Using Single Sign On for more security

wonder how I reached SSO( single sign On).... Actually if you are very keen about the priviledges to the Hosts , which is obviously everyone is, then you can even use Single sign on meaning a particulat user on Windows Active directory can be assigned with a particular user on Host / Maniframe AS 4000  etc.

 this would give securrity and integrity of user accesses.

1. get Microsoft's SSO installed  on a server where HIS 2006 is installed

2.  configure an SSO App and assign rights accoridngly . you may want to refer the samples  on MSDN to do it .

Creating Affiliate Applications :

https://msdn2.microsoft.com/en-us/library/aa561920.aspx

3.  Configure the Host file provider or SNAOLEDB connection string to  use Signe Sign on and this application say "APP_Test"

 

Provider=SNAOLEDB;User ID=sna;APPC Remote LU Alias=TEST;APPC Local LU Alias=LOCAL;APPC Mode Name=QPCSUPP;Network Transport Library=SNA;Host CCSID=37;PC Code Page=1252;Network Port=446;Process Binary as Character=False;Affiliate Application=APP_Test;Integrated Security=SSPI;Persist Security Info=False;Cache Authentication=False;Location=CONDOR;Default Library=USER1;Repair Host Keys=False;Strict Validation=False;

Notice Affiliate Application=APP_Test . If your application using this connection string to get or put data from mainframe and application user is say loguser1 on Windows Active directory then in APP_Test  one should configure  and map this user to give access to a desired parallel user on mainframe or host.