Previous Topic: PTKTDATA Profile RecordsNext Topic: Using the ACF Command

Maintaining Profile RecordsSSIGNON Profile Data Records

SSIGNON Profile Data Records

To support Qualified PassTicket signon, CA ACF2 for VM finds security key values in Profile records on its Infostorage database. The new SSIGNON Profile Data record of the PTKTDATA profile has a field named SSKEY. It contains the security key used for decrypting the PassTicket and validating the signon. The record ID is usually the VTAM application ID of the application the user is trying to access.

Record ID

Fields

recid

SSKEY(key‑value)
recid

A 1‑ to 26‑character profile name that identifies the application where the key‑value applies. The record ID is determined by four distinct combinations of an application name, a group name, and a user ID. The four combinations (in PassTicket validation) are:

application.group.userid
application.userid
application.group
application

For VM systems, the application name is the characters “VM” suffixed with the SMF system ID.

For CICS, IMS, or APPC/MVS applications, this is the VTAM application ID.

For TSO, it is the characters “TSO” suffixed with the SMF system ID as defined in the SMFPRMxx member of SYS1.PARMLIB.

For OS/390 batch jobs, it is the characters “MVS” suffixed with the SMF system ID. In both cases, &acf. ignores any special characters in the SMF system ID (for example, “SY*6” becomes “SY6”).

The group name for VM systems is the GROUP field in the Logonid record.

SSKEY

A 16‑character hexadecimal representation of the eight‑byte encryption key for this application.

Following is an example of the commands to issue to create a profile record letting a user signon to a host application VM on a system with an SMF ID of XE75) from a workstation:

SET PROFILE(PTKTDATA) DIVISION(SSIGNON)
 
INSERT VMXE75 SSKEY(c237d18425cfe12d)

Following is an example of the commands to issue to create a Profile record letting user JOE in group SYSPROGS signon to a host application VM system with an SMF ID of ESA3:

INSERT VMESA3.SYSPROGS.JOE SSKEY(C31D4EF1908DF1AF)

Following is an example of the commands to issue to create a Profile record letting users in group ADMIN signon to a host application VM system with an SMF ID of PROD:

INSERT VMPROD.ADMIN SSKEY(C537D04C03C77F1E)