[z/OS]

z/OS Secure Authentication Service settings

Use this page to specify authentication settings for requests that are received and sent by a server that uses the z/OS® authentication protocol. Use the z/OS Secure Authentication Service (z/SAS) protocol to communicate securely to enterprise beans.

To view this administrative console page, complete the following steps:
  1. Click Security > Global security .
  2. Under Authentication expand RMI/IIOP, click z/SAS authentication.
Attention: The panel displays only when you have a Version 6.1 server in your environment.
Attention: The panel associated with this article displays only when you have a Version 6.1 or earlier server in a Version 6.1 cell.
You can also view this administrative console page by completing the following steps:
  1. Click Servers > Server Types > WebSphere application servers > server_name.
  2. Under Security, click Server security > z/SAS authentication.
Note: z/SAS protocols are ignored unless the active user registry is local operating system. z/SAS is supported only between Version 6.0.x and previous version servers that have been federated in a Version 6.1 cell.

Basic authentication

Specifies that clients to this server can provide a System Authorization Facility (SAF) user ID and password over a Secure Sockets Layer (SSL) connection. This option requires a valid system SSL repertoire selection on the SSL settings option.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled

Client certificate

Specifies that clients to this server can authenticate using SSL client certificates. The client certificates must be capable of mapping to a SAF user ID. You must connect the public certificate of the client certificate authority to the server key ring. The client certificate option requires a valid system SSL repertoire selection on the SSL settings option.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled

User ID and password

Specifies that clients can connect to this server with a SAF user ID and password without requiring a connection sent over an SSL session.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled

Identity assertion inbound

Specifies that inbound requests using SAF user IDs that are forwarded by Application Server for z/OS can be accepted.

The immediate downstream server establishes its identity by sending a digital certificate. Identity assertion is available only if client certificates are supported. When you enable this setting, you must select an SSL setting.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled

Identity assertion outbound

Specifies that outbound requests that originate from this server can forward authenticated client user IDs over an SSL connection to another application server for z/OS in which it has established trust.

This option requires a valid system SSL repertoire selection on the SSL settings option.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled

Support unauthenticated clients

Specifies that the server accepts Internet Inter-ORB Protocol (IIOP) requests without any authentication information.

If you enable this property, specify the Remote identity setting to associate a user ID with requests from a remote server.

Information Value
Data type Boolean
Default Disabled
Range Enabled or Disabled

SSL settings

Specifies a predefined list of SSL settings for connections. Configure these settings on the SSL repertoire panel.

Information Value
Data type String
Default None