Configuring identity propagation on CICS TS

You must configure the TCPIPService and the IPCONN on CICS® TS.

Configuring the TCPIPService on CICS TS

The TCPIPService is a resource that defines the attributes of the IPIC connection, including the listening port.
  1. Use CEDA to define a TCPIPService; for example, IPICSRV. These values are important:
    • The URM is set to NO to prevent the default IPCONN autoinstall program from running.
    • The port number is set for incoming IPIC requests; for example, 50889.
    • The protocol is set to IPIC.
    • The transaction is set to CISS.
    All other values can be left to default. The security section of the TCPIPService is not applicable for the IPIC protocol; security is applied in the IPCONN definition.
  2. Install the CEDA definition.

Configuring the IPCONN on CICS TS

You must define the IPCONN for the incoming IPIC connection.

The following parameters are configured in this step:

Parameter Purpose
APplid Set this to match the APPLID specified in the ctg.ini file.
Networkid Set this to match the APPLIDQUALIFIER specified in the ctg.ini file.
TCPIPService Set this to match the name of the TCPIPService in CICS.
Userauth Set this to Identify.
SENdcount Set this value to zero; for more information, see Configuring IPIC on CICS Transaction Server for z/OS.
  1. Use CEDA to define an IPCONN, for example IPICIP, to include the settings shown in the table. Leave all the other parameters including IDprop with their default settings. The IDprop parameter is not applicable to CICS Transaction Gateway to CICS communication; it is used exclusively for CICS to CICS communication.
    The following example shows an IPCONN definition that has been defined using the CEDA transaction:
    CEDA View Ipconn( IPICIP )
     Ipconn          : IPICIP
     Group           : 
     Description     :
     APplid          : MYAPPL
     Networkid       : MYQUAL
     Host            :
     (Lower Case)    :
     Port            : No        No | 1-65535
     Tcpipservice    : IPICSRV
     Receivecount    : 100       1-999
     SENdcount       : 000       0-999
     Queuelimit      : No        No | 0-9999
     Maxqtime        : No        No | 0-9999
     AUtoconnect     : No        No | Yes
     Inservice       : Yes       Yes | No
     SSl             : No        No | Yes
     CErtificate     : (Mixed Case)
     CIphers         :
     Linkauth        : Secuser | Certuser
     SECurityname    : 
     Userauth        : Identify   Local | Identify | Verify | Defaultuser
     IDprop          : Optional   Not allowed | Optional | Required 
     Xlnaction       : Keep       Keep | Force
  2. Install the IPCONN definition and check that the output from the CEMT INQ IPCONN(IPICIP) command identifies it as Inservice Released (Ins Rel Nos) in the output:
     Ipc(IPICIP) App(MYAPPL ) Net(MYQUAL ) Ins Rel Nos
     Rece(100) Sen(000) Tcp(IPICSRV)