Configuring identity propagation for a remote mode topology (SC04)

In this scenario, CICS® Transaction Gateway and CICS Transaction Server are both on z/OS®. User security information (the distributed identity) is held in IBM® Tivoli® Directory Server and, when it is passed to CICS Transaction Server, the identity is mapped to a user ID in RACF®.

This figure shows the topology used in this identity propagation scenario.
Figure 1. Topology used in this identity propagation scenario

This scenario uses WebSphere® Application Server and the CICS Transaction Gateway ECI resource adapter on AIX®. The CICS Transaction Gateway configuration file has the default name ctg.ini.

Values used in this scenario

Component Parameter Where set Example value

WebSphere Application Server

Application security

WebSphere Admin Console

Enable application security (check box)

WebSphere Application Server

Authentication method

WebSphere Admin Console

CTG_idprop (the name of the identity propagation login module)

CICS TG

APPLID

PRODUCT section of ctg.ini

MYAPPL

CICS TG

APPLIDQUALIFIER

PRODUCT section of ctg.ini

MYQUAL

CICS TG

Server name

IPICSERVER section of ctg.ini

CICSA

CICS TG

HOSTNAME

IPICSERVER section of ctg.ini

cicssrv2.company.com

CICS TG

PORT

IPICSERVER section of ctg.ini

50889

CICS TS

TCPIPService

TCPIPService definition

IPICSRV (must match the TCPIPService specified in the IPCONN definition in CICS)

CICS TS

Portnumber

TCPIPService definition

50889 (must match the IPICSERVER PORT specified in the ctg.ini file)

CICS TS

APplid

IPCONN definition on the CICS server

MYAPPL (must match the APPLID specified in the ctg.ini file)

CICS TS

Networkid

IPCONN definition on the CICS server

MYQUAL (must match the APPLIDQUALIFIER specified in the ctg.ini file).

CICS TS

TCPIPService

IPCONN definition on the CICS server

IPICSRV (must match the name of the TCPIPService in CICS)

CICS TS

Userauth

IPCONN definition on the CICS server

Must be set to Identify

CICS TS

IPConn

IPCONN definition on the CICS server

IPICIP

RACF

USERID

RACF resource access list

TESTID

RACF

USERDIDFILTER

RACF resource access list

uid=CTGuser1,ou=TMS,dc=CTGTest,o=COMPANYCTG

RACF

REGISTRY

RACF

ctg-test-registry.company.com:389

The following sample configuration and environment variable files for this scenario are available for you to download:

Steps in this scenario


Information Information

Feedback


Timestamp icon Last updated: Tuesday, 19 November 2013


https://ut-ilnx-r4.hursley.ibm.com/tgzos_latest/help/topic/com.ibm.cics.tg.zos.doc//ctgzos/sc_idprop_ovr.html