+

Search Tips   |   Advanced Search

(ZOS) z/OS Secure Authentication Service settings

Specify authentication settings for requests received and sent by a server that uses the z/OS authentication protocol. Use the z/OS Secure Authentication Service (z/SAS) protocol to communicate securely to enterprise beans.

To view this administrative console page:

  1. Click Security > Global security .

  2. Under Authentication expand RMI/IIOP, click z/SAS authentication.

The panel displays only when we have a v6.1 server in the environment.

The panel associated with this article displays only when we have a v6.1 or lower level server in a v6.1 cell.

We can also view this administrative console page by completing the following steps:

  1. Click Servers > Server Types > WebSphere application servers > server.

  2. Under Security, click Server security > z/SAS authentication.

z/SAS protocols are ignored unless the active user registry is local operating system. z/SAS is supported only between v6.0.x and previous version servers that have been federated in a v6.1 cell.


Basic authentication

Clients to this server can provide a System Authorization Facility (SAF) user ID and password over an SSL connection. This option requires a valid system SSL repertoire selection on the SSL settings option.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled


Client certificate

Clients to this server can authenticate using SSL client certificates. The client certificates must be capable of mapping to a SAF user ID. We must connect the public certificate of the client certificate authority to the server key ring. The client certificate option requires a valid system SSL repertoire selection on the SSL settings option.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled


User ID and password

Clients can connect to this server with a SAF user ID and password without requiring a connection sent over an SSL session.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled


Identity assertion inbound

That inbound requests using SAF user IDs that are forwarded by Application Server for z/OS can be accepted.

The immediate downstream server establishes its identity by sending a digital certificate. Identity assertion is available only if client certificates are supported. When we enable this setting, we must select an SSL setting.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled


Identity assertion outbound

That outbound requests that originate from this server can forward authenticated client user IDs over an SSL connection to another application server for z/OS in which it has established trust.

This option requires a valid system SSL repertoire selection on the SSL settings option.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled


Support unauthenticated clients

That the server accepts Internet Inter-ORB Protocol (IIOP) requests without any authentication information.

If we enable this property, specify the Remote identity setting to associate a user ID with requests from a remote server.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled


SSL settings

Predefined list of SSL settings for connections. Configure these settings on the SSL repertoire panel.

Information Value
Data type String
Default None

  • Configure inbound transports