Configuring the authorization interceptor for z/OS Connect EE servers

Use the following procedure to configure the authorization interceptor for z/OS Connect EE servers.

Before you begin

Verify that the following items are set up:

  • SAF authorization for z/OS Connect EE servers
  • z/OS Connect EE keyring

Related topics

Enabling-features-in-the-server-xml-file

Updating-the-feature-manager-section

Configuring-the-audit-interceptor-for-z-OS-Connect-EE-servers

Configuring-the-OpsMJE-z-OS-Connect-Interceptor-for-z-OS-Connect-EE-servers

httpEndpoint-considerations

To configure the authorization interceptor

  1. Specify the following string in the ssl id tag:

    clientAuthenticationSupported="true"
    Example

    <ssl id="DefaultSSLSettings" keyStoreRef="defaultKeyStore" clientAuthenticationSupported="true" sslProtocol="TLSv1.2"      

       trustStoreRef="defaultTrustStore" />

  2. Define the authorization interceptor in the interceptor list:

    Example

    <zosconnect_auditInterceptor id="auditInterceptor" sequence="1" apiProviderSmfVersion="2"/>
    <zosconnect_authorizationInterceptor id="authorizationInterceptor" sequence="2"/>
    <zosconnect_zosConnectInterceptors id="interceptorList" interceptorRef="authorizationInterceptor, auditInterceptor"/>

  3. Define the zosconnect_zosConnectManager tag as follows:

    • Connect the MVJE PAS user ID to a group in globalAdminGroup,
    • Set requireAuth to true.
    • Set requireSecure to true.
    Example

    <zosconnect_zosConnectManager
     globalInterceptorsRef="interceptorList"
     globalAdminGroup="ZCONADM,MVJE"
     globalOperationsGroup="OPR"
     globalInvokeGroup="ALLZUID"
     globalreaderGroup="ALLZUID"
     setUTF8ResponseEncoding="true"
     requireAuth="true"
     requireSecure="true"
     />


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*