Use this procedure to configure a 3270 session to connect to the host using the Express Logon Feature (ELF) Also referred to as single sign-on (SSO), express logon is an IBM mainframe feature that lets users log on and connect to the host without entering a user ID and password each time. Express Logon authenticates the user on the mainframe by using her SSL client certificate in lieu of entering a user ID and password. .
This procedure includes four parts:
Configure the host for ELF
Install digital certificates on the host and client
Configure ELF for a 3270 session
Record the connect macro that logs on using the ELF token values
NOTE:If you connect to the host using ELF through the a centralized management server you must configure End-to-End encryption from the Administrative Webstation. For more information, see the Reflection Installation and Deployment Guide.
To configure the Host for ELF
Configure the host to support SSL/TLS connections.
Configure ELF and note the applid value.
For instructions, see the documentation included with the IBM host.
To install digital certificates on the host and client
To make connections using ELF, all Reflection users must have both host and personal certificates installed. (If the certificates are from a trusted Certificate Authority, you only need to install personal certificates.) For more information, refer to Knowledge Base Article 7021686.
To configure ELF for a 3270 session
Create a new 3270 session document:
Specify the. If your configuration requires the host name to match the certificate, enter the name that exactly matches the CommonName or the SubjectAltName field specified in the host certificate.
Specify theused for SSL connections by your host. This is configured by the IBM host administrator.
Select thecheck box and click .
Under Host Connection, click.
(Recommended) Under, , choose .
Because you are configuring automatic logon, your user name and password are no longer necessary. This means you will be logged back in immediately after every log off if the defaultis selected. If you prefer to leave Auto Reconnect on while you're working, you can create a logoff macro that turns off this setting just prior to logging off.
Scroll down to TSO appended with the smfid value (located in the SMFPRMxx member of SYS1.PARMLIB). For additional information, refer to the IBM system documentation.and in the box, enter the applid value from the host. For example, the application ID (applid) for TSO is
Clickand in the dialog box, do the following:
(Optional) Change the values forand .
Save your settings.
To record a connect macro that logs on using the ELF token values
Open the 3270 session file you just created. (You should be connected but not yet logged on.)
Start the macro recorder.
Log on using a valid user name and password. (Editing your macro will be easiest if you don't include your user name when you enter the logon command. Type the logon, press, then type your user name.) You will edit the macro to remove specific user information and replace it with ELF token values that support logon by any authenticated user.
Stop the macro recorder.
In thedialog box, name the macro (for example "ELFLogon") and Click .
Open the Visual Basic Editor and then open the Recorded macro module.
In the macro you recorded, edit the ibmCurrentScreen.SendKeys statement that sends your user name. Remove your user name and replace it with the ELF token )USR.ID(. The edited line should look like this:
Comment out or delete the lines that use the PasswordBox function to set the password. Replace it with a new line that sets the password variable equal to the ELF password token )PSS.WD(. The modified code should look like this:
Rem hiddenTextEntry = ibmCurrentTerminal.Macro.PasswordBox("", "") Rem If (hiddenTextEntry = "") Then Rem Err.Raise 5002, "Hidden TextEntry", < additional code on this line>... Rem End If ibmCurrentScreen.SendKeys (")PSS.WD(")
To set the macro you recorded to run after connection:
Open the Settings window:
The steps depend on your user interface mode.
User Interface Mode
Ribbon or Reflection Browser
From the, click .
On themenu, select .
Under, select and then click and select the macro you recorded.
Selectand then close the Settings window.
Save the session file.
Connect using the modified session. The macro you created should automatically log in after you connect or reconnect. You should not have to enter a user name and password.