+

Search Tips   |   Advanced Search

(zos)

z/OS Secure Authentication Service settings

Use this page to specify authentication settings for requests that are received and sent by a server that uses the z/OS authentication protocol. Use the z/OS Secure Authentication Service (z/SAS) protocol to communicate securely to enterprise beans. To view this console page:

  1. Click Security > Global security > Authentication expand RMI/IIOP, click z/SAS authentication.

The panel displays only when we have a Version 6.1 server in the environment.

The panel associated with this article displays only when we have a Version 6.1 or lower level server in a Version 6.1 cell.

We can also view this console page by completing the following steps:

  1. Click Servers > Server Types > WebSphere application servers > server_name.

  2. Under Security, click Server security > z/SAS authentication.

z/SAS protocols are ignored unless the active user registry is local operating system. z/SAS is supported only between Version 6.0.x and previous version servers that have been federated in a Version 6.1 cell.


Basic authentication

Specifies that clients to this server can provide a System Authorization Facility (SAF) user ID and password over a Secure Sockets Layer (SSL) connection. This option requires a valid system SSL repertoire selection on the SSL settings option.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled


Client certificate

Specifies that clients to this server can authenticate using SSL client certificates. The client certificates must be capable of mapping to a SAF user ID. We must connect the public certificate of the client certificate authority to the server key ring. The client certificate option requires a valid system SSL repertoire selection on the SSL settings option.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled


User ID and password

Specifies that clients can connect to this server with a SAF user ID and password without requiring a connection sent over an SSL session.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled


Identity assertion inbound

Specifies that inbound requests using SAF user IDs that are forwarded by Application Server for z/OS can be accepted.

The immediate downstream server establishes its identity by sending a digital certificate. Identity assertion is available only if client certificates are supported. When you enable this setting, you must select an SSL setting.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled


Identity assertion outbound

Specifies that outbound requests that originate from this server can forward authenticated client user IDs over an SSL connection to another application server for z/OS in which it has established trust.

This option requires a valid system SSL repertoire selection on the SSL settings option.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled


Support unauthenticated clients

The server accepts Internet Inter-ORB Protocol (IIOP) requests without any authentication information.

If we enable this property, specify the Remote identity setting to associate a user ID with requests from a remote server.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled


SSL settings

Specifies a predefined list of SSL settings for connections. Configure these settings on the SSL repertoire panel.

Information Value
Data type String
Default None

Reference topic