3.6.1 Reflection or InfoConnect Desktop - Workspace Automated Sign-on

This session type in Reflection or InfoConnect Desktop enables the administrator to implement automated sign-on for users who create and save mainframe sessions on their desktops.

The Workspace Automated Sign-on session type requires Reflection or InfoConnect Desktop version 16.2 or higher.

Continue with steps 6 and 7 for Reflection or InfoConnect Desktop - Workspace Automated Sign-on.

6. Enable Reflection or InfoConnect Desktop to use Workspace Automated Sign-on

In brief, the administrator must:

6A. Configure Centralized Management

This global setting establishes a connection between the client and the MSS Administrative Server, which is needed to request and deliver the PassTicket for automated sign-on.

  1. In Reflection or InfoConnect Desktop, open the Workspace Settings.

  2. Click Configure Centralized Management.

  3. Check Enable Centralized Management.

  4. Enter the URL for your MSS Administrative Server (Management and Security Server).

    Click OK.

  5. Check Enable automated sign-on for mainframe sessions.

    This setting is needed to use Automated Sign-on for Mainframe when sessions are created by users and saved on their individual desktops. When enabled, the automated sign-on macro inserts a time-limited PassTicket to log the user on to the mainframe session.

6B. Create an automated sign-on macro and save the session document

Create a macro that uses methods and properties on the IbmTerminal object.

To automatically log on a user to a mainframe session, the macro must:

  • Send a host application ID to the MSS Administrative Server so that the Administrative Server can request a PassTicket from DCAS.

  • Insert the user's RACF credentials (PassTicket and mainframe user ID) that are returned from the MSS Administrative Server (to the client) into the data that is transmitted to the host. This action logs the user on to the mainframe application.

Follow these steps, heeding the required naming conventions.

  1. Gather these details for the macro:

    • the application ID

    • valid logon credentials for the mainframe application

  2. In Reflection or InfoConnect Desktop, create a session and configure it to connect to the host that users will automatically log on to.

  3. From the Macros tab, click Record VBA.

  4. Log on to the mainframe host application with valid credentials, and then click Stop Recording.

  5. In the Recording Complete dialog, save the macro in the current document’s project. Name the macro according to these requirements:

    • To apply the macro to all sessions connecting to this mainframe, name it SignOn.

    • To apply this macro only to sessions connecting to a specific port on this mainframe, you must append the name with underscore [_]<port number>.

      For example: SignOn_623.

    NOTE:If you want to specify different logon information for different ports on the same host, you can create a macro for each port and save these macros in the same VBA module.

    For example, if you connect to a mainframe on port 623 and on port 723 with a different logon, create different macros named SignOn_623 and SignOn_723. When the session connects, the port-specific macro is used.

  6. Save the session document file with this required name: ASM.rd3x

    The session must be named ASM.rd3x to ensure the session VBA Project component has the required name.

  7. In the VBA Editor, open the ASM Project > Modules. Open the Recorded module.

  8. Edit the macro code to use PassTickets:

    1. Add this line after the variable declarations:


      where "APPID" is replaced with the host application ID (noted in step 1).

    2. Replace your user name with the DASOUserID retrieved by the GetDASOPassTicket function:


      As a result, your DASOUserID will be sent instead of your user name.

    3. Comment out or delete the line that uses the PasswordBox function to prompt the user for the password.

      hiddenTextEntry = ibmCurrentTerminal.Macro.PasswordBox("", "")
      If (hiddenTextEntry = "") Then
          Err.Raise 5002, "Hidden TextEntry", "No Value Provided.", "VBAHelp.chm", "5002"
      End If
    4. Replace that line with one that contains the DASOPassTicket that was retrieved by the GetDASOPassTicket function call, like this:


    HINT:To add another macro for a specific port on this mainframe, disconnect this session and connect on that port. Then repeat the steps in this procedure to record another SignOn macro and save it with the port number appended to the SignOn name (for example, SignOn_623).

  9. Save the macro. Close the VBA editor and save the session document.

Next step, in MSS: 7. Create an IBM 3270 session for Workspace Automated Sign-on

7. Create an IBM 3270 session for Workspace Automated Sign-on

In brief, the MSS administrator must

7A. Create a Workspace Automated Sign-on session in MSS

  1. Open the Administrative Console to Manage Sessions, and click +Add.

  2. Select Reflection/InfoConnect Desktop as the Product.

  3. Select Workspace Automated Sign-on as the Session type.

  4. Enter a Session name that exactly matches the name of the host to which the session document files are configured to connect.

    For example, if the host name is myHost, then the Session name must be myHost.

    If your environment has session documents that are configured to connect to variations of host names (such as fully qualified names or IP Addresses), create a separate Workspace Automated Sign-on session for each name. For examples, see the Manage Sessions Help.

7B. Upload the session document that contains an automated sign-on macro

  1. Click Browse. Select the Reflection or InfoConnect Workspace session document file (ASM.rd3x) that contains the automated sign-on for mainframe login macro.

    The Reflection or InfoConnect Desktop administrator created this session document during Initial Setup.

  2. Click Save to upload the settings file and save the session.

    The session is added to the Manage Sessions list and is available to be assigned.

Next step: 8. Assign access to one user for testing

8. Assign access to one user for testing

Configuration Workflow

Task List for Administrators