search cancel

How to configure for Multi-Factor-Authentication - MFA Web Viewer 12.1

book

Article ID: 188790

calendar_today

Updated On:

Products

Output Management Web Viewer

Issue/Introduction

How to use Multi-factor-authentication on the mainframe and version 12.1 of OMWV (Web Viewer).  Getting LOGON/JOB INITIATION - MULTIFACTOR AUTHENTICATION FAILURE.

The user signs into the page using their MFA credentials and is led to the advanced search screen with the repositories listed. If the user selects the repository, the password is passed to the repository as it was entered at initial logon (which has now expired), and it returns as a failed logon - Strike One.  If the user clicks on another repository, Strike Two, and so on. By the end of their session, the user is suspended.   

How do we set up OMWV so it will not automatically log into the repository when clicked, and instead pull up a user/pw box? In the credentials panel, there is the ability to store different passwords for different repositories, but these are static. Populating that field, then switching back to the main screen to select the repository before the password expires is not practical. How does 12.1 Web Viewer support MFA?

Environment

Release : 12.1

Component : CA OUTPUT MANAGEMENT WEB VIEWER FOR ALL PLATFORMS

Resolution

  1. The first step to resolving this situation is to be at 12.1 Web Viewer Build 198 or above. If you are not, download the latest Build and use it to update your Web Viewer.
  2. Once at Build 198 or later, go to the Administration Tab and for the Repositories, check the option
    PassPhrase Supported on LPAR
    This will only affect the login to the View Repositories, not the initial Single Sign-on to the Mainframe from the Web Viewer Logon screen.
  3. Create a second repository, one which can be pointing to the same database as the single one you have already, but with a different name.  This will force the Advanced Search tab to show the 2 defined repositories and it will not go straight into the only one defined.
    This setup allows the first password error to bring up a new invalid credentials box which will allow the MFA appended password to work.

The process described above was written to allow the use of MFA for the Repository Logons.