z/OS Secure Authentication Service transport settings
Use this page to specify authentication settings for requests that
are received and sent by a server that uses the z/OS authentication protocol.
Use the z/OS Secure Authentication Service (zSAS) protocol to communicate
securely to enterprise beans with previous releases of the WebSphere Application
Server.
To view this administrative console page, click Security > Authentication
Protocol > zSAS Transport.
Configuration tab
- Basic Authentication
- Specifies that clients to this server can provide a System Authorization
Facility (SAF) user ID and password over a Secure Sockets Layer (SSL) connection.
This option requires a valid System SSL Repertoire selection on the SSL Settings
option.
Data type |
Boolean |
Default |
Disabled |
Range |
Enabled or Disabled |
- Client Certificate
- Specifies that clients to this server can authenticate using SSL
client certificates. The client certificates must be capable of mapping to
a SAF user ID. You must connect the public certificate of the client certificate
authority to the server key ring. The client certificate option requires a
valid System SSL Repertoire selection on the SSL Settings option.
Data type |
Boolean |
Default |
Disabled |
Range |
Enabled or Disabled |
- Kerberos
- Specifies that this security mechanism uses SSL to establish the
trust of the client in the server. The client authenticates to the server
by using Kerberos. The Kerberos identity must be capable of converting to
a SAF identity. This option requires a valid System SSL Repertoire selection
on the SSL Settings option.
Data type |
Boolean |
Default |
Disabled |
Range |
Enabled or Disabled |
- Userid Password
- Specifies that clients can connect to this server with a SAF user
ID and password without requiring a connection sent over an SSL session.
Data type |
Boolean |
Default |
Disabled |
Range |
Enabled or Disabled |
- Userid Passticket
- Specifies that clients or other servers on the same sysplex can
connect to this server with a one-time user credential that represents the
SAF user.
Data type |
Boolean |
Default |
Disabled |
Range |
Enabled or Disabled |
- Identity Assertion Inbound
- Specifies that inbound requests using SAF user IDs forwarded by
a z/OS Application Server can be accepted.
The immediate downstream server establishes its identity by sending a digital
certificate. Identity assertion is available only if client certificates are
supported. When you enable this setting, you must select an SSL setting.
Data type |
Boolean |
Default |
Disabled |
Range |
Enabled or Disabled |
- Identity Assertion Outbound
- Specifies that outbound requests originating from this server can
forward authenticated client user IDs over an SSL connection to another z/OS
Application Server in which it has established trust.
This option requires a valid System SSL Repertoire selection on the SSL
Settings option.
Data type |
Boolean |
Default |
Disabled |
Range |
Enabled or Disabled |
- Allow Unauthenticated Clients
- Specifies that the server accepts Internet Inter-ORB Protocol (IIOP)
requests without any authentication information.
If you enable this property, specify the Remote Identity setting to associate
a user ID with requests from a remote server.
Data type |
Boolean |
Default |
Disabled |
Range |
Enabled or Disabled |
- SSL Settings
- Specifies a predefined list of SSL settings for connections. The
selection must be a System SSL repertoire. Configure these settings on the
SSL Repertoire panel.
Data type |
String |
Default |
None |

Administrative console buttons
Administrative console page features
Administrative console scope settings
Administrative console filter settings
Administrative console preference settings
Searchable topic ID:
useczsastransport
Last updated: Jun 21, 2007 9:56:50 PM CDT
WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/usec_zsas_transport.html