ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

When using TPX there are Passticket issues with IBM MFA and CA AAM


Article ID: 223125


Updated On:


TPX - Session Management ACF2 Advanced Authentication Mainframe


TPX Passticket validation fails for application session initiation, when IBM MFA / CA AAM is activated. 

Checking for PassTicket use in the SEVPOST exit doesn't always work.
CA AAM users with the RADIUS_RSA factor can't use PassTickets.


When the user is an IBM MFA user with an active factor, flag SXPPSTKT is not set in the SEVPOST Exit parameter list even though a PassTicket is successfully used for signon.


Release :  5.4

Component : CA TPX    for  Z/OS
                      CA ACF2 for Z/OS
                      CA AAM  for Z/OS


To circumvent change the RADIUS_RSA factor to NOACTIVE for the user or stop the CA AAM started task and give the user's Logonid FALLBACK.

To Fix the problem, apply ACF2 PTF LU01453.