Configuring identity propagation for a remote mode topology (SC04)

This scenario shows how user security information is passed to CICS® Transaction Server and mapped to a user ID in RACF®.

In this scenario, CICS Transaction Gateway and CICS Transaction Server are both on IBM® z/OS®. User security information (the distributed identity) is held in IBM Tivoli® Directory Server and, when it is passed to CICS Transaction Server, the identity is mapped to a user ID in RACF.

Note: This scenario uses IBM WebSphere® Application Server and the CICS Transaction Gateway ECI resource adapter on IBM AIX®. The CICS Transaction Gateway configuration file has the default name ctg.ini.
This figure shows the topology used in this identity propagation scenario.
Figure 1. Topology used in this identity propagation scenario

Values used in this scenario

Component Parameter Where set Example value

IBM WebSphere Application Server

Application security

IBM WebSphere Admin Console

Enable application security (check box)

IBM WebSphere Application Server

Authentication method

IBM WebSphere Admin Console

CTG_idprop (the name of the identity propagation login module)

CICS TG

APPLID

PRODUCT section of ctg.ini

MYAPPL

CICS TG

APPLIDQUALIFIER

PRODUCT section of ctg.ini

MYQUAL

CICS TG

Server name

IPICSERVER section of ctg.ini

CICSA

CICS TG

HOSTNAME

IPICSERVER section of ctg.ini

cicssrv2.company.com

CICS TG

PORT

IPICSERVER section of ctg.ini

50889

CICS TS

TCPIPService

TCPIPService definition

IPICSRV (must match the TCPIPService specified in the IPCONN definition in CICS)

CICS TS

Portnumber

TCPIPService definition

50889 (must match the IPICSERVER PORT specified in the ctg.ini file)

CICS TS

APplid

IPCONN definition on the CICS server

MYAPPL (must match the APPLID specified in the ctg.ini file)

CICS TS

Networkid

IPCONN definition on the CICS server

MYQUAL (must match the APPLIDQUALIFIER specified in the ctg.ini file)

CICS TS

TCPIPService

IPCONN definition on the CICS server

IPICSRV (must match the name of the TCPIPService in CICS)

CICS TS

Userauth

IPCONN definition on the CICS server

Must be set to Identify

CICS TS

IPConn

IPCONN definition on the CICS server

IPICIP

RACF

USERID

RACF resource access list

TESTID

RACF

USERDIDFILTER

RACF resource access list

uid=CTGuser1,ou=TMS,dc=CTGTest,o=COMPANYCTG

uid=CTGuser1,ou=TMS, dc=CTGTest,o=CTG

RACF

REGISTRY

RACF

ctg-test-registry.company.com:389
The sample configuration and environment variable files for this scenario are:
  • ctg.ini
  • CTGS04A1
The sample files are installed in UNIX directory <install path>/samples/scenarios/sc04 and in the <install.hlq>.SCTGSAMP library.