Portal | References | Downloads | Info | Programs | JCLs | Mainframe wiki | Quick Ref
IBM Mainframe Forum Index
 
Register
 
IBM Mainframe Forum Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Profile Log in to check your private messages Log in
 
RACF as API Endpoint

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> All Other Mainframe Topics
View previous topic :: :: View next topic  
Author Message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1690
Location: Tiruppur, India

PostPosted: Tue Apr 14, 2020 9:24 am    Post subject: RACF as API Endpoint
Reply with quote

Hi,

We have a windows desktop application and want to enable RACF based authentication for enabling logon to the application.

Is there anyway we can make a call from Windows to RACF, passing Mainframe USERID and PASSWORD and RACF should return "Authenticated" or "Not Authenticated".
The requirement is sort of exposing RACF function as an API endpoint.

Apart from userid/password authentication, we also need to be able to change user's password by mentioning old and new passwords.

Could you please point me to a product or approach to achieve this. Thank you.
Back to top
View user's profile Send private message

Apoorva

New User


Joined: 28 Jan 2020
Posts: 47
Location: India

PostPosted: Tue Apr 14, 2020 10:27 am    Post subject: Re: RACF as API Endpoint
Reply with quote

vasanthz wrote:
Hi,

We have a windows desktop application and want to enable RACF based authentication for enabling logon to the application.

Is there anyway we can make a call from Windows to RACF, passing Mainframe USERID and PASSWORD and RACF should return "Authenticated" or "Not Authenticated".
The requirement is sort of exposing RACF function as an API endpoint.

Apart from userid/password authentication, we also need to be able to change user's password by mentioning old and new passwords.

Could you please point me to a product or approach to achieve this. Thank you.


Please review Z/OS connect REST APIs link below,

https://www.ibm.com/support/knowledgecenter/SS7K4U_liberty/com.ibm.websphere.wlp.zseries.doc/ae/twlp_zconnect_rest.html
Back to top
View user's profile Send private message
Joerg.Findeisen

Active User


Joined: 15 Aug 2015
Posts: 340
Location: Bamberg, Germany

PostPosted: Tue Apr 14, 2020 12:00 pm    Post subject: Re: RACF as API Endpoint
Reply with quote

Apoorva wrote:
vasanthz wrote:
Hi,

We have a windows desktop application and want to enable RACF based authentication for enabling logon to the application.

Is there anyway we can make a call from Windows to RACF, passing Mainframe USERID and PASSWORD and RACF should return "Authenticated" or "Not Authenticated".
The requirement is sort of exposing RACF function as an API endpoint.

Apart from userid/password authentication, we also need to be able to change user's password by mentioning old and new passwords.

Could you please point me to a product or approach to achieve this. Thank you.


Please review Z/OS connect REST APIs link below,

https://www.ibm.com/support/knowledgecenter/SS7K4U_liberty/com.ibm.websphere.wlp.zseries.doc/ae/twlp_zconnect_rest.html


When STFW it reveals something Microsoft Enterprise SSO related stuff for that purpose but I might be wrong. icon_confused.gif
Back to top
View user's profile Send private message
Rohit Umarjikar

Global Moderator


Joined: 21 Sep 2010
Posts: 2484
Location: NY,USA

PostPosted: Wed Apr 15, 2020 1:49 am    Post subject:
Reply with quote

We do have that, GUI first make a call to MF RACF modules to validate the user id for that application. Only thing is , the user id is not same as racf id in my case. Once upon getting info from the GUI team I shall update further if that's really what needed here.
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1690
Location: Tiruppur, India

PostPosted: Thu Apr 16, 2020 3:17 am    Post subject:
Reply with quote

Thank you for the responses. z/OS Connect looks promising. Let me try if it can perform authentication services.
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1690
Location: Tiruppur, India

PostPosted: Sun Apr 19, 2020 1:54 pm    Post subject:
Reply with quote

Fiddled with writing a CGI script to accept credentials and run RACF commands, but it was very unsecure with security holes, which I dont know how to fix.

Other approach,
Created a CICS region and enabled web interface on it. This interface provided a way to enter USERID/PASSWORD credentials and validate them via RACF. Not a straight forward method. But works OK.
http://enterprisesystemsmedia.com/article/the-simple-path-to-web-enabling-a-legacy-cics-application#&ts=undefined
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> All Other Mainframe Topics All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
No new posts CICS RACF & DB2CONN AllardK CICS 2 Thu Apr 30, 2020 1:33 am
No new posts RACF passphrase implementation problems jhlang All Other Mainframe Topics 1 Thu Jan 02, 2020 7:46 pm
No new posts RACF RANGE TABLE Martin Wickenden All Other Mainframe Topics 1 Mon Jul 08, 2019 9:06 pm
No new posts RACF requesting ICH588A datashare/nod... Alan Playford All Other Mainframe Topics 4 Thu Aug 02, 2018 10:46 pm
No new posts RACF- How to find the Last access of ... rahul shanmuganatan All Other Mainframe Topics 7 Thu Jun 21, 2018 3:19 pm

Back to Top
 
Job Vacancies | Forum Rules | Bookmarks | Subscriptions | FAQ | Polls | Contact Us