When starting a session using Certificate Express Logon, the client establishes an SSL client authentication session with the tn3270 server. During the logon process, a macro with the Certificate Express Logon information is played. Once the session is established, the Host On-Demand client sends the application ID for the application that the user is accessing to the tn3270 server. This information is contained in the logon macro. The tn3270 server uses the client's certificate information from the SSL connection and the application ID received from the client, and requests the user ID and passticket (a temporary password) from the host access control program (such as RACF).
The Host On-Demand client uses the macro function to put predefined substitute strings in the user ID and password fields. The tn3270 server substitutes the user ID and passticket in the appropriate place in the 3270 datastream. The logon is completed.