(The number in the heading refers to the Configuration Workflow.)
These settings are needed for testing, and can also be used in production.
For any supported emulator, the MSS administrator will:
Create an IBM 3270 session for the specified emulator type.
Add an automated sign-on macro that logs on to the host session.
NOTE:For any supported emulator or session type, the automated sign-on macro must:
Send a host application ID to the MSS Administrative Server so that the Administrative Server can request a PassTicket from DCAS.
Insert the user's RACF credentials (PassTicket and mainframe user ID) that are returned from the MSS Administrative Server (to the client) into the data that is transmitted to the host. This action logs the user on to the mainframe application.
The steps to add a macro to the IBM 3270 session differ depending on your emulator and the type of session being configured.
Follow the steps for your emulator or session type:
For this configuration, the MSS administrator will:
Open the Administrative Console to Manage Sessions, and click +Add.
Select Reflection/InfoConnect Desktop as the Product.
Select Workspace Automated Sign-on as the Session type.
Enter a Session name that exactly matches the name of the host to which the session document files are configured to connect.
For example, if the host name is myHost, then the Session name must be myHost.
If your environment has session documents that are configured to connect to variations of host names (such as fully qualified names or IP Addresses), create a separate Workspace Automated Sign-on session for each name. For examples, see the Manage Sessions Help.
Click Browse. Select the Reflection or InfoConnect Workspace session document file (ASM.rd3x) that contains the automated sign-on for mainframe login macro.
The Reflection Desktop administrator created this session document during Initial Setup.
Click Save to upload the settings file and save the session.
The session is added to the Manage Sessions list and is available to be assigned.
Continue with 5. Assign access to one user for testing.
For this configuration, the MSS administrator will:
Open the Administrative Console to Manage Sessions, and click +Add.
Select Reflection/InfoConnect Desktop as the Product.
Select Workspace as the Session type.
Enter a Session name.
Click Launch to open the session.
Create a new 3270 terminal session. In the Create New Document dialog, 3270 terminal should be selected. Click Create.
If the session will connect through the Security Proxy Server, continue with steps 8-11 to configure security.
Otherwise, enter the name or IP address of the host computer, click OK, and proceed to step 12.
In the Create New 3270 Terminal Document dialog, check Configure additional settings (at the bottom of the dialog), and click OK.
On the Settings dialog, under Host Connection, select Set Up Connection Security and click the Security Settings button.
On the SSL/TLS tab in the Security Properties dialog, check both Use SSL/TLS security and Use Security Proxy. Configure the Security Proxy settings. Click OK.
(The Security Proxy server name and port are listed on the Administrative Console > Security Proxy panel.)
Accept the connection security settings and click OK. Continue to configure the features you want users to be able to access or edit. Click Help for guidance.
Keep the session open and connected to the host. Continue with B. Record and edit a macro in a Reflection Desktop session
The logon macro is initiated when an authenticated user launches the session to connect or reconnect to the host.
NOTE:These instructions are guidelines to enable Automated Sign-On for Mainframe. Although error- checking is omitted for brevity and clarity, the macro author should check for errors as required by the application.
In the 3270 session you just created, start the macro recorder (Macros > Record VBA).
Connect to the host and log on to the appropriate host application using a valid user name and password.
You will edit the macro to remove specific user information and replace it with values that support logon by any authenticated user.
Stop the macro recorder (Macros > Stop Recording).
In the Recording Complete dialog, name the macro (for example TSO_logon). Click OK.
Save the macro with the current document (session) or in the common project.
By saving the macro with the current document, it will be transferred to the MSS Administrative Server when the session is saved in the Administrative Console, and then distributed to users who run this session.
Open the Visual Basic Editor (Macros > Visual Basic). Locate your macro: open Project > Modules, and double-click Recorded (or right-click > View Code).
After retrieving the ibmCurrentTerminal object, add this line:
ibmCurrentTerminal.GetDASOPassTicket("APPID")
where "APPID" is replaced with the appropriate host application ID.
Edit the statement that sends your user name. Remove your user name and replace it with the mainframe username that was retrieved by the GetDASOPassTicket function call.
The edited line should look like this:
ibmCurrentScreen.SendKeys(ibmCurrentTerminal.DASOUserID)
a. Comment out or delete the line that uses the PasswordBox function to prompt the user for the password.
hiddenTextEntry = ibmCurrentTerminal.Macro.PasswordBox("", "")
If (hiddenTextEntry = "") Then
Err.Raise 5002, "Hidden TextEntry", "No Value Provided.", "VBAHelp.chm", "5002"
End If
b. Replace that line with one that looks like this:
ibmCurrentScreen.SendKeys(ibmCurrentTerminal.DASOPassTicket)
Save the macro. Click Yes to send settings to the MSS Administrative Server.
Close the Visual Basic editor, and keep the session open.
Open Document Settings (File > Settings > Document Settings). Under Host Connection, click Configure Advanced Connection Settings.
In Configure Advanced Connection Settings, under Connection Action, check the boxes to
Run a macro or other action after the initial connection.
Select the logon macro and click OK.
Run when reconnecting.
Select the logon macro and click OK. The macro will be initiated when a user connects to a mainframe session.
Save the session. (Click Save or Exit.) Click Yes to send the settings to the MSS Administrative Server.
Continue with 5. Assign access to one user for testing.
To configure Reflection ZFE to use Automated Sign-on, the MSS administrator will:
See also How to Set Up Automated Single Sign-On for Mainframe in the Reflection ZFE Help.
Open the Administrative Console to Manage Sessions, and click +Add.
Select Reflection/ZFE as the Product.
Enter a Session name.
Click Launch to open the session.
Confirm the session Type is IBM 3270.
Enter the Host name and Port, and click Save.
While the session is open and connected to the host, continue with B. Record and edit a macro in a Reflection ZFE session.
The logon macro is initiated when an authenticated user launches the session to connect or reconnect to the host.
NOTE:These instructions are guidelines to enable Automated Sign-On for Mainframe. Although error- checking is omitted for brevity and clarity, the macro author should check for errors as required by the application.
In the IBM 3270 session you just created, create a macro to log on to this mainframe session. See Creating Macros in Reflection ZFE Help.
Name the macro, for example ASO_logon.
Edit the macro to contain the AutoSignon object that provides the methods needed to create a Reflection ZFE login to use with Automated Sign-on.
See the example in Automatic sign-On Macro for Mainframes in the Reflection ZFE Help.
Save the macro and send the settings to the MSS Administrative Server.
Save the session and send the settings to the MSS Administrative Server.
Continue with 5. Assign access to one user for testing.
Create a session, and then record and edit a logon macro using Reflection ZFE or Reflection for the Web. These steps use Reflection for the Web as an example
To configure Reflection for the Web to use Automated Sign-on, the MSS administrator will:
Open the Administrative Console to Manage Sessions, and click +Add.
Select Reflection for the Web as the Product.
Select IBM 3270 as the Session type.
Enter a Session name.
Accept or edit the default settings, and click Launch to open the session.
In Connection Setup, enter the name or IP address of the Host computer. Click OK.
Continue to configure the features you want users to be able to access or edit. Click Help for guidance.
Verify that the session connects to the host.
Keep the session open and continue with B. Record and edit a macro in a Reflection for the Web session
The logon macro is initiated when an authenticated user launches the session to connect or reconnect to the host.
NOTE:These instructions are guidelines to enable Automated Sign-On for Mainframe. Although error- checking is omitted for brevity and clarity, the macro author should check for errors as required by the application.
In the open IBM 3270 session you created, start the macro recorder (Macro > Start recording).
Connect to the host and log on to the appropriate host application using a valid user name and password.
You will edit the macro to replace specific user information with values that support logon by any authenticated user.
Click Macro > Stop Recording...
Enter the macro name, such as TSO Logon.
Save the macro and click OK to acknowledge the alert message, which tells you that the macro will be saved to the MSS Administrative Server only after you save and exit the session.
Click Macro > Macros... Select the macro you just created and click Edit.The macro opens for editing in a Macro Editor window.
Below the variable definitions at the top of the recorded macro, add the following line:
var credentials = eclcredentials.getDASOPassTicket( "APPID" );
where "APPID" is replaced with the appropriate host application ID.
In the macro’s “performAction” function, edit the statement that sends your user name.
Remove your user name and replace it with the mainframe username that was retrieved by the getDASOPassTicket method. The edited line should look like this:
ps.SendDASOUserID( credentials );
In the macro’s “performAction” function, comment out or delete the lines that use the SendCredential method to transmit the mainframe password. Replace it with a new line that transmits the passticket retrieved from the MSS Administrative Server.
The modified line should look like this:
ps.SendDASOPassTicket( credentials );
Save the macro and close the Macro Editor window.
To configure the macro to run on session startup, or to run on each connection, click Macros > Macros…
In the Macros dialog box, select “Run at startup” if you want the automated sign-on macro to run after the session launches.
Click the Events button, then assign the macro as the “On connect macro” if you want the automated sign-on macro to run every time the session connects.
Close the Macros dialog box, and then Save and Exit the session to send the settings to the MSS Administrative Server.
Continue with 5. Assign access to one user for testing.
To configure Rumba+ Desktop to use Automated Sign-on, the MSS administrator will:
Open the Administrative Console to Manage Sessions, and click +Add.
Select Rumba+ Desktop as the Product.
Enter a Session name. Continue with B. Upload a Rumba+ Session Profile
Click Browse. Select the Rumba+ session profile that contains the automated sign-on for mainframe login macro.
The Rumba administrator created this session profile during Initial Setup.
Click Save to upload the profile and save the session.
The session is added to the Manage Sessions list and is available to be assigned.
Continue with 5. Assign access to one user for testing.