IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace z/OS Connect
Created by Guest
Created on Jun 21, 2017

RELATED IDEAS

Enabling SSL clientauth implies client cert authentication and mapping

With z/OS Connect it is not possible to configure ssl clientauth (configured in server.xml with clientAuthentication="true") without implying that you want to use the client cert as an authentication token and map it to a user in the local registry. Benchmark tests have shown that the mapping of the certificate is a significant CPU overhead. This is because z/OS Connect is delivered with a pre-configured web.xml which specifies <auth-method>CLIENT-CERT</auth-method>

Idea priority Medium
  • Guest
    Reply
    |     May 27, 2020

    This RFE was resolved in July 2019 as per the previous comment. Unfortunately its status was not update to reflect that resolution.

    As such we are now closing this RFE since original requirement has now been superseded by two alternative solutions.

    If this RFE is still valid and current, you are free to re-raise it against the WebSphere Liberty team.

  • Guest
    Reply
    |     Jul 24, 2019

    This RFE is being closed as the original requirement has now been superseded by two alternative solutions.

    1. For z/OS Connect EE users wishing to use mTLS (mutual authentication) without requiring client certificate authentication, the WebSphere Application Server team have accepted that the configuration option, overrideHttpAuthMethod, should provide the desired behaviour. This is not the case at the time of testing, and this has been acknowledged as an issue to be resolved.

    2. The WebSphere Application Server team have accepted a request from the z/OS Connect EE and CICS development teams to consider whether the Liberty authentication cache could be used to improve the overhead of repeat mappings from the client certificate to the SAF identity.

    On both counts, any further updates from the WebSphere Application Server team relevant to z/OS Connect EE will be published via this RFE. However, this RFE will now be closed with status “Transferred to other product”.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.