IMS Mobile Feature Pack for z/OS Connect Enterprise Edition is now included as the IMS service provider in
IBM z/OS Connect Enterprise Edition V2.0.5 (APAR PI70432) or later. The information here is provided "AS IS" and will no longer be maintained.
For the latest IMS mobile solution information, see
Using the IMS service provider in z/OS Connect EE documentation.
Basic authentication configuration for IMS Mobile Feature Pack for z/OS Connect EE
For initial installation and testing of the IMS™ Mobile Feature Pack for z/OS® Connect EE without SAF or RACF® configuration in the IMS gateway server (z/OS Connect EE), you can configure the server.xml file for basic authentication.
To use basic authentication, update server.xml to
configure a basic registry with z/OS Connect
access roles. To configure for basic authentication:
- Add a keystore element (<keyStore>) to configure
the certificate with the appropriate keystore ID and password.
<keyStore id="your_keystore_id" password="your_encrypted_password" /> - Add a webAppSecurity element (<webAppSecurity>) to allow failover to basic
authentication:
<webAppSecurity allowFailOverToBasicAuth="true" ssoRequiresSSL="true" /> - Add the basic registry element (<basicRegistry>)
for basic authentication for the zosConnect realm.
Specify the basic registry ID, and add the ID and password for each
user.
<!-- Basic authentication registry definition --> <basicRegistry id="your_basic_id" realm="zosConnect"> <user name="your_user_id" password="your_encrypted_password>" /> ... </basicRegistry>Passwords can be encrypted with the z/OS Connect EE securityUtility encode command or through the WebSphere® Application Server Liberty Profile Developer Tools.
- Add the users for user authorization to z/OS Connect services on the IMS gateway server for the zos.connect.access.roles authorization
role and the zosConnectAccess security role.
<!-- Security Role definition for authorization --> <authorization-roles id="zos.connect.access.roles"> <security-role name="zosConnectAccess"> <user name="your_user_id"/> ... </security-role> </authorization-roles> - If RACF security is enabled in IMS Connect, configure the IMS technical password. This password is sent to IMS Connect as part of the request with the request user ID. You can use IMS Explorer for Development to create multiple connection profiles for the same server instance, with each connection profile associated with a user name and a password. IMS technical password can be specified per IMS gateway server instance. For more information, see Configuring the global IMS technical password.
The following is an example of the added tags to server.xml.
<!-- Keystore definition -->
<keyStore id="keystore_id" password="encrypted_password" />
<!-- Allow failover to basic authenticatioin -->
<webAppSecurity allowFailOverToBasicAuth="true" ssoRequiresSSL="true"/>
<!-- Basic authentication registry definition -->
<basicRegistry id="basic1" realm="zosConnect">
<user name="user1" password="encrypted_password1" />
<user name="user2" password="encrypted_password2" />
</basicRegistry>
<!-- Security Role definition for authorization -->
<authorization-roles id="zos.connect.access.roles">
<security-role name="zosConnectAccess">
<user name="user1"/>
<user name="user2"/>
</security-role>
</authorization-roles>For more information about configuring z/OS Connect EE
security and basic registry, see the following topic:
