When liberty on z receives a client certificate, how to get the associated userid when security registry is SAF(MVS RACF)? No document for this scenario at the moment

Step 6:
Make sure any client certificates used for client authentication are mapped to a user identity in your registry.

For the basic registry, the user identity is the common name (CN) from the distinguished name (DN) of the certificate.

For a Lightweight Directory Access Protocol (LDAP) registry, the DN from the client certificate must be in the LDAP registry.

Basic registry and LDAP are described, but what happen when I use RACF as my liberty security registry?
From the test, it’s not working, the userid can not be obtained.


Leave a Reply