Configuring a region for Automated Sign-On for Mainframe

This topic guides you through the necessary steps to configure an enterprise server region with Mainframe Subsystem Support to enable Automated Sign-On for Mainframe. It is assumed that you are using a separate system to authenticate your users, for example, Host Access Management and Security Server. That system must also request a passtoken from DCAS.

You must add a new DCAS listener to the region:

  1. Start the Enterprise Server Administration home page, and then click Edit for the region you want to create the listener for.
  2. Click the Listener tab, and then click Add.
  3. In the Support Conversation Type group, click Custom.
  4. In the field next to the Custom option, type dcas.
  5. Configure the listener as required. DCAS listeners must be configured for SSL communication. See DCAS conversation type and Secure Communications (SSL) for more information.
    Note: Micro Focus recommends you configure both the DCAS and TN3270 listeners with the same SSL server certificate and key. Failure to do so might result in users being able to incorrectly acquire or fail to acquire passtokens from DCAS.
  6. You might need to perform additional configuration for an existing TN3270 listener regarding SSL settings. Depending on how your users' certificates are created, it might be necessary to configure the Maximum Chain Length and Match Client Hostname settings. See To set certificate validation options and TN3270 conversation type for more information.

Once these steps are completed users can log in using the username and passtoken returned from the management software in use. This process is usually automated by a macro which automatically populates the username and password fields with the values returned from the authentication software.

See DCAS Security for additional information regarding DCAS security considerations and options.