Use this page to determine which global security options to specify for WebSphere Application Server for z/OS.
To view this administrative console page, click Security > Global Security > z/OS security options. Under Additional Properties, click z/OS Security Options.
If you are configuring security for the first time, complete the steps in Configuring global security in the documentation prior to making changes. Once security is configured, validate any changes to the user registry or authentication mechanism panels. Click Apply to validate the user registry settings. An attempt is made to authenticate the server ID to the configured user registry (note that for registries other than Local OS the server user ID and password are validated).
Note: There has been a change in the option names on this page along with their function. Previously, the Connection Manager Synch to OS Thread support had been enabled by the Synch to OS Thread Allowed checkbox. The Connection Manager Synch to OS Thread support is now enabled by the new Connection Manager RunAs Identity Enabled checkbox. The Synch to OS Thread Allowed checkbox now enables the application Synch to OS Thread support and not the Connection Manager Synch to OS Thread support.
Specifies which SAF identity is used when a remote RMI/IIOP request is received with no authentication information.
Specifies which SAF identity is used when an RMI/IIOP request is received with no authentication information from a server on the same system.
Specifies whether or not application Synch to OS Thread Allowed is permitted. When this global security option is enabled, the application-specified Sync to OS Thread Allowed is honored and subsequently carried out by the EJB and Web containers as indicated by EJB and Web application Synch to OS Thread Allowed specification. The default is disabled.
Important: This permits the application server to alter the OS thread identity in a potentially unauthorized environment (which can be an integrity breach).
Important: This option significantly increases the number of SMF 80 records used for security auditing. If security auditing is turned on for SMF 80 records, then the amount of DASD used also increases significantly.
When you enable this option, the method processes a request that modifies the operating system identity to reflect the J2EE identity. This function is required if you wish to use one of the Java Message Service (JMS), Java database connectivity (JDBC), or Java Connector Architecture (JCA) connector configurations that use operating system thread security. For more information, refer to:
Important: This permits the application server to alter the OS thread identity in a potentially unauthorized environment (which can be an integrity breach).