PQ98023: SUPPORT IS BEING ADDED TO OPTIONALLY SPECIFY OMVSSRV AS THE SESSION TYPE WHEN BUILDING THE UTOKEN IN WEBSPHERE V5.0 | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Currently the UTOKEN is built with the default session type of TSO. Support is being added so that customers can optionally specify OMVSSRV as the session type for the UTOKEN to be built.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: Users who authenticate using thread * * identity need to be authorized for TSO * * sessions. Support is needed for * * customers who do not wish to grant * * access to TSO for WebSphere users. * * Requiring access to session type * * OMVSSRV is an acceptable alternative. * **************************************************************** * RECOMMENDATION: * **************************************************************** New function is required to allow customers to optionally specify that the thread identity credentials be built using OMVSSRV as the session type instead of TSO.Problem conclusion A new custom property, security.zOS.session.OMVSSRV, is added to the global security support. If the value of this property is true, all thread identity credentials for the server will be built using session type OMVSSRV. Otherwise, thread identity credentials will be built using session type TSO. APAR PQ98023 requires changes to documentation. NOTE: Periodically, we refresh the documentation on our Web site, so the changes might have been made before you read this text. To access the latest on-line documentation, go to the product library page at: www.ibm.com/software/webservers/appserv/zos_os390/library.html The following text has been added to the "Global security settings"(usec_rgsp) article in the Version 5.0.2 and later information centers. Custom properties: Overriding the default TSO session type An application might connect to an Enterprise Information System (EIS) and use the thread identity support. The thread identity support is provided by the connection management component of WebSphere Application Server for z/OS. In this situation, a security credential that is based on the current thread identity encapsulates the security information for the user that is associated with the connection. By default, the session type associated with the user is TSO. If you have WebSphere Application Server for z/OS users that use the thread identity support, you must define the users as TSO users. If you prefer not to define the users as TSO users, you can use the security.zOS.session.OMVSSRV custom property, which changes the session type for the user identity in the security credential from TSO to OMVSSRV. However, if you use the user information for authentication at the target EIS, such as IMS, the user must be an authorized OMVSSRV user. To specify the custom property, complete the following steps: 1. Click Security > Global Security > Custom Properties. 2. In the Name field, type security.zOS.session.OMVSSRV. Important: This custom property name is case sensitive. 3. In the value field, type true. 4. Click Apply and Save. Step 5 has been added to the "Using thread identity support" (tdat_conthidep) article in the Version 5.0.2 and later information centers. 5. Optional: Set the security.zOS.session.OMVSSRV custom property to true. Your application might connect to an Enterprise Information System (EIS) and use the thread identity support. The thread identity support is provided by the connection management component of WebSphere Application Server for z/OS. In this situation, a security credential that is based on the current thread identity encapsulates the security information for the user that is associated with the connection. By default, the session type associated with the user is TSO. If you have WebSphere Application Server for z/OS users that use the thread identity support, you must define the users as TSO users. If you prefer not to define the users as TSO users, you can use the security.zOS.session.OMVSSRV custom property, which changes the session type for the user identity in the security credential from TSO to OMVSSRV. However, if you use the user information for authentication at the target EIS, such as IMS, the user must be an authorized OMVSSRV user. To specify the custom property, complete the following steps: a. Click Security > Global Security > Custom Properties. b. Click New. c. In the Name field, type security.zOS.session.OMVSSRV Important: This custom property name is case sensitive. d. In the value field, type true e. Click Apply and Save. APAR PQ98023 is associated with SERVICE LEVEL W502025 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: PQ98056 PK04346 Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ98023.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ98023
IBM Group: Software Group
Modified date: Apr 16, 2005
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.