BAQR1169W The value ASSERT_SURROGATE of the idAssertion attribute is ignored when the requireAuth attribute is set to false. The value ASSERT_ONLY is used instead.


        Explanation
When the requireAuth attribute for the API requester is set to false, the z/OS Connect server does not require authentication for link security. Hence the surrogate check is ignored by the z/OS Connect server.

        User response
If you want to perform surrogate check on the asserted user ID, set the requireAuth attribute on the zosconnect_zosConnectManager element or on the apiRequester subelement to true; otherwise, if you want to avoid this warning message, set the idAssertion attribute on the zosconnect_apiRequesters element to ASSERT_ONLY or OFF.