Which authentication method can I use with CICS access methods?
Your options for authentication depend on how you access CICS®. This topic describes the security tokens that can be configured in CICS for different access methods. Many of the access methods provide exit points where you can write your own code to provide additional support for security tokens.
The table shows the authentication options for ways into CICS that use security tokens. No security tokens are used for the following ways into CICS; trusted connections are used to pass user IDs:
- CICS MQ adapter
- Db2®
- EXCI
- IMS
- IPIC (CICS to CICS)
- MRO
- Node.js
| Passwords and passphrases | PassTickets (1) | MFA | X.509 certificates | JWT | OAuth 2.0 or OpenID Connect | Kerberos | SAML(3) | LTPA | ICRX | |
|---|---|---|---|---|---|---|---|---|---|---|
| Web service provider | ✓ | ✓ | No | ✓ | No | No | ✓ | ✓ | No | ✓ |
| CICS Liberty web application | ✓ | ✓ (2) | ✓ (2) | ✓ | ✓ | ✓ | No | No | ✓ | No |
| IPIC (non-CICS client, such as CICS Transaction Gateway) | ✓ | ✓ | No | ✓ | No | No | No | No | No | ✓ |
| CICS web support | ✓ | ✓ | No | ✓ | No | No | No | No | No | No |
| CICS-MQ Bridge | ✓ (Passwords only. Passphrases are not supported.) | ✓ | No | No | No | No | No | No | No | No |
| 3270 | ✓ | ✓ | ✓ | No | No | No | ✓ | No | No | No |
| APPC | ✓ | ✓ | No | No | No | No | No | No | No | No |
- PassTickets can be used if there is a low transaction rate (<1 per second). Multi-use PassTickets can also be used.
- PassTickets and MFA tokens can be used to authenticate the first time, if used with LTPA tokens.
- 6.3 beta Support for SAML using the CICS Security Token Service is removed as of CICS TS 6.3.