DCAS Servers (z/OS systems)
The DCAS (Digital Certificate Access Server) configuration is used to obtain a PassTicket from the mainframe.
The configured DCAS servers are listed. From here you can add, edit, or delete a DCAS server, test the connection, or set a preferred DCAS server.
Add a DCAS server
Click +ADD and enter the details for the DCAS Server Configuration.
Note
Check with your mainframe host administrator regarding the required DCAS settings.
-
Each DCAS server must be configured to accept client connections from the MSS Administrative Server,
-
Several keystores must be correctly configured for client authentication. For details, see Configuring DCAS and RACF on z/OS in the Automated Sign-On for Mainframe - Administrator Guide.
To configure MSS for automated sign-on, you need the DCAS server name, port, and the source where the mainframe user names are stored.
Server name
Enter the name of the DCAS server.
Server port
The default port is 8990; however, the DCAS server can be configured to use any port.
Client certificate used to authenticate to DCAS server
Choose which certificate to use for client authentication of the MSS Administrative Server to the DCAS server.
-
Use Management and Security Server certificate
This option uses the Administrative Server’s certificate and private key (configured on the Configure Settings - Certificates panel).
-
Use custom keystore
This option uses a separate keystore that contains a certificate and private key.
-
Enter the Keystore filename with the correct extension. The keystore can be one of these formats:
- Java keystore:
.jks
- PKCS#12 keystore:
.p12
or.pfx
- Bouncy Castle BCFKS keystore:
.bcfks
- Java keystore:
-
Enter the (case-sensitive) Keystore password used to read the keystore.
The password for the keystore and the private key must be the same.
-
The keystore must be placed in the
MSSData\trustedcerts
folder.The default Windows location is
C:\ProgramData\Micro Focus\MSS\MSSData\trustedcerts
-
Verify server identity
Check this box to verify the hostname entered in the Server name field against the certificate received from the DCAS server when a secure connection is made from the Administrative Server to DCAS.
Test Connection
Click this button to test the connection between the MSS Administrative Server and the DCAS server.
Using multiple DCAS Servers
You can configure more than one DCAS server for automated sign-on. Repeat the steps to Add a DCAS server. Then, you can Set a Preferred DCAS server.
Edit an existing DCAS server
Select a server, click EDIT, and adjust the settings as needed. Click APPLY.
Test the connection
Select a server click TEST CONNECTION to test the connection between the MSS Administrative Server and the DCAS server.
Set a Preferred DCAS server
When multiple DCAS servers are configured, you can select a preferred one that will be used most often when assigning sessions. Select your preferred DCAS server, and click SET PREFERRED. A star appears next to the name of the preferred DCAS server.
When you assign access to an automated sign-on session, the preferred server will be highlighted; however, you can choose any of your configured DCAS servers.
Delete a DCAS server
Select the DCAS server, and click DELETE. When sessions are assigned to use this DCAS server, a dialog lists the assigned sessions.
If only one DCAS server is configured, all of the session assignments will be removed. You can cancel this action in the confirmation message.
If multiple DCAS servers are configured, you have the option to either remove or re-assign the sessions. To change the session assignments, select a different DCAS server from the drop-down list.
More information