3.6.2 Reflection or InfoConnect Desktop - Managed Sessions

This session type in Reflection or InfoConnect Desktop uses Management and Security Server to create mainframe sessions and save them on the MSS Administrative Server, where they can be centrally updated and maintained. Managed sessions can be deployed via the Assigned Sessions list.

Automated Sign-on for Mainframe is available with Reflection or InfoConnect Desktop version 16.0 or higher.

Continue with steps 6 and 7 for Reflection or InfoConnect Desktop - Managed Sessions.

6. Enable Reflection or InfoConnect Desktop for automated sign-on

In brief, the administrator must:

Enable Centralized Management in Reflection or InfoConnect Desktop

Enable Centralized Management in Reflection or InfoConnect Desktop

This global setting establishes a connection between the client and the MSS Administrative Server, which is needed to request and deliver the PassTicket for automated sign-on.

  1. In Reflection or InfoConnect Desktop, open Reflection Workspace Settings.

  2. Click Configure Centralized Management.

  3. Check Enable Centralized Management.

  4. Enter the URL for your MSS Administrative Server (Management and Security Server).

    Click OK.

Next step: 7. Create an IBM 3270 Workspace session and add an automated sign-on macro

7. Create an IBM 3270 Workspace session and add an automated sign-on macro

7A. Create an IBM 3270 Workspace session in MSS

  1. Open the Administrative Console to Manage Sessions, and click +Add.

  2. Select Reflection/InfoConnect Desktop as the Product.

  3. Select Workspace as the Session type.

  4. Enter a Session name.

  5. Click Launch to open the session.

  6. Create a new 3270 terminal session. In the Create New Document dialog, 3270 terminal should be selected. Click Create.

  7. If the session will connect through the Security Proxy Server, continue with steps 8-11 to configure security.

    Otherwise, enter the name or IP address of the host computer, click OK, and proceed to step 12.

  8. In the Create New 3270 Terminal Document dialog, check Configure additional settings (at the bottom of the dialog), and click OK.

  9. On the Settings dialog, under Host Connection, select Set Up Connection Security and click the Security Settings button.

  10. On the SSL/TLS tab in the Security Properties dialog, check both Use SSL/TLS security and Use Security Proxy. Configure the Security Proxy settings. Click OK.

    (The Security Proxy server name and port are listed on the Administrative Console > Security Proxy panel.)

  11. Accept the connection security settings and click OK. Continue to configure the features you want users to be able to access or edit. Click Help for guidance.

  12. Keep the session open and connected to the host. Continue with 7B. Record and edit a macro in a Reflection Workspace session.

7B. Record and edit a macro in a Reflection Workspace session

The logon macro is initiated when an authenticated user launches the session to connect or reconnect to the host. Keeps these notes in mind when creating the macro.

NOTE: The automated sign-on macro must:

  • Send a host application ID to the MSS Administrative Server so that the Administrative Server can request a PassTicket from DCAS.

  • Insert the user's RACF credentials (PassTicket and mainframe user ID) that are returned from the MSS Administrative Server (to the client) into the data that is transmitted to the host. This action logs the user on to the mainframe application.

These instructions are guidelines to enable Automated Sign-On for Mainframe. Although error- checking is omitted for brevity and clarity, the macro author should check for errors as required by the application. These settings are needed for testing, and can also be used in production.

  1. In the 3270 session you just created, start the macro recorder (Macros > Record VBA).

  2. Connect to the host and log on to the appropriate host application using a valid user name and password.

    You will edit the macro to remove specific user information and replace it with values that support logon by any authenticated user.

  3. Stop the macro recorder (Macros > Stop Recording).

  4. In the Recording Complete dialog, name the macro (for example TSO_logon). Click OK.

  5. Save the macro with the current document (session) or in the common project.

    By saving the macro with the current document, it will be transferred to the MSS Administrative Server when the session is saved in the Administrative Console, and then distributed to users who run this session.

  6. Open the Visual Basic Editor (Macros > Visual Basic). Locate your macro: open Project > Modules, and double-click Recorded (or right-click > View Code).

  7. After retrieving the ibmCurrentTerminal object, add this line:


    where "APPID" is replaced with the appropriate host application ID.

  8. Edit the statement that sends your user name. Remove your user name and replace it with the mainframe user name that was retrieved by the GetDASOPassTicket function call.

    The edited line should look like this:

  9. a. Comment out or delete the line that uses the PasswordBox function to prompt the user for the password.

    hiddenTextEntry = ibmCurrentTerminal.Macro.PasswordBox("", "")
    If (hiddenTextEntry = "") Then
        Err.Raise 5002, "Hidden TextEntry", "No Value Provided.", "VBAHelp.chm", "5002"
    End If

    b. Replace that line with one that looks like this:

  10. Save the macro. Click Yes to send settings to the MSS Administrative Server.

    Close the Visual Basic editor, and keep the session open.

  11. Open Document Settings (File > Settings > Document Settings). Under Host Connection, click Configure Advanced Connection Settings.

  12. In Configure Advanced Connection Settings, under Connection Action, check the boxes to

    • Run a macro or other action after the initial connection.

      Select the logon macro and click OK.

    • Run when reconnecting.

      Select the logon macro and click OK. The macro will be initiated when a user connects to a mainframe session.

  13. Save the session. (Click Save or Exit.) Click Yes to send the settings to the MSS Administrative Server.

Next step: 8. Assign access to one user for testing.

8. Assign access to one user for testing

Configuration Workflow

Task List for Administrators