Configuring MSS Automated Sign-On for Host Access
MSS Automated Sign-On for Host Access enables an end user to automatically log on to a host application using a terminal emulation client and a one-time password (OTP).
The one-time password is obtained from the MSS Automated Sign-On for Host Access (ASO) service, is time-limited, and takes the place of the user's usual passsword. Use of a one-time password helps to increase the security of the host system because OTPs are short-lived, randomly generated, and can be used only once, making it more difficult to compromise a user's identity.
Note
Use of MSS Automated Sign-On for Host Access requires custom programming on the host computer before starting. To learn more about the ASO protocol and the functionality that you must provide on your host computer, contact your Micro Focus sales representative.
Automated Sign-On (ASO) settings need to be configured in different locations:
- MSS: Edit settings on the server and in the Administrative Console.
- the client: Create an automated login macro.
- the host: Enable the use of one-time passwords.
Automated Sign-On for Host Access is designed for non-z/OS systems. After you integrate the ASO protocol into your host system, follow the steps in this article to complete the configuration in MSS and in your terminal emulation client.
If you are using a z/OS system, follow the steps in the Automated Sign-On for Mainframe - Administrator Guide. Automated Sign-On for Mainframe leverages the existing z/OS functionalities of DCAS and RACF.
Prerequisites
- a separate license for MSS Automated Sign-On for Host Access Add-On product
- an LDAP server for authorization
- a Micro Focus terminal emulation client that supports ASO:
- Reflection Desktop 18.0 or higher
- InfoConnect Desktop 18.0 or higher
Steps at a glance:
- Working with your Micro Focus sales representative, integrate the MSS Automated Sign-On for Host Access protocol into your host system.
- Install the activation file.
- On the MSS server, manually enable the ASO service.
-
In the MSS Administrative Console:
a. Enable MSS Automated Sign-On for Host Access.
b. Enter the required LDAP settings.
-
Configure the client to use Automated Sign-On.
- Assign access to the automated sign-on sessions.
1. Integrate the ASO protocol into your host system
Work with your Micro Focus sales representative to get more information about the MSS Automated Sign-On for Host Access (ASO) protocol that you must implement on your specific host system. The host must be adapted to
- use mTLS to communicate with the ASO service
- process one-time passwords issued by users during logon and validate them with the ASO service
2. Install the activation file
The activation file for Automated Sign-On for Host Access is activation.automated_signon_for_hostaccess-<version>.jaw
You can install the activation file while installing MSS or via the MSS Administrative Console.
- To install while installing MSS, see the MSS Installation Guide.
- To use the MSS Administrative Console, see Installing an Activation File for an Additional Product.
3. Enable the ASO service on the MSS server
To manually enable the ASO service:
a. Open and edit <install-dir>/mss/server/microservices/aso-service/service.yml
.
b. Set the enabled
property to true
.
c. Restart the MSS server.
4. Configure ASO in the MSS Administrative Console
a. In the MSS Administrative Console, click Configure Settings - Automated Sign-On.
b. Check the box to Enable MSS Automated Sign-On for Host Access.
If the checkbox is disabled, the activation file needs to be installed (Step #2).
c. If you are using a secondary LDAP directory to retrieve the username for the host, enter the appropriate settings:
5. Configure the client to use Automated Sign-On
a. Your Desktop emulator session must either be configured for centralized management or be launched from the Assigned Sessions page.
b. In the MSS Administrative Console - Manage Settings, add a session that you want to make available for automatic login.
c. In the launched session, record and edit a login macro.
The steps to create a macro vary based on your specific emulator and session type. Refer to your emulator client's product documentation.
d. Save the session.
6. Assign Access
After the client session is configured with an automated sign-on macro, you are ready to assign those sessions to users. See Search & Assign.
Be sure to click EDIT and set the Source of user name on host computer.