IBM Mainframe Forum Index
 
Register
 
IBM Mainframe Forum Index Mainframe: Search Log in to check your private messages Log in
 

RACF as API Endpoint


IBM Mainframe Forums -> All Other Mainframe Topics
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1689
Location: Tiruppur, India

PostPosted: Tue Apr 14, 2020 9:24 am
Reply with quote

Hi,

We have a windows desktop application and want to enable RACF based authentication for enabling logon to the application.

Is there anyway we can make a call from Windows to RACF, passing Mainframe USERID and PASSWORD and RACF should return "Authenticated" or "Not Authenticated".
The requirement is sort of exposing RACF function as an API endpoint.

Apart from userid/password authentication, we also need to be able to change user's password by mentioning old and new passwords.

Could you please point me to a product or approach to achieve this. Thank you.
Back to top
View user's profile Send private message
Apoorva

New User


Joined: 28 Jan 2020
Posts: 47
Location: India

PostPosted: Tue Apr 14, 2020 10:27 am
Reply with quote

vasanthz wrote:
Hi,

We have a windows desktop application and want to enable RACF based authentication for enabling logon to the application.

Is there anyway we can make a call from Windows to RACF, passing Mainframe USERID and PASSWORD and RACF should return "Authenticated" or "Not Authenticated".
The requirement is sort of exposing RACF function as an API endpoint.

Apart from userid/password authentication, we also need to be able to change user's password by mentioning old and new passwords.

Could you please point me to a product or approach to achieve this. Thank you.


Please review Z/OS connect REST APIs link below,

Use [URL] BBCode for Links
Back to top
View user's profile Send private message
Joerg.Findeisen

Active User


Joined: 15 Aug 2015
Posts: 352
Location: Bamberg, Germany

PostPosted: Tue Apr 14, 2020 12:00 pm
Reply with quote

Apoorva wrote:
vasanthz wrote:
Hi,

We have a windows desktop application and want to enable RACF based authentication for enabling logon to the application.

Is there anyway we can make a call from Windows to RACF, passing Mainframe USERID and PASSWORD and RACF should return "Authenticated" or "Not Authenticated".
The requirement is sort of exposing RACF function as an API endpoint.

Apart from userid/password authentication, we also need to be able to change user's password by mentioning old and new passwords.

Could you please point me to a product or approach to achieve this. Thank you.


Please review Z/OS connect REST APIs link below,

Use [URL] BBCode for Links


When STFW it reveals something Microsoft Enterprise SSO related stuff for that purpose but I might be wrong. icon_confused.gif
Back to top
View user's profile Send private message
Rohit Umarjikar

Global Moderator


Joined: 21 Sep 2010
Posts: 2508
Location: NY,USA

PostPosted: Wed Apr 15, 2020 1:49 am
Reply with quote

We do have that, GUI first make a call to MF RACF modules to validate the user id for that application. Only thing is , the user id is not same as racf id in my case. Once upon getting info from the GUI team I shall update further if that's really what needed here.
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1689
Location: Tiruppur, India

PostPosted: Thu Apr 16, 2020 3:17 am
Reply with quote

Thank you for the responses. z/OS Connect looks promising. Let me try if it can perform authentication services.
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1689
Location: Tiruppur, India

PostPosted: Sun Apr 19, 2020 1:54 pm
Reply with quote

Fiddled with writing a CGI script to accept credentials and run RACF commands, but it was very unsecure with security holes, which I dont know how to fix.

Other approach,
Created a CICS region and enabled web interface on it. This interface provided a way to enter USERID/PASSWORD credentials and validate them via RACF. Not a straight forward method. But works OK.
Use [URL] BBCode for Links
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic View Bookmarks
All times are GMT + 6 Hours
Forum Index -> All Other Mainframe Topics

 

Search our Forum:

Similar Topics
Topic Forum Replies
No new posts CICS RACF & DB2CONN CICS 2
No new posts RACF passphrase implementation problems All Other Mainframe Topics 1
No new posts RACF RANGE TABLE All Other Mainframe Topics 1
No new posts RACF requesting ICH588A datashare/nod... All Other Mainframe Topics 4
No new posts RACF- How to find the Last access of ... All Other Mainframe Topics 7

Back to Top