- Create a mainframe (Zowe) access token or passticket
Technical requirements
- Perform APF authorized call to SAF for user identity propagation
- Use the new OIDC scheme to provide credentials with the southbound call to the mainframe services
Design