E. Add the required DCAS client parameters for the CMPIDCASPlugin.

Add the required DCAS client parameters to allow the HCM database to map the user ID to the host ID and get a passticket from the DCAS application running on the host. A passticket is a credential that is similar to a password, however a passticket expires after a certain amount of time and is used only one time. DCAS requires a Security Access Facility (SAF)-compliant server product, such as an IBM Resource Access Control Facility (RACF) security server, that supports passticket generation.
top Graphic Image
 To use the DCAS HCM plug-in, you must configure the DCAS. For information about configuring the DCAS, refer to documentation for z/OS V1R4.0 Communications Server at http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/Shelves/F1A1BK33, specifically the z/OS V1R4.0 Communications Server IP Configuration Reference (publication number SC31-8776-03) and the z/OS V1R4.0 Communications Server IP Configuration Guide (publication number SC31-8775-02). Also refer to the z/OS V1R4 APAR PQ74457 for information about how to configure the DCAS to function with Web Express Logon.
top Graphic Image
 For non-Certificate-based Web Express Logon, use DCAS.xml located in the WAR file as a reference for adding parameters when editing the web.xml file. For Certificate-based Web Express Logon, use DCASELF.xml as a reference.

  1. Add the following HCM database parameters to allow the client to connect to the DCAS securely:

    CMPI_DCAS_TRUSTSTORE
    This parameter is required unless CMPI_DCAS_USE_DEFAULT_TRUSTSTORE or CMPI_DCAS_USE_WELLKNOWN_KEYS is true. This parameter contains the name of the truststore to be used by JSSE to lookup the DCAS certificates.
    CMPI_DCAS_TRUSTSTORE_TYPE
    This parameter is required unless CMPI_DCAS_USE_DEFAULT_TRUSTSTORE or CMPI_DCAS_USE_WELLKNOWN_KEYS is true. This parameter contains the type of the truststore specified by CMPI_DCAS_TRUSTSTORE. Valid values are pkcs12, jceks, and jks.
    CMPI_DCAS_TRUSTSTORE_PASSWORD
    This parameter is required unless CMPI_DCAS_USE_DEFAULT_TRUSTSTORE or CMPI_DCAS_USE_WELLKNOWN_KEYS is true. This parameter contains the password of the truststore specified by CMPI_DCAS_TRUSTSTORE.
  2. The following parameters contain all the relevant information needed to connect to your HCM database, which in this example is a JDBC database table. You can either configure access to an existing database or point to a newly created database. The level of security for the database varies according to database vendor. Refer to the database application's documentation for details.
    top Certificate-based Web Express Logon
    		 The following parameters are not used for Certificate-based Web Express Logon:
    • CMPI_DCAS_DB_ADDRESS
    • CMPI_DCAS_DB_NET_DRIVER
    • CMPI_DCAS_DB_USERID
    • CMPI_DCAS_DB_TABLE
    • CMPI_DCAS_DB_PASSWORD
    CMPI_DCAS_DB_ADDRESS
    This is a URL string that provides the address of the database. An example of this string is jdbc:db2://dtagw:6789/ZIESSO.
    Code example: 
    <init-param> 
   <param-name>CMPI_DCAS_DB_ADDRESS</param-name>
	 <param-value>jdbc:db2://dtagw.raleigh.hcl.com:6789/ZIESSO
		</param-value> 
</init-param>
    CMPI_DCAS_DB_NET_DRIVER
    This string contains the name of the class that acts as the network database driver. An example of this string is COM.ibm.db2.jdbc.net.DB2Driver. The location of this class is assumed to be in the existing class path.
    Code example: 
    <init-param> 
   <param-name>CMPI_DCAS_DB_NET_DRIVER</param-name> 
   <param-value>COM.ibm.db2.jdbc.net.DB2Driver</param-value> 
</init-param>
    CMPI_DCAS_DB_USERID
    This is the ID of the user account to use when accessing the database.
    Code example: 
    <init-param> 
   <param-name>CMPI_DCAS_DB_USERID</param-name> 
   <param-value>admin</param-value> 
</init-param>
    CMPI_DCAS_DB_PASSWORD
    This is the password of the user account to use when accessing the database.
    top Graphic Image
    		 This parameter should be encrypted using the encrypt password tool. It is decrypted by the HCM plug-in before using it. For more information about the password encryption tool, refer to Password encryption tool.
    Code example: 
    <init-param> 
   <param-name>CMPI_DCAS_DB_PASSWORD</param-name> 
   <param-value>tuBu9v8lHiJi1jt08UgHzA==</param-value> 
</init-param>
    CMPI_DCAS_DB_TABLE
    This entry identifies the table to use for the needed query.
    Code example: 
    <init-param> 
   <param-name>CMPI_DCAS_DB_TABLE</param-name> 
   <param-value>HACP</param-value> 
</init-param>
  3. The following parameters should correspond directly to the column headings in your HCM database and should clearly indicate the contents of the columns. With some databases, such as IBM DB2, the column headings must be in all upper-case letters, for example, NETWORKID, HOSTADDRESS, APPLICATIONID, and HOSTID.
    Based on the information provided by the first three of these parameters (network ID, host address, and the host application ID), you can make a SQL query of the database to get the host ID. The result of the query is entered in the host ID (HOSTID) column. Assuming that the query is successful, a call is made to the DCAS to request the passticket.
    top Certificate-based Web Express Logon
    		 The following parameters are not used for Certificate-based Web Express Logon:
    • CMPI_DCAS_DB_NETID_COL_NAME
    • CMPI_DCAS_DB_HOSTADDR_COL_NAME
    • CMPI_DCAS_DB_HOSTAPP_COL_NAME
    • CMPI_DCAS_DB_HOSTID_COL_NAME
    CMPI_DCAS_DB_NETID_COL_NAME
    This entry identifies the name of the column that contains the network ID value (NETWORKID).
    Code example: 
    <init-param> 
   <param-name>CMPI_DCAS_DB_NETID_COL_NAME</param-name> 
   <param-value>NETWORKID</param-value> 
</init-param>
    CMPI_DCAS_DB_HOSTADDR_COL_NAME
    This entry identifies the name of the column that contains the host address value (HOSTADDRESS).
    Code example: 
    <init-param> 
   <param-name>CMPI_DCAS_DB_HOSTADDR_COL_NAME</param-name> 
   <param-value>HOSTADDRESS</param-value> 
</init-param>
    CMPI_DCAS_DB_HOSTAPP_COL_NAME
    This entry identifies the name of the column that contains the host application value (APPLICATIONID).
    Code example: 
    <init-param> 
   <param-name>CMPI_DCAS_DB_HOSTAPP_COL_NAME</param-name> 
   <param-value>APPLICATIONID</param-value> 
</init-param>
    CMPI_DCAS_DB_HOSTID_COL_NAME
    This entry identifies the name of the column that contains the user's host identification value (HOSTID).
    Code example: 
    <init-param> 
   <param-name>CMPI_DCAS_DB_HOSTID_COL_NAME</param-name> 
   <param-value>HOSTID</param-value> 
</init-param>
    CMPI_DCAS_USE_NETID_AS_HOSTID
    This entry when set to True identifies the network ID as the RACF ID without performing any mapping.
    Code example: 
    <init-param> 
   <param-name>CMPI_DCAS_USE_NETID_AS_HOSTID</param-name> 
   <param-value>False</param-value> 
</init-param>
Parent topic: Step 1: Configure the Credential Mapper Servlet (CMS).