+

Search Tips   |   Advanced Search

ISAM JACC provider settings

Configure the Java Authorization Contract for Container (JACC) provider for Security Access Manager.

When a third-party authorization such as ISAM or SAF for z/OS is used, the information in the administrative console panel might not represent the data in the provider. Also, any changes to the panel might not be reflected in the provider automatically. Follow the provider's instructions to propagate any changes made to the provider.

To view the JACC provider settings for ISAM:

  1. Click Security > Global security.

  2. Under Authentication, click External authorization providers.

  3. Under Authorization provider, click External JACC provider.

  4. Click Configure to configure the properties for ISAM.


Enable embedded ISAM

Enables or disables the embedded ISAM client configuration.

Information Value
Default: Disabled
Range: Enabled or Disabled

To disable ISAM as the JACC provider, clear this option and also select Default authorization.


Ignore errors during embedded ISAM disablement

Specifies whether to ignore error messages during the unconfiguration process.

If we check this check box and click OK or Apply, when you unconfigure the embedded ISAM, any unconfiguration errors are ignored and the process completes. If we do not check this check box, unconfiguration errors cause the unconfiguration process to stop.

This option is applicable only when re-configuring an embedded ISAM client or disabling an embedded ISAM.

Information Value
Default: Disabled
Range: Enabled or Disabled


Client listening port set

Enter the ports used as listening ports by ISAM clients.

The application server needs to listen on a TCP/IP port for authorization database updates from the policy server. More than one process can run on a particular node and machine, so a list of ports is required for use by the processes. If we specify a range of ports, separate the lower and higher values by a colon (:). The first 20% of the range is reserved for the deployment manager. Single ports and port ranges are specified on separate lines. An example list might look like the following example:

7999
8900:8999

(ZOS) Note: Each of the servants might need to open up a listener port.


Policy server

Enter the name, fully-qualified domain name, or IP address of the ISAM policy server and the connection port.

Use the form policy_server:port. The policy server communication port was set at the time of the ISAM configuration. The default is 7135.


Authorization servers

Enter the name, fully-qualified domain name, or IP address of the ISAM authorization server. Use the form, auth_server:port:priority.

The authorization server communication port is set at the time of ISAM configuration. The default is 7136. We can specify more than one authorization server by entering each server on a new line. Configuring more than one authorization server provides for failover. The priority value is the order of authorization server use. For example: 

auth_server1.mycompany.com:7136:1
auth_server2.mycompany.com:7137:2
A priority of 1 is still required when configuring a single authorization server.


Administrator user name

Enter the ISAM administration user ID, as created at the time of ISAM configuration. This ID is usually, sec_master.


Administrator user password

Enter the ISAM administration password for the user ID that is entered in the Administrator user name field.


User registry distinguished name suffix

Enter the distinguished name suffix for the user registry to share between ISAM and the application server. For example: o=organization,c=country


Security domain

Enter the name of the ISAM security domain used to store application server users and groups.

Specification of the ISAM domain is required because more than one security domain can be created in ISAM with its own administrative user. Users, groups, and other objects are created within a specific domain and are not permitted to access resources in another domain. If a security domain is not established at the time of ISAM configuration, leave the value as Default.

Information Value
Default: Default


Administrator user distinguished name

Enter the fully distinguished name of the security administrator ID for the application server. For example, cn=wasadmin,o=organization,c=country

  • Configure the JACC provider for ISAM