Determining the RACF user ID associated with a certificate

The RACFUserid class can be used in conjunction with the CICS® Transaction Gateway security exit to map an ECI request to a RACF® user ID, based on the distinguished name in the SSL client certificate. The class has the following methods:

Create a RACFUserid as follows:
RACFUserid myUseridObject = new RACFUserid(myCertificate);

This creates an object and automatically populates it with certificate data, without needing to call the setCertificate(byte[] clientCertificateData); method. When the object has been created, the getRACFUserid() method can be used to make a native RACF call to determine the user ID associated with the certificate data. If successful, it returns a string containing the user ID.

The SSLServerCompression.java class in the <install_path>samplesjavacomibmctgsamplessecurity subdirectory shows an example of how to use the RACFUserid class.

For more information on the com.ibm.ctg.util.RACFUserid class, see Class RACFUserid.


Information Information

Feedback


Timestamp icon Last updated: Tuesday, 19 November 2013


https://ut-ilnx-r4.hursley.ibm.com/tgzos_latest/help/topic/com.ibm.cics.tg.zos.doc//ctgzos/mapcert.html