Skip to main content

TopSecret CPF

Triggering Third Party Password Synchronization

If your site is using TopSecret as the security product and the following conditions are in effect:

  • You use TopSecret CPF to propagate password reset events to other independent TopSecret databases

  • You will be using Mainframe Connector and the supplied TSSINSTX to initiate transparent password synchronization to the Bravura Pass server

You will need to include an ADMINIDS DD statement in the started task JCL for Mainframe Connector . Password reset events initiated by TopSecret CPF on downstream nodes are initiated as third-party reset events. This necessitates the requirement for the ADMINIDS DD . Optional Run-time parameters describes the requirements for this optional DD statement.

If unrestricted third party password reset requests will be eligible to trigger Bravura Pass transparent synchronization, the dataset used for the ADMINIDS DD will need one parameter record as follows:

ADMINID=-

If restricted third party password reset requests will be eligible to trigger Bravura Pass transparent synchronization, the dataset used for the ADMINIDS DD will need to be appropriately populated. Password reset events initiated by validated users during system logon or on behalf of themselves using the TSS REPLACE command will have those events sent to other TopSecret systems through CPF under the MSCA (Master Security Control ACID) of the originating system. To properly handle these scenarios, the dataset used for the ADMINIDS DD will need a parameter record as follows:

ADMINID=mscacid

where ’mscacid’ is the MSCA for the system sending the request. Multiple ADMINID= control cards may be required if more than one source system MSCA exists in a multi-system CPF environment.

CPF TARGET(*) considerations

If the TopSecret CPF environment is not set up to automatically send TopSecret commands to other systems in the TopSecret CPF environment, the following zap should be applied to direct commands issued by Mainframe Connector to other TopSecret nodes:

 NAME PSNCTTOC PSNCSAFR
 VER  0A78 47F0CA86
 VER  0CF0 47F0CCFE
 REP  0A78 4700CA86
 REP  0CF0 4700CCFE
   
 NAME PSNCTTOC PSNCTSS
 VER  0538 47F0A546
 VER  05AE 47F0A5BC
 VER  0624 47F0A632
 VER  0A8E 47F0AA9C
 VER  0B58 47F0AB66
 VER  0CB8 47F0ACC6
 VER  0DF4 47F0AE02
 REP  0538 4700A546
 REP  05AE 4700A5BC
 REP  0624 4700A632
 REP  0A8E 4700AA9C
 REP  0B58 4700AB66
 REP  0CB8 4700ACC6
 REP  0DF4 4700AE02 
   
 NAME PSNCTTOC PSNCPPHR
 VER  09A6 47F0C9B4
 VER  0B9C 47F0CBAA
 REP  09A6 4700C9B4
 REP  0B9C 4700CBAA
In this section: