Configuring auto-conversion of user ID and password for z/OS connections with credentials override enabled

MainView Middleware Administrator (MVMA) supports auto-conversion of credentials (user name and password) to uppercase when a user is requested to provide the credentials in uppercase while performing a protected operation on a z/OS queue manager. The auto-conversion is activated only when Credentials Override is enabled for the assigned MQ connection. 

Product administrators can choose to convert either the user name or the password, or both to uppercase before passing them to the z/OS connection to authenticate the connection for a protected operation. The auto-conversion is activated when the following processes are completed:

  • Configuring MVMA system properties
  • Enabling z/OS Queue Manager and Credentials Override flags

Related topics

Accessing-the-User-or-Admin-Console

Enabling auto-conversion of user name and/or password for MVMA

To enable the auto-conversion feature, MVMA administrators need to enable the related system properties from within the wrapper.conf configuration file located in the configuration sub-folder of the MVMA installation:

  1. Stop MVMA.
  2. Back up the configuration file configuration/wrapper.conf.
  3. Edit configuration/wrapper.conf.

  4. Configure the following system property to true in MVMA to automatically convert a user name credential to uppercase for affected connections: 

    wrapper.java.additional.NN=-Dcom.bmc.mmadmin.wmq.connection.user.credentials.username.touppercase=true

  5. Configure the following system property to true in MVMA to automatically convert a password credential to uppercase for affected connections: 

    wrapper.java.additional.NN=-Dcom.bmc.mmadmin.wmq.connection.user.credentials.password.touppercase=true

    NN represents the next highest number of these entries kept in wrapper.conf.

  6. Save the configuration changes and restart MVMA.

Configuring MQ connections for auto-conversion of user credentials

To request protected operations for MQ connection, a user must input credentials such as user name and/or password to authenticate the connection to an MQ queue manager. The user must enable the Credentials Override flag in the MQ connection to establish the authentication process. Also, the user must enable the z/OS Queue Manager flag for the MQ connection to enable auto-conversion of the credentials to uppercase. These options can be set and reviewed from within the MVMA Admin Console.

Important

  • MQ connections that do not have both options enabled are not affected by this feature
  • This feature does not affect the user name and password configured for an MQ connection for MQ connection authentication. These credentials are passed by MVMA to MQ as originally set for the connection.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*