CERTMAP alternatives for certificate client authentication

Document ID : KB000093109
Last Modified Date : 26/04/2018
Show Technical Document Details
Introduction:
Are there CERTMAP alternatives for certificate client authentication to signon a user?
Question:
Are there CERTMAP alternatives for certificate client authentication to signon a user?
Answer:
To signon a user with a certificate, you have two methods that CA 
Top Secret support: 

1. You can use CERTMAPs to associate a certificate to an acid. 

2. Or you can, you make the acid the owner of the certificate. 

We support both. 

CERTMAP is documented in the following section:
https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/digital-certificates/certificate-name-filtering-support

To signon with a digital certificate,  your application have the ability to signon a user with a certificate using RACF Callable Service 'initacee certificate=yes". 

'initacee' is documented in the IBM RACF Callable Services Guide