Automated Sign-On for Mainframe Administrator Guide

  Automated Sign-On for Mainframe Administrator Guide

    Introduction

      Overview: How it Works

      Before you Begin

      System Requirements and Prerequisites

      Terms

    Configuration Tasks

      Summary of Configuration Tasks

    Phase I: Set Up Initial Configuration

      1.1 Install Management and Security Server and the Automated Sign-On for Mainframe Add-On.

      1.2 Configure user authentication and authorization.

      1.3 Install and configure components on z/OS.

        Configuring DCAS and RACF

    Phase II: Configure a Simple Test Session

      2.1 Configure the Administrative Server for Automated Sign-On for Mainframe.

        A. Configure settings to manage certificates and passwords.

        B. Enter the Automated Sign-On settings.

      2.2 Create host sessions with the automated sign-on macro.

        IBM 3270 session for Windows-based emulators

          A. Create a IBM 3270 session for Reflection/InfoConnect Workspace

          B. Record and edit a macro in a Reflection Desktop session.

        IBM 3270 Session for web-based emulators

          A. Create a Web-Based IBM 3270 session.

          B. Record and edit a logon macro in a Web-Based session.

      2.3 Assign user access for testing

      2.4 Run a test.

    Phase III: Set Up and Store Mainframe Username Mappings

      3.1 Choose a data store option.

        Option A. An authenticating directory with primary user objects.

        Option B. An authenticating directory plus a secondary directory.

      3.2 Implement identity mappings and data storage.

        Configuration Tasks: Identity Mapping

    Phase IV: Configure Settings for Production

      4.1 Assign users’ access to mainframe sessions.

      4.2 Deploy automated sign-on to users.

    Appendix A. Configuring DCAS and RACF on z/OS

      Overview of DCAS Configuration and the z/OS Security Server

      1. Configure RACF so DCAS can run as a system daemon.

        1.1 Define a user ID as superuser to use OMVS Services.

        1.2 Provide a user ID with access to MVS.SERVMGR.DCAS.

        1.3 Provide a RACF definition for MVS Start-up.

      2. Configure TLS for use with DCAS.

        2.1 Overview of Using System TLS with the DCAS Server

        2.2 Configure a Client Authentication Level.

          Authentication Levels

            Level 1

            Level 2

            Level 3

        2.3 Use RACF's Common key ring support to manage keys and certificates.

          2.3 a. Set up initial RACF key ring support. 

          2.3 b. Create a key ring.

        2.4. Create and Connect a Certificate 

          2.4 a. Create and connect self-signed certificates on the host.

            If using RACF, follow these steps:

          2.4 b. Create and connect well-known certificates on the host.

      3. Define a PassTicket profile for each application.

      4. Update the Configuration for the DCAS Server

      5. Start the DCAS server.

        Optional Parameters

      References

    Legal