E. Add the required DCAS client parameters for the CMPIDCASPlugin.
Add the required DCAS client parameters to allow the HCM database
to map the user ID to the host ID and get a passticket from the DCAS
application running on the host. A passticket is a credential that
is similar to a password, however a passticket expires after a certain
amount of time and is used only one time. DCAS requires a Security
Access Facility (SAF)-compliant server product, such as an IBM Resource
Access Control Facility (RACF) security server, that supports passticket
generation.
To use the DCAS HCM plug-in, you must configure the DCAS. For information about configuring the DCAS, refer to documentation for z/OS V1R4.0 Communications Server at z/OS Communications Server IP Configuration Reference and the z/OS V1R4.0 Communications Server IP Configuration Guide Also refer to the z/OS V1R4 APAR PQ74457 for information about how to configure the DCAS to function with Web Express Logon. |
For non-Certificate-based Web Express Logon, use DCAS.xml located in the WAR file as a reference for adding parameters when editing the web.xml file. For Certificate-based Web Express Logon, use DCASELF.xml as a reference. |
-
Add the following HCM database parameters to allow the client to connect to the DCAS securely:
- CMPI_DCAS_TRUSTSTORE
- This parameter is required unless CMPI_DCAS_USE_DEFAULT_TRUSTSTORE or CMPI_DCAS_USE_WELLKNOWN_KEYS is true. This parameter contains the name of the truststore to be used by JSSE to lookup the DCAS certificates.
- CMPI_DCAS_TRUSTSTORE_TYPE
- This parameter is required unless CMPI_DCAS_USE_DEFAULT_TRUSTSTORE or CMPI_DCAS_USE_WELLKNOWN_KEYS is true. This parameter contains the type of the truststore specified by CMPI_DCAS_TRUSTSTORE. Valid values are pkcs12, jceks, and jks.
- CMPI_DCAS_TRUSTSTORE_PASSWORD
- This parameter is required unless CMPI_DCAS_USE_DEFAULT_TRUSTSTORE or CMPI_DCAS_USE_WELLKNOWN_KEYS is true. This parameter contains the password of the truststore specified by CMPI_DCAS_TRUSTSTORE.
-
The following parameters contain all the relevant information needed to connect to your HCM database, which in this example is a JDBC database table. You can either configure access to an existing database or point to a newly created database. The level of security for the database varies according to database vendor. Refer to the database application's documentation for details.
The following parameters are not used for Certificate-based Web Express Logon: - CMPI_DCAS_DB_ADDRESS
- CMPI_DCAS_DB_NET_DRIVER
- CMPI_DCAS_DB_USERID
- CMPI_DCAS_DB_TABLE
- CMPI_DCAS_DB_PASSWORD
- CMPI_DCAS_DB_ADDRESS
- This is a URL string that provides the address of the database.
An example of this string is jdbc:db2://dtagw:6789/ZIESSO.
Code example:
<init-param> <param-name>CMPI_DCAS_DB_ADDRESS</param-name> <param-value>jdbc:db2://dtagw.raleigh.hcl.com:6789/ZIESSO </param-value> </init-param>
- CMPI_DCAS_DB_NET_DRIVER
- This string contains the name of the class that acts as the
network database driver. An example of this string is COM.ibm.db2.jdbc.net.DB2Driver.
The location of this class is assumed to be in the existing class
path.
Code example:
<init-param> <param-name>CMPI_DCAS_DB_NET_DRIVER</param-name> <param-value>COM.ibm.db2.jdbc.net.DB2Driver</param-value> </init-param>
- CMPI_DCAS_DB_USERID
- This is the ID of the user account to use when accessing the
database.
Code example:
<init-param> <param-name>CMPI_DCAS_DB_USERID</param-name> <param-value>admin</param-value> </init-param>
- CMPI_DCAS_DB_PASSWORD
- This is the password of the user account to use when accessing
the database.
This parameter should be encrypted using the encrypt password tool. It is decrypted by the HCM plug-in before using it. For more information about the password encryption tool, refer to Password encryption tool. Code example:<init-param> <param-name>CMPI_DCAS_DB_PASSWORD</param-name> <param-value>tuBu9v8lHiJi1jt08UgHzA==</param-value> </init-param>
- CMPI_DCAS_DB_TABLE
- This entry identifies the table to use for the needed query.
Code example:
<init-param> <param-name>CMPI_DCAS_DB_TABLE</param-name> <param-value>HACP</param-value> </init-param>
- The following parameters should correspond directly to the column
headings in your HCM database and should clearly indicate the contents
of the columns. With some databases, such as IBM DB2, the column headings
must be in all upper-case letters, for example, NETWORKID, HOSTADDRESS,
APPLICATIONID, and HOSTID.
Based on the information provided by the first three of these parameters (network ID, host address, and the host application ID), you can make a SQL query of the database to get the host ID. The result of the query is entered in the host ID (HOSTID) column. Assuming that the query is successful, a call is made to the DCAS to request the passticket.
The following parameters are not used for Certificate-based Web Express Logon: - CMPI_DCAS_DB_NETID_COL_NAME
- CMPI_DCAS_DB_HOSTADDR_COL_NAME
- CMPI_DCAS_DB_HOSTAPP_COL_NAME
- CMPI_DCAS_DB_HOSTID_COL_NAME
- CMPI_DCAS_DB_NETID_COL_NAME
- This entry identifies the name of the column that contains the
network ID value (NETWORKID).
Code example:
<init-param> <param-name>CMPI_DCAS_DB_NETID_COL_NAME</param-name> <param-value>NETWORKID</param-value> </init-param>
- CMPI_DCAS_DB_HOSTADDR_COL_NAME
- This entry identifies the name of the column that contains the
host address value (HOSTADDRESS).
Code example:
<init-param> <param-name>CMPI_DCAS_DB_HOSTADDR_COL_NAME</param-name> <param-value>HOSTADDRESS</param-value> </init-param>
- CMPI_DCAS_DB_HOSTAPP_COL_NAME
- This entry identifies the name of the column that contains the
host application value (APPLICATIONID).
Code example:
<init-param> <param-name>CMPI_DCAS_DB_HOSTAPP_COL_NAME</param-name> <param-value>APPLICATIONID</param-value> </init-param>
- CMPI_DCAS_DB_HOSTID_COL_NAME
- This entry identifies the name of the column that contains the
user's host identification value (HOSTID).
Code example:
<init-param> <param-name>CMPI_DCAS_DB_HOSTID_COL_NAME</param-name> <param-value>HOSTID</param-value> </init-param>
- CMPI_DCAS_USE_NETID_AS_HOSTID
- This entry when set to True identifies the network ID as the
RACF ID without performing any mapping.
Code example:
<init-param> <param-name>CMPI_DCAS_USE_NETID_AS_HOSTID</param-name> <param-value>False</param-value> </init-param>