Client certificate-based authentication for Web Administrator
search cancel

Client certificate-based authentication for Web Administrator

book

Article ID: 248944

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

Trying to implement client certificate-based logon instead of using ACF2 LID passwords.
Can WEB Administrator be configured to use the browser client certificate to sign on to z/OS, instead of prompting for user ID and password?  

Environment

Release : 16.0

Component : WEB ADMINISTRATOR

Resolution

To configure the LDAP Server for z/OS for SSL, follow the instructions in the the 
LDAP Server documentation.
The Web Administrator does not support client authentication.
When you configure the LDAP Server  for z/OS, do not specify the TLSVerifyClient
option with an argument of “demand”.
You can omit the TLSVerifyClient option, or you can specify the TLSVerifyClient option
with the argument of “allow” or “try”.


https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-web-administrator-for-z-os/15-0/administering/secure-the-web-application-server-using-ssl/set-up-encryption-between-the-ca-ldap-server-and-the-ca-web-administrator.html#concept.dita_41901c9ce45e1adfcc11b40629d83a71098454ff_ConfiguretheCALDAPServertoUseSSL