Configuring identity propagation on RACF

The steps required to configure RACF® for identity propagation.

RACF must contain mappings of distinguished names to RACF user IDs. The distinguished names defined in the mappings must have the same format as they have in the user registry.

For more information about configuring IPIC connections and RACF, see the CICS® Transaction Server documentation.

A command RACMAP is available for creating, deleting, and listing a distributed identity filter. If changes are required, you can delete the filter, and define a new one. The RACMAP command has the following functions:
MAP
creates a distributed identity filter
DELMAP
deletes a distributed identity filter
LISTMAP
lists information about a distributed identity filter
Examples:
RACMAP ID(GUSKI) MAP 
   USERDIDFILTER(NAME('UID=RICH,OU=Web Sales,O=Rich Radio Ham,L=Internet'))
   REGISTRY(NAME('us.richradioham.com')) 
   WITHLABEL('Rich''s name filter') 
RACMAP ID(SMITH) MAP 
		USERDIDFILTER(NAME('uid=JIM,ou=Web Sales,dc=CTGSales, o=HEADOFFICECTG')) - 
		REGISTRY(NAME('uk.websales.com')) 
 

For more information about the RACMAP command, see the IBM® z/OS® Security Server RACF Command Language Reference.

Note: It is not possible to modify a distributed identity filter.