Precedence of JWT over asserted user IDs
The identity used by CICS® Transaction Server depends on whether a JSON Web Token (JWT) has been specified and whether a valid mapping exists:
The authorization mechanism at CICS® Transaction Server depends on JWT and security configurations.
The table display the usage of JWT in different scenario and their behavior with respect to CICS Transaction Gateway
|JWT supplied and valid RACF mapping exists||The JWT is used, and any specified user ID is ignored|
|JWT supplied but valid RACF mapping does not exist||If a user ID is specified and is valid, that user ID is used.|
|JWT is supplied but it is not valid||EciErrSecurityError will be reported for the ECI Request|
|JWT not supplied||If fallbackbasicauth attribute in IPIC is set to false then the ECI request will fail with EciErrSecurityError otherwise if a user ID is specified and is valid, that user ID is used.|