Version 9.5 SP1
 —  LoginModules Guide  —

Introduction to Integrated Authentication Framework

The Integrated Authentication Framework (IAF) is a token-based infrastructure that enables Software AG's enterprise single sign-on. In addition, it allows usage of a configurable authentication system (user database) with Software AG products across platforms.

This document covers the following topics:

See also Installing Integrated Authentication Framework, Configuring Integrated Authentication Framework, and Troubleshooting Integrated Authentication Framework.


Overview

The architecture of IAF defines a central service (the IAF service) that is contacted by multiple clients in order to:

More and more Software AG products are equipped with the IAF client-side modules. These are configured through the configuration process of the application itself. Mainly, the application must know the location of the IAF server. Under UNIX and Windows the IAF server can be started and stopped using a System Management Hub agent or command line scripts. Under z/OS it runs as a started task and can be started and stopped via operator commands.

Top of page

Implementation Details

The IAF server is configured using an attribute file, where you can define parameters that influence the scalability (multiple parallel threads) and internal cache sizes (max. buffers) of the server.

The main functionality of an IAF server is also configured using the attribute file. You have to select an existing user repository (such as a RACF database or a Windows Active Directory) that is triggered with authentication requests.

No license file is required, since IAF is a common infrastructure that can only be used by Software AG products.

An example of the notation of an IAF server is given below:

iaf://<IAF-server-machine-IP-address>:<port>?<sslparms>

Calling IAF for authentication serves the following purposes:

  1. The authentication is performed by a remote server. It can reach out to user repositories that may not be available on the local machine.

  2. IAF creates a unique and secure token/artifact for each successful user authentication. The server returns this token/artifact to the client process, where it can be included in the message flow. The advantages are:

Top of page