Environment
Situation
Resolution
Features
- Reflection Automated Sign-On for Mainframe enables users to automatically sign on to legacy green screen sessions hosted on z/OS systems, including 3270 sessions.
- Automated sign-on can be performed with direct host connections or connections through the Reflection Security Proxy Server. Connections to the host can be secure (TLS/SSL) or plaintext (TN3270).
- The automated sign-on to the host is derived from the user’s enterprise identity based on authentication through an LDAP directory, X.509, or another authentication method.
- Multiple identity mappings for a single user are supported.
The user’s enterprise identity can be mapped to multiple mainframe usernames. For instance, one terminal emulation session might use a mainframe username derived from the user’s User Principal Name (UPN), and another session might use a different username derived from an LDAP attribute.
- The automated sign-on system does not use static passwords. Instead, the system uses time-limited single-use passtickets to automatically sign the user in to their host session. This approach provides greater security because users do not need to know either their username or password, and because time-limited single-use passtickets are more difficult to compromise than static passwords.
- The automated sign-on functionality can be used with Reflection Security Gateway 2014 R2 or Reflection for the Web 2014 R2.
Note: When using Reflection Security Gateway 2014 R2, the user must be connecting to the host using Reflection 2014 R1 SP1 or higher.
Known Issue
Support for Reflection Automated Sign-On for Mainframe is limited with some Access Control methods. If the mainframe username is derived from the user’s User Principal Name, it is recommended to use either LDAP or X.509 with LDAP failover as the Access Control method.
If you encounter an issue in Reflection Automated Sign-On for Mainframe 2014, contact Attachmate Technical Support.
Obtaining Your Product
Reflection Automated Sign-On for Mainframe is purchased separately as an add-on product.
Entitled users can download the product from Attachmate Downloads, https://download.attachmate.com/Upgrades/, and then import it as an activation file into an existing installation of Reflection Security Gateway 2014 R2 or Reflection for the Web 2014 R2.
For information about purchasing Reflection Automated Sign-On for Mainframe 2014, email Attachmate Sales: SalesRecept@attachmate.com.
Installing Your Add-On
After you download the product file, follow these installation steps:
- Log in to either Reflection Security Gateway or Reflection for the Web, and open the Administrative WebStation.
- In the left nav (or on the Home page), click Resources > About Reflection.
Confirm that either Reflection Security Gateway 2014 R2 or Reflection for the Web 2014 R2 is in the Installed modules box.
- Beneath the modules box, click Choose File.
- Navigate to and select the Reflection Automated Sign-On for Mainframe activation file you downloaded from Attachmate Downloads.
- On the About Reflection page, click Install.
Confirm that Reflection Automated Sign-On for Mainframe 2014 R2 was added to the list of Installed modules. Then, restart the browser. It is not necessary to restart the management server.
- To use the feature, refer to the Reflection Automated Sign-On for Mainframe 2014 Administrative Guide: https://support.microfocus.com/manuals/reflection.html?prod=RASM2014.
Technical Resources
For additional information about installing Reflection for the Web 2014 R2 or Reflection Security Gateway 2014 R2, see https://www.attachmate.com/documentation/rweb-rsg-2014-r2/rweb-rsg-install/.
To implement Reflection Automated Sign-On for Mainframe 2014, see the Administrator Guide: https://support.microfocus.com/manuals/reflection.html?prod=RASM2014.