z/OS Secure Authentication Service settings
Use this page to specify authentication settings for requests that are received and sent by a server that uses the z/OS® authentication protocol. Use the z/OS Secure Authentication Service (z/SAS) protocol to communicate securely to enterprise beans.
- Click .
- Under Authentication expand RMI/IIOP, click z/SAS authentication.
- Click .
- Under Security, click .
Basic authentication
Specifies that clients to this server can provide a System Authorization Facility (SAF) user ID and password over a Secure Sockets Layer (SSL) connection. This option requires a valid system SSL repertoire selection on the SSL settings option.
Information | Value |
---|---|
Data type | Boolean |
Default | Disabled |
Range | Enabled or Disabled |
Client certificate
Specifies that clients to this server can authenticate using SSL client certificates. The client certificates must be capable of mapping to a SAF user ID. You must connect the public certificate of the client certificate authority to the server key ring. The client certificate option requires a valid system SSL repertoire selection on the SSL settings option.
Information | Value |
---|---|
Data type | Boolean |
Default | Disabled |
Range | Enabled or Disabled |
User ID and password
Specifies that clients can connect to this server with a SAF user ID and password without requiring a connection sent over an SSL session.
Information | Value |
---|---|
Data type | Boolean |
Default | Disabled |
Range | Enabled or Disabled |
Identity assertion inbound
Specifies that inbound requests using SAF user IDs that are forwarded by Application Server for z/OS can be accepted.
The immediate downstream server establishes its identity by sending a digital certificate. Identity assertion is available only if client certificates are supported. When you enable this setting, you must select an SSL setting.
Information | Value |
---|---|
Data type | Boolean |
Default | Disabled |
Range | Enabled or Disabled |
Identity assertion outbound
Specifies that outbound requests that originate from this server can forward authenticated client user IDs over an SSL connection to another application server for z/OS in which it has established trust.
This option requires a valid system SSL repertoire selection on the SSL settings option.
Information | Value |
---|---|
Data type | Boolean |
Default | Disabled |
Range | Enabled or Disabled |
Support unauthenticated clients
Specifies that the server accepts Internet Inter-ORB Protocol (IIOP) requests without any authentication information.
If you enable this property, specify the Remote identity setting to associate a user ID with requests from a remote server.
Information | Value |
---|---|
Data type | Boolean |
Default | Disabled |
Range | Enabled or Disabled |
SSL settings
Specifies a predefined list of SSL settings for connections. Configure these settings on the SSL repertoire panel.
Information | Value |
---|---|
Data type | String |
Default | None |