When using Enhanced Security, the security data (user ID, Password, and optional security token) is placed into the security-offset portion of the CFB. Additionally, the user ID is placed into the UserID field that is located in the Common Format buffer (CFB) header.
As for a DPC application provides the User ID and Password using the CA Gen CLIENT_USER_ID and CLIENT_PASSWORD variables. The client security user exit (WRSECTOKEN) indicates that place these values into the security-offset. The client security user exit provides a return code indicating the flow use Enhanced Security.
As for the optional security token, the data that is used to populate the security-token within the security-offset is provided by the client security user exit. So, in addition to indicating that Enhanced Security is used, the client security user exit can optionally provide data that is used to populate the security token.
The security token is a byte array that serves as data that is passed in the CFB as part of the cooperative flow request. This data is provided as input to the server security Layer 3—Application Security user exit. The security token can be used as part of a Kerberos, or "Kerberos-like" implementation that is intended to authenticate the end user.
|
Copyright © 2014 CA.
All rights reserved.
|
|