Configuring identity propagation on CICS TS

You must configure the TCPIPService and the IPCONN on CICS® TS.

Configuring the TCPIPService on CICS TS

The TCPIPService is a resource that defines the attributes of the IPIC connection, including the listening port.
  1. Use CEDA to define a TCPIPService; for example, IPICSRV. These values are important:
    • The URM is set to NO to prevent the default IPCONN autoinstall program from running.
    • The port number is set for incoming IPIC requests; for example, 50889.
    • The protocol is set to IPIC.
    • The transaction is set to CISS.
    All other values can be left to default. The security section of the TCPIPService is not applicable for the IPIC protocol; security is applied in the IPCONN definition.
  2. Install the CEDA definition.

Configuring the IPCONN on CICS TS

You must define the IPCONN for the incoming IPIC connection.

The following parameters are configured in this step:

Parameter Purpose
APplid Set this to match the APPLID specified in the ctg.ini file.
Networkid Set this to match the APPLIDQUALIFIER specified in the ctg.ini file.
TCPIPService Set this to match the name of the TCPIPService in CICS.
Userauth Set this to Identify.
SENdcount Set this value to zero; for more information, see Configuring IPIC on CICS Transaction Server for z/OS.
  1. Use CEDA to define an IPCONN, for example IPICIP, to include the settings shown in the table. Leave all the other parameters including IDprop with their default settings. The IDprop parameter is not applicable to CICS Transaction Gateway to CICS communication; it is used exclusively for CICS to CICS communication.
    The following example shows an IPCONN definition that has been defined using the CEDA transaction:
    CEDA View Ipconn( IPICIP )
 Ipconn          : IPICIP
 Group           : 
 Description     :
IPIC CONNECTION IDENTIFIERS
 APplid          : MYAPPL
 Networkid       : MYQUAL
 Host            :
 (Lower Case)    :
 Port            : No        No | 1-65535
 Tcpipservice    : IPICSRV
IPIC CONNECTION PROPERTIES
 Receivecount    : 100       1-999
 SENdcount       : 000       0-999
 Queuelimit      : No        No | 0-9999
 Maxqtime        : No        No | 0-9999
OPERATIONAL PROPERTIES
 AUtoconnect     : No        No | Yes
 Inservice       : Yes       Yes | No
SECURITY
 SSl             : No        No | Yes
 CErtificate     : (Mixed Case)
 CIphers         :
 Linkauth        : Secuser | Certuser
 SECurityname    : 
 Userauth        : Identify   Local | Identify | Verify | Defaultuser
 IDprop          : Optional   Not allowed | Optional | Required 
RECOVERY
 Xlnaction       : Keep       Keep | Force
  2. Install the IPCONN definition and check that the output from the CEMT INQ IPCONN(IPICIP) command identifies it as Inservice Released (Ins Rel Nos) in the output:
    CEMT I IPCONN
 STATUS: RESULTS - OVERTYPE TO MODIFY
 Ipc(IPICIP) App(MYAPPL ) Net(MYQUAL ) Ins Rel Nos
 Rece(100) Sen(000) Tcp(IPICSRV)