Precedence of JWT over asserted user IDs
The identity used by CICS® Transaction Server depends on whether a JSON Web Token (JWT) has been specified and whether a valid mapping exists:
The authorization mechanism at CICS® Transaction Server depends on JWT and security configurations.
The table displays the usage of JWT in different scenario and their behavior with respect to CICS
Transaction Gateway:
| Usage | Behavior |
|---|---|
| JWT supplied and valid RACF mapping exists | The JWT is used and any specified user ID is ignored. |
| JWT supplied but a valid RACF mapping does not exist | If a user ID is specified and is valid, then that user ID is used. |
| JWT is supplied but it is not valid | EciErrSecurityError will be reported for the ECI Request. |
| JWT not supplied | If the fallbackbasicauth attribute in IPIC is set to false, then the ECI request will fail with Cybersecurity. Otherwise, if a user ID is specified and is valid, then that user ID is used. |