IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace IBM i
Categories Security
Created by Guest
Created on Apr 22, 2025

RELATED IDEAS

Integrate SAML and/or OIDC authentication options for IBMi (5250/Navigator/IFS/Printer Output/SSH)

Many businesses are increasingly demanding that standard authentication processes are adhered to for all applications/servers within their environment. Whether we agree with that approach or not, there is extraordinary pressure to fit IBMi into this mould.


The addition of SAML and/or OIDC authentication options would allow for the IBMi to be seen as a modern OS (sadly, it is not now) and avoid additional, onerous, security remediations, explanations and audits. These additional measures required specifically for IBMi mean that senior leadership figures can more easily lean in to pressure from other vendors to drop the IBMi and move to other platform providers that do offer a modern standardized approach to authentication.


Idea priority High
  • Guest
    Dec 5, 2025
    IBM does not intend to provide a solution to this Idea at this time, so it is being closed. Thank you for taking the time to submit your Idea.  After consideration, we know that we cannot deliver your requested enhancement soon, so it is being declined.  However, your Idea does align with the future strategy and we believe it may have future value, so we will add it to an internal list for us to keep in mind for the future.

    IBM Power Systems Development
    Reply
  • Admin
    Carmelita Ruvalcaba
    Sep 2, 2025

    The CAAC has reviewed this IBM Idea and recommends that IBM view this as a medium priority Idea that should be addressed.

    Background: The COMMON Americas Advisory Council (CAAC) members have a broad range of experience in working with small and medium-sized IBM i customers. CAAC has a key role in working with IBM i development to help assess the value and impact of individual IBM Ideas on the broader IBM i community and has therefore reviewed your Idea.

    For more information about CAAC, see www.common.org/caac

    Carmelita Ruvalcaba - CAAC Program Manager

    1 reply
  • Admin
    Carmelita Ruvalcaba
    Aug 19, 2025

    The CAAC has reviewed this IBM Idea.

    We understand the issue, and CAAC is engaged in internal discussions on this matter. We will reply further later.

    Background: The COMMON Americas Advisory Council (CAAC) members have a broad range of experience in working with small and medium-sized IBM i customers. CAAC has a key role in working with IBM i development to help assess the value and impact of individual IBM Ideas on the broader IBM i community and has therefore reviewed your Idea.

    For more information about CAAC, see www.common.org/caac

    Carmelita Ruvalcaba - CAAC Program Manager

    Reply
  • Guest
    Aug 7, 2025

    Hi, here is my contribution to this topic. I understand that Kerberos is reliable and well used. That said... Many companies now leverage modern authentication methods such as SAML and OIDC which are definitely standards and exist for many years now. They open the ability to rely on different IdP solutions, such as Entra ID. Entra ID brings a lot of features that are not supported by Active Directory / Kerberos. As an example, we use the "Conditional Access Policies" that apply different rules based on the user's current situation. We may require the user to do strong authentication, with MFA. That MFA is UNIQUE accross all applications. We can't have the users deal with a specific MFA tied to the iSeries if we don't them to get confused.

    The use case is real, as all our apps now rely on our Entra ID IdP, except for the iSeries...

    I hope that will give another angle to the request ;-)


    Thanks


    Jean-Xavier

    Reply
  • Guest
    Jul 18, 2025

    Hi Carmelita,

    From what we understand Kerberos does not work when more than 1 domain is involved.

    We host our application for our customers in a private cloud…more & more customers are asking us to host in a different domain. For instance retailer ABC with domain abcretail.com is hosted in our private cloud using a domain ipabcretail.com. Users are unable to use SSO as the authentication today works in conjunction with AD & Kerberos. Users logging in from a PC withing abcretail.com is unable to get authenticated from ipabcretail.com (IBMi is hosted in a private cloud) Unless we established a trust this will not work but to establish a trust AD needs to be shared which customers are not willing to do. They are asking us why we are not supporting modern IAM (like Entra ID or SAML ) authentication.

    Hope that give you a bit more clarity.


    Thanks,

    Suresh

    Reply
  • Admin
    Carmelita Ruvalcaba
    Jul 15, 2025

    The CAAC has reviewed this IBM Idea. More information is needed.

    We would like a more comprehensive view of the use case that would point out the inadequacy you find in the implementation of kerberos in the core operating system.

    Kerberos is proven, tried and true in the operating system.

    For the community, this is a popular solution.

    Background: The COMMON Americas Advisory Council (CAAC) members have a broad range of experience in working with small and medium-sized IBM i customers. CAAC has a key role in working with IBM i development to help assess the value and impact of individual IBM Ideas on the broader IBM i community and has therefore reviewed your Idea.

    For more information about CAAC, see www.common.org/caac

    Carmelita Ruvalcaba - CAAC Program Manager

    Reply
  • Guest
    May 6, 2025
    IBM has received your Idea and is evaluating it. IBM will provide a response after evaluation is complete.

    IBM Power Systems Development
    Reply
  • Guest
    Apr 23, 2025

    100% needed.

    Reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.