Configuring identity propagation on RACF
The steps required to configure RACF® for identity propagation.
RACF must contain mappings of distinguished names to RACF user IDs. The distinguished names defined in the mappings must have the same format as they have in the user registry.
For more information about configuring IPIC connections and RACF, see the CICS® Transaction Server documentation.
A command RACMAP is available for creating, deleting, and listing a distributed identity filter.
If changes are required, you can delete the filter, and define a new one. The RACMAP command has the
following functions:
- MAP
- creates a distributed identity filter
- DELMAP
- deletes a distributed identity filter
- LISTMAP
- lists information about a distributed identity filter
RACMAP ID(GUSKI) MAP
USERDIDFILTER(NAME('UID=RICH,OU=Web Sales,O=Rich Radio Ham,L=Internet'))
REGISTRY(NAME('us.richradioham.com'))
WITHLABEL('Rich''s name filter') RACMAP ID(SMITH) MAP
USERDIDFILTER(NAME('uid=JIM,ou=Web Sales,dc=CTGSales, o=HEADOFFICECTG')) -
REGISTRY(NAME('uk.websales.com'))
For more information about the RACMAP command, see the IBM® z/OS® Security Server RACF Command Language Reference.
For more information about the RACMAP command, see theIBM z/OS Security Server RACF Command Language Reference.
Note: It is not possible to modify a distributed identity filter.