Using RACF with WebSphere

This course is essential for RACF Administrators working in a WebSphere environment and for Administrators and Technicians responsible for implementing WebSphere. Designed, written and presented by specialist RACF consultants, this course provides an insight into the complexities of the WebSphere/RACF Interface. The course describes and explains how RACF is utilised within the WebSphere environment.

This course is available for exclusive, one-company presentations. It is also available 'on demand' (minimum 2 students) for public presentations or presentations via the Internet.

Virtual Classroom Environment dates - click to book!


USA/Canada Start Times

2 August 2024 22 November 2024 21 March 2025 25 July 2025

What is a 'Virtual Classroom Environment'?


What do I need?

  • webcam
  • headphones with microphone
  • sufficient bandwidth, at least 1.5 Mb/s in each direction.

What you will learn

On successful completion of this course you will be able to:

  • describe the necessary requirements to implement a secure RACF WebSphere environment
  • carry out User id authentication and authorisiation checking within WebSphere
  • identify the different types of WebSphere User ids
  • understand all the required RACF General Resource Classes
  • describe SSL concepts for WebSphere
  • understand and use certificates and protect them using RACF.

Who Should Attend

The course is suitable for all Security Administrators, Systems Programmers responsible for WebSphere and WebSphere Administrators.


Attendees should have a clear understanding of z/OS at a conceptual level and a working knowledge of RACF. A familiarity with WebSphere and a knowledge of TSO/ISPF and JCL is also required.


1 day

Fee (per attendee)

£660 (ex VAT)


This includes free online 24/7 access to course notes.


Hard copy course notes are available on request from

at £50.00 plus carriage per set.

Course Code



Overview of WebSphere for z/OS

J2EE; Application Servers; WebSphere Application Server (WAS); Application Servers connect to data or transactions; WebSphere Application Server on z/OS; Execution environment; Connecting through an HTTP server; Connecting directly to WebSphere; Configuration options; Entire configuration kept in HFS; The basic component - Application Server; Nodes - collections of servers; Deployment Manager; Node Agent; The Cell; The Daemon; Key terms; Multiple cells allowed; How do we build it?; The Administrative Console; Security.

WebSphere & J2EE Security Overview

Where do you start?; Security terminology overview; WebSphere security introduction; Confidentiality using SSL; Authentication: Local OS (SAF); Authentication: LDAP; Authentication: Custom User Registry; Authentication: Trust Association Interceptor; Authorisation to servlets and EJBs; RunAS - delegation/surrogacy; Programmatic security -servlet; Programmatic security - EJB; Java Authorization Contract for Containers (JACC); WebSphere and Tivoli Access Manager.

Understanding the RACF Jobs

High-level view of the configuration process; Output of customisation scripts; SSL networked deployment; SSL Keyring; Userids & Groups for the Base App Server; High-level view of the configuration process; Creating the Security Domain; Define Common Group & Userids; CA certificate; EJBROLES; High-level view of the configuration process; Creating the Base AppServer; Define Userids; Assigning Userids to Started Tasks; SSL in base configuration; Keyring for Servant; Keyring for Administrator Client; SSL in base configuration; Access to server; Access to controller; Access to WLM functions; High-level view of the configuration process; Creating the Development Manager; Certificate for the Development Manager; Development Manager profiles; Empty Managed Node.

Enabling Global Security

What is 'Global Security'?; When to enable Global Security; Global Security & SSL; Preparing for Global Security; Java 2 security; Enabling Global Security; Troubleshooting Global Security problems; Deactivating Global Security.

Enabling Basic Authentication

Introduction; HTTP Basic Authentication overview; WebSphere Basic Authentication; HTTP Basic Authentication considerations; Authentication is just the beginning; Enabling HTTP Basic Authentication; Why would multiple roles need access to an application?; Different role names?; What is a 'Security Constraint'?; Login authentication; Adding a Role; Security Constraints; Resource collection; Web.xml.

Enabling Form-Based Authentication

Introduction; Form Based Authentication overview; Form Based Authentication considerations; WebSphere Form-Based Authentication; Implementation overview; Enabling Form Based Authentication.

CICS Connector Security

Introduction; Where do connectors fit in J2EE?; AppServers connect to data/transactions; Components; J2EE connector architecture; J2EE connector architecture; Authentication data entries; Defining Authentication Alias; Alias selection; Resource authentication; Resource authentication for Bean; Resource authentication; CICS connector specifics; CICS connection identity; CICS connector authorities; Additional RACF profile definitions; Selecting CICS connection identity: server; Selecting CICS connection identity: caller; Selecting CICS connection identity: Role; Selecting CICS connection identity: EJBs; Authorization; Thread identity support; CICS or IMS local connection; CICS or IMS remote connection.

JDBC Connector Security

JDBC; JDBC connector: BMP EJBs; JDBC Connector: BMP EJBs; Thread identity support; Defining Authentication Alias; JDBC connector: BMP Beans; JDBC connector: CMP Beans; Authorization; JDBC connection.

© RSM Technology 2022