LOGON/JOB INITIATION - MULTIFACTOR AUTHENTICATION FAILURE OM Web Viewer 12.1
search cancel

LOGON/JOB INITIATION - MULTIFACTOR AUTHENTICATION FAILURE OM Web Viewer 12.1

book

Article ID: 188790

calendar_today

Updated On:

Products

Output Management Web Viewer

Issue/Introduction

How to use Multi-factor-authentication on the mainframe and OM Web viewer 12.1.  Getting LOGON/JOB INITIATION - MULTIFACTOR AUTHENTICATION FAILURE.

The user signs into the page using their MFA credentials and is led to the advanced search screen with the repositories listed. If the user selects the repository, the password is passed to the repository as it was entered at initial logon (which has now expired), and it returns as a failed logon - Strike One.  If the user clicks on another repository, Strike Two, and so on. By the end of their session, the user is suspended.   

How do we set up OM Web Viewer so it will not automatically log into the repository when clicked, and instead pull up a user/pw box? In the credentials panel, there is the ability to store different passwords for different repositories, but these are static. Populating that field, then switching back to the main screen to select the repository before the password expires is not practical. How does OM Web Viewer 12.1 support MFA?

Environment

Output Management Web Viewer 12.1

Resolution

  1. Be at 12.1 Web Viewer Build 198 or above. If you are not, download the latest Build and use it to update your OM Web Viewer.
  2. Once at Build 198 or later, go to the Administration Tab and for the Repositories, check the option
    PassPhrase Supported on LPAR
    This will only affect the login to the View Repositories, not the initial Single Sign-on to the Mainframe from the OM Web Viewer Logon screen.
  3. Create a second repository, one which can be pointing to the same database as the single one you have already, but with a different name.  This will force the Advanced Search tab to show the 2 defined repositories and it will not go straight into the only one defined.
    This setup allows the first password error to bring up a new invalid credentials box which will allow the MFA appended password to work.

The process described above was written to allow the use of MFA for the Repository Logons.