...
When Express Logon is used, the host and client first negotiate a normal SSL connection. After establishing the connection, they negotiate the Telnet Environment option (based on RFC 1572) during which both indicate that they support Express Logon. After the connection has been established, a user script is executed that first enters the host application ID. Then the client sends the IBM Elf application ID and indicates that he wants to start the Express Logon. Finally, placeholders for the user ID and password are sent to the host. The host uses the actual user ID and password that are associated with the previously sent client certificate to log the user on to the application.
Here is a sample Express Logon script:
REM
REM - ELF LOGON SCRIPT FOR XYZ SERVER
REM
REM - TO USE THIS SCRIPT, YOU MUST ENABLE SSL CONNECTION AND SELECT
REM - A VALID CLIENT CERTIFICATE RECOGNIZED BY THE HOST
REM
REM - Wait for the initial connection and SSL handshake to finish. The
REM - text to look for may vary for different applications
LOOKFOR "Application Required."
REM - Enter the host application ID (this may vary for your script)
TYPE TSO
KEY ENTER
REM - Wait for the user id screen (where you would normally enter your user ID)
REM - The text to look for depends on your host application
LOOKFOR "ENTER USERID"
REM - Send the IBM ELF application id (in this case TSOQLT1)
REM - This must be done just before entering the user ID placeholder.
ELF_LOGON TSOQLT1
REM - Enter the user id placeholder
ELF_USER
KEY ENTER
REM - Wait for password screen
LOOKFOR "Password ===>"
REM - Enter password placeholder
ELF_PASSWORD
KEY ENTER
The ELF_PASSWORD and ELF_USER commands only send placeholders to the host which are then substituted by the host for the real user ID and password associated with the previously sent client certificate.
...