Topic
3 replies Latest Post - ‏2013-08-14T07:48:55Z by Michael_D_Brooks
bobby_tk
bobby_tk
2 Posts
ACCEPTED ANSWER

Pinned topic identity propagation from CICS to IMS across ISC link

‏2013-07-29T09:45:09Z |
Hi,
 
Does anybody on this forum have experience with LU6.1 ISC connections between CICS and IMS? I have a working connection between CICS on one LPAR and IMS on another, and I can have CICS tasks fire IMS transactions with the SEND INVITE + RECEIVE commands. However, I have not been able to find a way to have the resulting IMS transactions run under different user ids. Ideally there would be some sort of identity propagation from the CICS region where an end user is signed on and the IMS region.
 
Thanks for any advice you can give me.

Kind regards,

Bobby Tjassens Keiser

  • JohnKnutson
    JohnKnutson
    2 Posts
    ACCEPTED ANSWER

    Re: identity propagation from CICS to IMS across ISC link

    ‏2013-07-30T12:26:45Z  in response to bobby_tk

    Hi Bobby,

    As I'm sure you are aware, LU6.1 is a pretty old protocol which predates the identity propagation that we have added to CICS IPIC over the past few releases. I have spoken with the CICS team's security specialist who offers two potential options within CICS:

    1. Use attachsec(IDENTIFY) to run with the same userid, and attachsec(LOCAL) USERID(userid) to run under a static userid.
    2. Running under a separate userid could be achieve by starting a separate CICS transaction using START TRANSID(x) USERID(u), with appropriate surrogate authority, and starting the IMS transaction from that task.

    Neither of these options are as flexible as ID Prop, but they may work for you. 

     

     

    • bobby_tk
      bobby_tk
      2 Posts
      ACCEPTED ANSWER

      Re: identity propagation from CICS to IMS across ISC link

      ‏2013-07-30T12:54:59Z  in response to JohnKnutson

      Hi John,

      Thank you for your reply! I hope you don't mind some additional questions? When looking at a CICS manual about attachsec I'm not sure that would work, see: http://pic.dhe.ibm.com/infocenter/cicsts/v4r2/topic/com.ibm.cics.ts.doc/dfht5/topics/dfht51a.html?resultof=%22%61%74%74%61%63%68%73%65%63%22%20. But I will try nevertheless.

      But you've really made me more interested in the capabilities of IPIC connections. Do you by any chance know the minimum levels of CICS and IMS one needs to run in order to exploit IPIC? And could you perhaps point me in the direction of the right manuals that can tell me more about identity propagation with IPIC connections?

      Again, your help is very much appreciated!

      Kind regards,

      Bobby Tjassens Keiser

  • Michael_D_Brooks
    Michael_D_Brooks
    3 Posts
    ACCEPTED ANSWER

    Re: identity propagation from CICS to IMS across ISC link

    ‏2013-08-14T07:48:55Z  in response to bobby_tk

    Hi Bobby,

    you need to use a connection that has been configured with parallel sessions; see http://pic.dhe.ibm.com/infocenter/cicsts/v5r1/topic/com.ibm.cics.ts.intercommunication.doc/topics/dfht12j.html

    You then need to get your application to sign on to one of the sessions using the IMS /SIGN ON command to establish the security credential with IMS. I have discussed this with some of the IMS developers and they tell me that the instructions on how to do this can be found here - http://pic.dhe.ibm.com/infocenter/dzichelp/v2r2/topic/com.ibm.ims12.doc.ccg/ims_eto_stsn_signsupp.htm     and here - http://pic.dhe.ibm.com/infocenter/dzichelp/v2r2/topic/com.ibm.ims12.doc.cr/imscmds/ims_sign.htm

    If these instructions are not clear, or if you have any further questions then please use this forum to raise them and I will try and get answers for you.

    Mike Brooks - CICS TS Comms Technical Planner