Add the required DCAS client parameters for

AddtherequiredDCASclientparameterstoallowtheHCMdatabasetomapthe user IDto thehostIDandget apassticketfromtheDCASapplicationrunningon thehost.Apassticket isa credentialthatissimilartoapassword, howevera passticket expiresafter acertainamount oftimeand isusedonlyonetime.DCAS requiresa SecurityAccessFacility(SAF)-compliantserverproduct,suchasanIBM ResourceAccessControlFacility(RACF)securityserver,thatsupportspassticket generation.

StartingwithHostOn-DemandV9.03,theCMPI_DCAS_KEYRING_FILEand CMPI_DCAS_KEYRING_PASSWORDaredeprecatedandshouldnotbeused.

Instead,CMPI_DCAS_TRUSTSTORE,CMPI_DCAS_TRUSTSTORE_PASSWORD, andCMPI_DCAS_TRUSTSTORE_TYPEshouldbeused.However,

CMPI_DCAS_KEYRING_FILEandCMPI_DCAS_KEYRING_PASSWORDwill continuetoworkinlieuofCMPI_DCAS_TRUSTSTOREand

CMPI_DCAS_TRUSTSTORE_PASSWORD,andthetypepkcs12willbeassumed whenthesedeprecatedparametersareused.

TousetheDCASHCMplug-in,youmustconfiguretheDCAS.Forinformation aboutconfiguringtheDCAS,refertodocumentationforz/OSV1R4.0

CommunicationsServerathttp://publibz.boulder.ibm.com/cgi-bin/

bookmgr_OS390/Shelves/F1A1BK33,specificallythez/OSV1R4.0 CommunicationsServerIPConfigurationReference(publicationnumber

SC31-8776-03)andthez/OSV1R4.0CommunicationsServerIPConfigurationGuide (publicationnumberSC31-8775-02).Alsorefertothez/OSV1R4APAR

PQ74457forinformationabouthowtoconfiguretheDCAStofunctionwith WebExpressLogon.

Fornon-Certificate-basedWebExpressLogon,useDCAS.xmllocatedinthe WARfileasareferenceforaddingparameterswheneditingtheweb.xmlfile.

ForCertificate-basedWebExpressLogon,useDCASELF.xmlasareference.

1. AddthefollowingHCMdatabaseparameterstoallowtheclienttoconnectto theDCASsecurely:

CMPI_DCAS_KEYRING_FILE

Thisparameterreferencesan SSLkeyringdatabasefilethatprovides accesstotheDCASclientcertificate aswell astheDCASserver’s certificate.Thecertificatesestablishaclient-authenticated, secure connectionwith theDCASserver.TheDCASplug-inservesasthe DCASclient.Youwillcreateakeyringdatabasefilecalled

HODDCAS.p12in“Step 3:CreatetheSSLkeydatabase.”onpage37.

Codeexample:

<init-param>

<param-name>CMPI_DCAS_KEYRING_FILE</param-name>

<param-value>C:\Program Files\IBM\HostOnDemand\HOD\HODDCAS.p12

</param-value>

</init-param>

CMPI_DCAS_KEYRING_PASSWORD

Thisparameterspecifiesthepasswordfor thekeyringdatabase.

Thisparametershouldbeencryptedusingthepasswordencryptiontool.Itis decryptedbytheHCMbeforeusingit.Formoreinformationaboutthe passwordencryptiontool,refertoAppendixC,“Passwordencryptiontool,”on page121.

Codeexample:

<init-param>

<param-name>CMPI_DCAS_KEYRING_PASSWORD</param-name>

<param-value>45ie8WciVu</param-value>

</init-param>

CMPI_DCAS_TRUSTSTORE

Thisparameterisrequiredunless

CMPI_DCAS_USE_DEFAULT_TRUSTSTOREor

CMPI_DCAS_USE_WELLKNOWN_KEYSistrue.Thisparameter containsthenameofthetruststoretobeusedbyJSSEtolookupthe DCAScertificates.

CMPI_DCAS_TRUSTSTORE_TYPE Thisparameterisrequiredunless

CMPI_DCAS_USE_DEFAULT_TRUSTSTOREor

CMPI_DCAS_USE_WELLKNOWN_KEYSistrue.Thisparameter containsthetypeof thetruststorespecified by

CMPI_DCAS_TRUSTSTORE.Validvaluesare pkcs12,jceks,and jks.

CMPI_DCAS_TRUSTSTORE_PASSWORD Thisparameterisrequiredunless

CMPI_DCAS_USE_DEFAULT_TRUSTSTOREor

CMPI_DCAS_USE_WELLKNOWN_KEYSistrue.Thisparameter containsthepasswordofthetruststorespecifiedby

CMPI_DCAS_TRUSTSTORE.

2. Thefollowingparameterscontainalltherelevantinformationneededto connecttoyour HCMdatabase,whichinthisexampleisaJDBCdatabase table.Youcaneither configureaccesstoanexistingdatabaseor pointtoa newlycreateddatabase.Thelevelofsecurityforthedatabase variesaccording

todatabasevendor. Refertothedatabaseapplication’sdocumentationfor details.

ThefollowingparametersarenotusedforCertificate-basedWebExpress Logon:

v

CMPI_DCAS_DB_ADDRESS v

CMPI_DCAS_DB_NET_DRIVER v CMPI_DCAS_DB_USERID v CMPI_DCAS_DB_TABLE v CMPI_DCAS_DB_PASSWORD

CMPI_DCAS_DB_ADDRESS

Thisisa URLstringthatprovides theaddress ofthedatabase.An exampleofthis stringisjdbc:db2://dtagw:6789/HODSSO.

Codeexample:

<init-param>

<param-name>CMPI_DCAS_DB_ADDRESS</param-name>

<param-value>jdbc:db2://dtagw.raleigh.ibm.com:6789/HODSSO

</param-value>

</init-param>

CMPI_DCAS_DB_NET_DRIVER

Thisstringcontainsthenameoftheclassthatactsasthenetwork databasedriver.An exampleofthisstringis

COM.ibm.db2.jdbc.net.DB2Driver.Thelocationofthis classisassumed tobein theexistingclasspath.

Codeexample:

<init-param>

<param-name>CMPI_DCAS_DB_NET_DRIVER</param-name>

<param-value>COM.ibm.db2.jdbc.net.DB2Driver</param-value>

</init-param>

CMPI_DCAS_DB_USERID

ThisistheIDoftheuser accounttousewhenaccessingthedatabase.

Codeexample:

<init-param>

<param-name>CMPI_DCAS_DB_USERID</param-name>

<param-value>admin</param-value>

</init-param>

CMPI_DCAS_DB_PASSWORD

Thisisthepasswordoftheuser accounttousewhenaccessingthe database.

Thisparametershouldbeencryptedusingtheencryptpasswordtool.Itis decryptedbytheHCMplug-inbeforeusingit.Formoreinformationaboutthe passwordencryptiontool,refertoAppendixC,“Passwordencryptiontool,”on page121.

Codeexample:

<init-param>

<param-name>CMPI_DCAS_DB_PASSWORD</param-name>

<param-value>tuBu9v8lHiJi1jt08UgHzA==</param-value>

</init-param>

CMPI_DCAS_DB_TABLE

Thisentryidentifiesthetabletousefortheneededquery.

Codeexample:

<init-param>

<param-name>CMPI_DCAS_DB_TABLE</param-name>

<param-value>HACP</param-value>

</init-param>

3. Thefollowingparametersshouldcorresponddirectlytothecolumnheadingsin your HCMdatabaseandshouldclearlyindicatethecontentsofthecolumns.

Withsomedatabases,suchasIBMDB2,thecolumnheadingsmust beinall upper-case letters,forexample,NETWORKID,HOSTADDRESS,

APPLICATIONID,andHOSTID.

Basedontheinformationprovidedbythefirst threeof theseparameters (networkID,hostaddress,and thehostapplication ID),youcanmake aSQL queryofthedatabasetogetthehostID. Theresultofthequeryisenteredin thehostID(HOSTID)column.Assumingthatthequeryissuccessful,a callis madetotheDCAStorequestthepassticket.

ThefollowingparametersarenotusedforCertificate-basedWebExpress Logon:

v CMPI_DCAS_DB_NETID_COL_NAME v CMPI_DCAS_DB_HOSTADDR_COL_NAME v CMPI_DCAS_DB_HOSTAPP_COL_NAME v

CMPI_DCAS_DB_HOSTID_COL_NAME

CMPI_DCAS_DB_NETID_COL_NAME

Thisentryidentifiesthenameofthecolumnthatcontains thenetwork IDvalue(NETWORKID).

Codeexample:

<init-param>

<param-name>CMPI_DCAS_DB_NETID_COL_NAME</param-name>

<param-value>NETWORKID</param-value>

</init-param>

CMPI_DCAS_DB_HOSTADDR_COL_NAME

Thisentryidentifiesthenameofthecolumnthatcontains thehost addressvalue (HOSTADDRESS).

Codeexample:

<init-param>

<param-name>CMPI_DCAS_DB_HOSTADDR_COL_NAME</param-name>

<param-value>HOSTADDRESS</param-value>

</init-param>

CMPI_DCAS_DB_HOSTAPP_COL_NAME

Thisentryidentifiesthenameofthecolumnthatcontains thehost applicationvalue (APPLICATIONID).

Codeexample:

<init-param>

<param-name>CMPI_DCAS_DB_HOSTAPP_COL_NAME</param-name>

<param-value>APPLICATIONID</param-value>

</init-param>

CMPI_DCAS_DB_HOSTID_COL_NAME

Thisentryidentifiesthenameofthecolumnthatcontains theuser’s hostidentificationvalue (HOSTID).

Codeexample:

<init-param>

<param-name>CMPI_DCAS_DB_HOSTID_COL_NAME</param-name>

<param-value>HOSTID</param-value>

</init-param>

CMPI_DCAS_USE_NETID_AS_HOSTID

ThisentrywhensettoTrueidentifiesthenetworkIDastheRACFID withoutperforminganymapping.

Codeexample:

<init-param>

<param-name>CMPI_DCAS_USE_NETID_AS_HOSTID</param-name>

<param-value>False</param-value>

</init-param>