Precedence of distributed identities over asserted user IDs

A distributed identity takes precedence over user IDs that have been asserted directly using other mechanisms.

The identity used by CICS® Transaction Server depends on whether a distributed identity has been specified and whether a valid mapping exists:

Distributed identity supplied and valid RACF mapping exists Distributed identity supplied but valid RACF mapping does not exist Distributed identity not supplied
The distributed identity is used and any specified user ID is ignored. If a user ID is specified and is valid, that user ID is used. If a user ID is specified and is valid, that user ID is used.

If a user is not authenticated by the WebSphere® Application Server user registry, a distributed identity is not used even if the CICS Transaction Gateway identity propagation login module is enabled. In this situation, if a user ID has been specified in the connection factory or application, that user ID is used.


Concept Concept

Feedback


Timestamp icon Last updated: Tuesday, 19 November 2013


https://ut-ilnx-r4.hursley.ibm.com/tgzos_latest/help/topic/com.ibm.cics.tg.zos.doc//ctgzos/idprop_userid.html