You can enable network security credentials to be passed to IMS from a user-written IMS Connect client application that uses the HWSSMPL0 or the HWSSMPL1 user message exit routine. After the network security credentials are passed to IMS, the credentials are audited in IMS log records and associated with the IMS transaction.
If network security credentials are passed in the inbound message to IMS, the credentials can also be passed by IMS in a synchronous callout message if the callout request is initiated by an ICAL call.
If you require your user-written IMS Connect client application to support network security credentials when IMS issues a callout request and your application issues a RESUME TPIPE call, your must define the RESUME TPIPE call to support the credentials.
Tip: If you pass network security credentials to IMS from an application that uses the HWSSMPL0 or the HWSSMPL1 user message exit routine, consider enabling the BPE External Trace facility for the IMS Connect Recorder Trace facility. When network security credentials from user-written IMS Connect client applications are passed to IMS, the size of both input and output messages to and from IMS Connect might be larger than 670 bytes and the BPE External Trace facility would be required to capture the data of the entire message.
Procedure
-
Use IRM extensions to pass network security credentials to IMS Connect from an application that uses the HWSSMPL0 or the HWSSMPL1 user message exit routine.
Use an IRM extension with an ID of *NETUID* to pass a network user ID, which can be 1 - 246
bytes in length. Use an IRM extension with an ID of *NETSID* to pass a network session ID, which can
be 1 - 256 bytes in length.
After the network security credentials are passed to IMS Connect, the HWSSMPL0 or the HWSSMPL1 user message exit routine builds the security-data section of the OTMA message prefix to include the credentials.
-
To generate the DSECTs, HWSECDNDS and HWSECARDS, for the network security information that are
included in the OTMA message prefix, specify both of the following options in the HWSOMPFX
macro:
DSECT=- Generates an individual DSECT for each section of the OTMA header. However, the HWSECDNDS and
HWSECARDS DSECTS are not generated.
NETSEC_OPT=YES- Generates the HWSECDNDS and HWSECARDS DSECTs if you also specify the
DSECT=
option.
-
Modify
code that uses the HWSOMPFX macro to map the OTMA header. If network security credentials are
included in the security-data section, the size of the security section might vary and cause the
locations of the fields that are below the security section to also change and become
inaccessible.
To inspect or modify any section of the OTMA header so that the data in the header can be accessed,
do the following steps:
-
Inspect
the values of the OMCTLPFL field to determine whether the state data, security data, user data, and
application data sections exist in the message.
-
To
access a specific section in the OTMA header, use the values of the OMCTLLEN, OMHDRLEN, OMSECLEN,
and OMUSRLEN fields, if present, to skip over the message's control data, state data, security data,
and user data sections, respectively.
-
To enable a user-written IMS Connect client application that uses the HWSSMPL0 or the HWSSMPL1 user message exit routine to support network security credentials in IMS callout requests, define the RESUME TPIPE call with the following field specifications in the IRM prefix. If the following field specifications are not defined, IMS removes the distributed network security credentials from the security-data section of the OTMA message prefix in the callout request.
- IRM_ARCH
- X'05' (IRM_ARCH5)
- IRM_F6
- X'80' (IRM_F6_NWSE)