Valid on z/OS.
Use the CNFAPP keyword to specify the application variable that acts as a filter to assign users to an ACID. Users are assigned an ACID according to the application with which they have gained access to the system. The application criteria are in addition to the digital certificate name filter defined in the corresponding TSS ADD CERTMAP command.
CNFAPP is specified on the CRITMAP command. CRITMAP is used only when MULTIID and CRITERIA are specified on a CERTMAP command indicating that criteria in addition to the subject's and/or the issuer's distinguished names are used as the filter. This criteria data is stored in the CRITMAP record on the SDT. CNFAPP is defined by CA Top Secret.
The CRITMAP command is used when MULTIID and CRITERIA are used on the CERTMAP command.
This keyword has the following format:
TSS ADDTO(acid) CRITMAP(recid)
CNFAPP(application)
Specifies the application variable that acts as a filter to assign users to an ACID. May contain an asterisk (*) for masking.
Range: Up to 8 characters.
This keyword is used with:
In this example, the special ACID name of MULTIID along with the CRITERIA name tells CA Top Secret that if the subject's and/or the issuer's distinguished name information matches, then search the CRITMAP records for a match on the application name before assigning an ACID to the user:
TSS ADDTO(MULTIID) CERTMAP(NYMAP2)
LABLCMAP('NY Dept 2 Map')
TRUST
SDNFILTR('OU=Dept2.OU=NY.OU=Sales.O=ABC Co')
CRITERIA(CNFAPP=&CNFAPP)
TSS ADDTO(NYDEPT2B) CRITMAP(NYCRIT2B)
CNFAPP(BUSINESS)
TSS ADDTO(NYDEPT2B) CRITMAP(NYCRIT2R)
CNFAPP(RETAIL)
In this example, the user whose subject's distinguished name matches the SDNFILTR is assigned the ACID NYDEPT2B or NYDEPT2R, depending upon what application was used to access the system. If access was through the BUSINESS application, NYDEPT2B is assigned to the user. If access was through the RETAIL application, NYDEPT2R is assigned.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|