Add the required DCAS client parameters to allow the HCM database
to map the user ID to the host ID and get a passticket from the DCAS
application running on the host. A passticket is a credential that
is similar to a password, however a passticket expires after a certain
amount of time and is used only one time. DCAS requires a Security
Access Facility (SAF)-compliant server product, such as an IBM Resource
Access Control Facility (RACF) security server, that supports passticket
generation.
|
To use the DCAS HCM plug-in, you must configure
the DCAS. For information about configuring the DCAS, refer to documentation
for z/OS V1R4.0 Communications Server at http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/Shelves/F1A1BK33,
specifically the z/OS V1R4.0 Communications Server
IP Configuration Reference (publication number SC31-8776-03)
and the z/OS V1R4.0 Communications Server IP Configuration
Guide (publication number SC31-8775-02). Also refer to the z/OS
V1R4 APAR PQ74457 for information about how to configure the DCAS
to function with Web Express Logon. |
|
For non-Certificate-based
Web Express Logon, use DCAS.xml located in the WAR file as a reference
for adding parameters when editing the web.xml file. For Certificate-based
Web Express Logon, use DCASELF.xml as a reference. |
Add the following HCM database parameters to allow the client
to connect to the DCAS securely:
- CMPI_DCAS_TRUSTSTORE
- This parameter is required unless CMPI_DCAS_USE_DEFAULT_TRUSTSTORE
or CMPI_DCAS_USE_WELLKNOWN_KEYS is true. This parameter contains the
name of the truststore to be used by JSSE to lookup the DCAS certificates.
- CMPI_DCAS_TRUSTSTORE_TYPE
- This parameter is required unless CMPI_DCAS_USE_DEFAULT_TRUSTSTORE
or CMPI_DCAS_USE_WELLKNOWN_KEYS is true. This parameter contains the
type of the truststore specified by CMPI_DCAS_TRUSTSTORE. Valid values
are pkcs12, jceks, and jks.
- CMPI_DCAS_TRUSTSTORE_PASSWORD
- This parameter is required unless CMPI_DCAS_USE_DEFAULT_TRUSTSTORE
or CMPI_DCAS_USE_WELLKNOWN_KEYS is true. This parameter contains the
password of the truststore specified by CMPI_DCAS_TRUSTSTORE.
The following parameters contain all the relevant information
needed to connect to your HCM database, which in this example is a
JDBC database table. You can either configure access to an existing
database or point to a newly created database. The level of security
for the database varies according to database vendor. Refer to the
database application's documentation for details.
|
The following parameters are not used for Certificate-based
Web Express Logon:
- CMPI_DCAS_DB_ADDRESS
- CMPI_DCAS_DB_NET_DRIVER
- CMPI_DCAS_DB_USERID
- CMPI_DCAS_DB_TABLE
- CMPI_DCAS_DB_PASSWORD
|
- CMPI_DCAS_DB_ADDRESS
- This is a URL string that provides the address of the database.
An example of this string is jdbc:db2://dtagw:6789/ZIESSO.
Code
example:
<init-param>
<param-name>CMPI_DCAS_DB_ADDRESS</param-name>
<param-value>jdbc:db2://dtagw.raleigh.hcl.com:6789/ZIESSO
</param-value>
</init-param>
- CMPI_DCAS_DB_NET_DRIVER
- This string contains the name of the class that acts as the
network database driver. An example of this string is COM.ibm.db2.jdbc.net.DB2Driver.
The location of this class is assumed to be in the existing class
path.
Code example:
<init-param>
<param-name>CMPI_DCAS_DB_NET_DRIVER</param-name>
<param-value>COM.ibm.db2.jdbc.net.DB2Driver</param-value>
</init-param>
- CMPI_DCAS_DB_USERID
- This is the ID of the user account to use when accessing the
database.
Code example:
<init-param>
<param-name>CMPI_DCAS_DB_USERID</param-name>
<param-value>admin</param-value>
</init-param>
- CMPI_DCAS_DB_PASSWORD
- This is the password of the user account to use when accessing
the database.
|
This parameter
should be encrypted using the encrypt password tool. It is decrypted
by the HCM plug-in before using it. For more information about the
password encryption tool, refer to Password encryption tool. |
Code example:
<init-param>
<param-name>CMPI_DCAS_DB_PASSWORD</param-name>
<param-value>tuBu9v8lHiJi1jt08UgHzA==</param-value>
</init-param>
- CMPI_DCAS_DB_TABLE
- This entry identifies the table to use for the needed query.
Code
example:
<init-param>
<param-name>CMPI_DCAS_DB_TABLE</param-name>
<param-value>HACP</param-value>
</init-param>
- The following parameters should correspond directly to the column
headings in your HCM database and should clearly indicate the contents
of the columns. With some databases, such as IBM DB2, the column headings
must be in all upper-case letters, for example, NETWORKID, HOSTADDRESS,
APPLICATIONID, and HOSTID.
Based on the information provided by
the first three of these parameters (network ID, host address, and
the host application ID), you can make a SQL query of the database
to get the host ID. The result of the query is entered in the host
ID (HOSTID) column. Assuming that the query is successful, a call
is made to the DCAS to request the passticket.
|
The following parameters are not used for Certificate-based
Web Express Logon:
- CMPI_DCAS_DB_NETID_COL_NAME
- CMPI_DCAS_DB_HOSTADDR_COL_NAME
- CMPI_DCAS_DB_HOSTAPP_COL_NAME
- CMPI_DCAS_DB_HOSTID_COL_NAME
|
- CMPI_DCAS_DB_NETID_COL_NAME
- This entry identifies the name of the column that contains the
network ID value (NETWORKID).
Code example:
<init-param>
<param-name>CMPI_DCAS_DB_NETID_COL_NAME</param-name>
<param-value>NETWORKID</param-value>
</init-param>
- CMPI_DCAS_DB_HOSTADDR_COL_NAME
- This entry identifies the name of the column that contains the
host address value (HOSTADDRESS).
Code example:
<init-param>
<param-name>CMPI_DCAS_DB_HOSTADDR_COL_NAME</param-name>
<param-value>HOSTADDRESS</param-value>
</init-param>
- CMPI_DCAS_DB_HOSTAPP_COL_NAME
- This entry identifies the name of the column that contains the
host application value (APPLICATIONID).
Code example:
<init-param>
<param-name>CMPI_DCAS_DB_HOSTAPP_COL_NAME</param-name>
<param-value>APPLICATIONID</param-value>
</init-param>
- CMPI_DCAS_DB_HOSTID_COL_NAME
- This entry identifies the name of the column that contains the
user's host identification value (HOSTID).
Code example:
<init-param>
<param-name>CMPI_DCAS_DB_HOSTID_COL_NAME</param-name>
<param-value>HOSTID</param-value>
</init-param>
- CMPI_DCAS_USE_NETID_AS_HOSTID
- This entry when set to True identifies the network ID as the
RACF ID without performing any mapping.
Code example:
<init-param>
<param-name>CMPI_DCAS_USE_NETID_AS_HOSTID</param-name>
<param-value>False</param-value>
</init-param>