[Version 5.0.2 and later]z/OS Secure Authentication Service transport settings

Use this page to specify authentication settings for requests that are received and sent by a server that uses the z/OS authentication protocol. Use the z/OS Secure Authentication Service (zSAS) protocol to communicate securely to enterprise beans with previous releases of the WebSphere Application Server.

To view this administrative console page, click Security > Authentication Protocol > zSAS Transport.

Configuration tab

Basic Authentication
Specifies that clients to this server can provide a System Authorization Facility (SAF) user ID and password over a Secure Sockets Layer (SSL) connection. This option requires a valid System SSL Repertoire selection on the SSL Settings option.
Data type Boolean
Default Disabled
Range Enabled or Disabled
Client Certificate
Specifies that clients to this server can authenticate using SSL client certificates. The client certificates must be capable of mapping to a SAF user ID. You must connect the public certificate of the client certificate authority to the server key ring. The client certificate option requires a valid System SSL Repertoire selection on the SSL Settings option.
Data type Boolean
Default Disabled
Range Enabled or Disabled
Kerberos
Specifies that this security mechanism uses SSL to establish the trust of the client in the server. The client authenticates to the server by using Kerberos. The Kerberos identity must be capable of converting to a SAF identity. This option requires a valid System SSL Repertoire selection on the SSL Settings option.
Data type Boolean
Default Disabled
Range Enabled or Disabled
Userid Password
Specifies that clients can connect to this server with a SAF user ID and password without requiring a connection sent over an SSL session.
Data type Boolean
Default Disabled
Range Enabled or Disabled
Userid Passticket
Specifies that clients or other servers on the same sysplex can connect to this server with a one-time user credential that represents the SAF user.
Data type Boolean
Default Disabled
Range Enabled or Disabled
Identity Assertion Inbound
Specifies that inbound requests using SAF user IDs forwarded by a z/OS Application Server can be accepted.

The immediate downstream server establishes its identity by sending a digital certificate. Identity assertion is available only if client certificates are supported. When you enable this setting, you must select an SSL setting.

Data type Boolean
Default Disabled
Range Enabled or Disabled
Identity Assertion Outbound
Specifies that outbound requests originating from this server can forward authenticated client user IDs over an SSL connection to another z/OS Application Server in which it has established trust.

This option requires a valid System SSL Repertoire selection on the SSL Settings option.

Data type Boolean
Default Disabled
Range Enabled or Disabled
Allow Unauthenticated Clients
Specifies that the server accepts Internet Inter-ORB Protocol (IIOP) requests without any authentication information.

If you enable this property, specify the Remote Identity setting to associate a user ID with requests from a remote server.

Data type Boolean
Default Disabled
Range Enabled or Disabled
SSL Settings
Specifies a predefined list of SSL settings for connections. The selection must be a System SSL repertoire. Configure these settings on the SSL Repertoire panel.
Data type String
Default None

Related reference
Administrative console buttons
Administrative console page features
Administrative console scope settings
Administrative console filter settings
Administrative console preference settings



Searchable topic ID:   useczsastransport
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/usec_zsas_transport.html

Library | Support | Terms of Use | Feedback