Step 28C: Secure the Policy Services Provider

The SA Customization API supports two authentication methods for client access:

BasicAuth: User:Password
BasicAuth: User:PassTicket

Communication between the Policy Services Provider and Customization Dialog requires authentication and authorization. These processes are implemented by using the z/OS® PassTickets when a target TSO user makes a policy service request, for example, a JSON-report request on the Customization Dialog.

For environments that use User:Password authentication, no additional configuration is required.

However, when using User:PassTicket authentication, additional RACF setup is necessary to enable PassTicket generation and validation. For detailed setup instructions, see Authentication using PassTickets and Authorization.

To complete the necessary security setup steps, see Authentication using PassTickets and Authorization in the "Security and Authorization" chapter.

(Optional) TLS HTTPS Connection Enablement

This task is needed only if you want to enable the Policy Services Provider TLS HTTPS connection. If not, skip this task.

To complete the necessary security setup steps, see TLS HTTPS Connection Enablement Using a Self-Signed or CA Certificate in the Security and Authorization chapter.

Next step

After you set up the authentication and authorization settings and optionally enabled TLS HTTPS connection, you can start the Policy Services Provider. See Step 28D: Start and Stop the Policy Services Provider.