action.skip

DCAS Servers (z/OS systems)

The DCAS (Digital Certificate Access Server) configuration is used to obtain a PassTicket from the mainframe.

The configured DCAS servers are listed. From here you can add, edit, or delete a DCAS server, test the connection, or set a preferred DCAS server.

Add a DCAS server

Click +ADD and enter the details for the DCAS Server Configuration.

Note

Check with your mainframe host administrator regarding the required DCAS settings.

  • Each DCAS server must be configured to accept client connections from the MSS Server,

  • Several keystores must be correctly configured for client authentication. For details, see Configuring DCAS and RACF on z/OS in the Automated Sign-On for Mainframe - Administrator Guide.

To configure MSS for automated sign-on, you need the DCAS server name, port, and the source where the mainframe user names are stored.

Server name

Enter the name of the DCAS server.

Server port

The default port is 8990; however, the DCAS server can be configured to use any port.

Client certificate used to authenticate to DCAS server

Choose which certificate to use for client authentication of the MSS Server to the DCAS server.

  • Use Management and Security Server certificate

    This option uses the MSS Server’s certificate and private key (configured on the Configure Settings - Certificates panel).

  • Use custom keystore

    This option uses a separate keystore that contains a certificate and private key.

    1. Click Upload. Select the keystore file to upload to the Management and Security Server. The keystore can be one of these formats:

      • Java keystore: .jks
      • PKCS#12 keystore: .p12 or .pfx
      • Bouncy Castle BCFKS keystore: .bcfks
    2. Enter the (case-sensitive) Keystore password used to read the keystore.

      The password for the keystore and the private key must be the same.

Verify server identity

Check this box to verify the hostname entered in the Server name field against the certificate received from the DCAS server when a secure connection is made from the MSS Server to DCAS.

Test Connection

Click this button to test the connection between the MSS Server and the DCAS server.

Using multiple DCAS Servers

You can configure more than one DCAS server for automated sign-on. Repeat the steps to Add a DCAS server. Then, you can Set a Preferred DCAS server.

Edit an existing DCAS server

Select a server, click EDIT, and adjust the settings as needed. Click APPLY.

Test the connection

Select a server click TEST CONNECTION to test the connection between the MSS Server and the DCAS server.

Set a Preferred DCAS server

When multiple DCAS servers are configured, you can select a preferred one that will be used most often when assigning sessions. Select your preferred DCAS server, and click SET PREFERRED. A star star appears next to the name of the preferred DCAS server.

When you assign access to an automated sign-on session, the preferred server will be highlighted; however, you can choose any of your configured DCAS servers.

Delete a DCAS server

Select the DCAS server, and click DELETE. When sessions are assigned to use this DCAS server, a dialog lists the assigned sessions.

If only one DCAS server is configured, all of the session assignments will be removed. You can cancel this action in the confirmation message.

If multiple DCAS servers are configured, you have the option to either remove or re-assign the sessions. To change the session assignments, select a different DCAS server from the drop-down list.

More information