Client certificate-based authentication for Web Administrator

search cancel

Client certificate-based authentication for Web Administrator

book

Article ID: 248944

calendar_today

Updated On: 06-25-2024

Products

ACF2 - z/OS ACF2 ACF2 - MISC WEB ADMINISTRATOR FOR ACF2 LDAP SERVER FOR Z/OS

Issue/Introduction

Trying to implement client certificate-based logon instead of using ACF2 LID passwords.
Can Web Administrator be configured to use the browser client certificate to sign on to z/OS, instead of prompting for user ID and password?

Resolution

The Web Administrator does not support client authentication.

To configure the LDAP Server for z/OS for SSL, follow the instructions in the the LDAP Server documentation Set Up Encryption Between the LDAP Server and the Web Administrator.

When configuring the LDAP Server for z/OS, do not specify the TLSVerifyClient option with an argument of “demand”.

Either omit the TLSVerifyClient option, or specify the TLSVerifyClient option with the argument of “allow” or “try”.

Feedback

thumb_up Yes

thumb_down No