Adapter interactions with the server

The CA ACF2 Adapter uses IBM® Security Identity Governance and Intelligence to perform user tasks on the CA ACF2 Adapter Security for z/OS®.

The adapter can add, modify, suspend, restore, reconcile, or delete users from IBM Security Identity Governance and Intelligence. The adapter uses the TCP/IP protocol to communicate with IBM Security Identity Governance and Intelligence.

The CA ACF2 Adapter does not use Secure Socket Layer (SSL) by default to communicate with IBM Security Identity Governance and Intelligence. You have to configure it.

SSL requires digital certificates and private keys to establish communication between the endpoints. Regarding SSL, the CA ACF2 Adapter is considered a server. When the adapter uses the SSL protocol, the server endpoint must contain a digital certificate and a private key. The client endpoint (IBM Security Identity Governance and Intelligence) must contain the Certificate Authority or CA certificate.

To enable SSL communication by default, install a digital certificate and a private key on the adapter and install the CA certificate on IBM Security Identity Governance and Intelligence.

The default TCP/IP port on the z/OS host for the adapter and server communication is 45580. You can change this port to a different port. You can specify the port number on the adapter service form on IBM Security Identity Governance and Intelligence. Ensure that it references the same port number that is configured for the adapter on the z/OS host.

Use the agentCfg utility to configure the adapter. The utility communicates with the adapter through TCP/IP. The TCP/IP port number that is used is dynamically assigned and is in the range 44970 - 44994. The port number and the range of port numbers cannot be configured.

You can restrict the use of these ports to the CA ACF2 Adapter. To protect these ports with the CA ACF2 protection, define the profiles in the CA ACF2 Adapter SERVAUTH resource class. For more information, see the z/OS Communications Server, IP Configuration Guide.