Before configuring Certificate Express Logon

Before you configure a Certificate Express Logon macro, you need to have the following information available:

• Host application name Name of the host application the user is logging onto. For example, the name entered on the USSMSG10 screen.
• Host access application ID This name must match the RACF PTKTDATA (Passticket Data Profile) application name that is configured on the OS/390 V2R10 host. This name could be the same as the application name that the user is logging onto (for example, the name on USSMSG10). When creating PTKTDATA profiles for applications such as TSO, the application name portion of the profile will most likely not be the same. For example, RACF requires that the application ID portion of the profile name be TSO+SID. Refer to OS/390 V2R10.0 SecureWay Security Server RACF Security Administrator's Guide to determine the correct profile naming. If using TSO Generic Resource names, RACF apar OW44393 is needed.
• Alternate start screen A start screen is the first screen from which the macro is played. In addition, one or more subsequent screens can be designated as an alternate start screen. Alternate start screens should be identified during the recording process so that the macro can be played from those screens. For example, when the 3270 Host On-Demand session is started, you might see a USSMSG10 screen. On that screen, you enter the host application name (for example, TSO or MVS) and then go to the application's logon screen. The application logon screen could be identified as an alternate start screen. You can play the macro from either the start screen (USSMSG10) or the alternate start screen (application logon screen). You can not designate an alternate start screen once the user ID has been recorded.
• User ID and password User ID and password for the application to which you are logging on. During macro recording, the actual user ID and password are used. They are not recorded in the macro, only the predefined substitute strings are recorded in the macro. The tn3270 server replaces the predefined substitute strings with the actual user ID and password during the logon process.
• Certificate The workstation certificate must be stored in RACF using the RACF RACDCERT command.
  • For information about using digital certificates with RACF, refer to the OS/390 V2R10.0 SecureWay Security Server for OS/390 (RACF) Security Administrator's Guide and the OS/390 V2R10.0 SecureWay Security Server for OS/390 (RACF) Command Reference.
  • For information about configuring DCAS to use RACF certificates, refer to the OS/390 V2R10.0 IBM CS IP Configuration Guide.

Related topics:

• Express Logon overview
• Using Certificate Express Logon
• Telnet servers that support Certificate Express Logon
• Configuring Certificate Express Logon
• Recording multiple user IDs for a Certificate Express Logon macro
• Distributing a Certificate Express Logon macro
• Certificate Express Logon macro limitations
• Certificate Express Logon problem determination
• Web Express Logon Reference