TSO VERIFYAPPL(ON) was set in IBM's MFA, but the APPL is not being passed. How does that work with ACF2?
TSO GSO record TSOGNAME can be used as the APPLID for TSO logon via PASSTICKETs to override the use of an application name of TSOsysid. ACF2 has its own TSO interface so the actual TSO logon where the password is validated is not done via a RACROUTE call. ACF2 just calls the ACF2 SVC with the ACVALD parameter list. When TSOGNAME is filled in, ACF2 passes that as the APPL in the ACVALD. When TSOGNAME is not specified the ACF2 TSO interface constructs the default TSOsysid.
With MFA, when the application does not provide an application name in the APPL=applname parameter from a RACROUTE REQUEST=VERIFY request, MFA will check MFABYPASS.DEFAULT, with ACF2 sites can optionally use the GSO TSO TSOGNAME to specify an applid to be used when no applid is supplied on the RACROUTE REQUEST=VERIFY.
The GSO TSO TSOGNAME application name is used for two different applications: