How to configure basic authentication from CICS

Configure basic authentication from CICS® to a IBM z/OS Connect Server.

This task is applicable when z/OS Connect is used as an API requester.

About this task

To use basic authentication to authenticate your CICS application, you must.
  • Pass the user's credentials from CICS to the z/OS Connect Server by using either:
    • Parameters on the Host API BAQINIT call from the CICS application.
    • The CICS XWBAUTH user exit.
  • If also using the CICS XWBAUTH user exit, customize the supplied URIMAP BAQHZCON with the following specifications,
    • USAGE(CLIENT) because CICS is the HTTP client.
    • AUTHENTICATE(BASIC) to indicate that the user ID and password credentials are to be provided by the XWBAUTH global user exit.

Note that your CICS application should not provide credentials in an EXEC CICS WEB SEND or WEB CONVERSE command as this is not supported by z/OS Connect and will be ignored.

To send the user credentials from the CICS application to the z/OS Connect Server as parameters on the Host API BAQINIT call use the BAQ-ZCON-PARAMETERS structure in the supplied BAQHAREC COBOL copybook. For each parameter to be passed, create an instance of the BAQ-ZCON-PARMS structure and set the BAQ-ZCON-PARM-NAME, BAQ-ZCON-PARM-ADDRESS and BAQ-ZCON-PARM-LENGTH values. For example,

       WORKING-STORAGE SECTION. 
      * API requester Host API required copybooks
       COPY BAQHAREC.
       COPY BAQHCONC.
     ...
      * User credentials for basic authentication
       01 MY-USER PIC X(10) VALUE 'myusername'. 
       01 MY-PSWD PIC X(10) VALUE 'mypassword'.
       PROCEDURE DIVISION.
     ...
      * Set user credentials
           MOVE BAQZ-SERVER-USERNAME 
             TO BAQ-ZCON-PARM-NAME OF BAQ-ZCON-PARMS(1) 
           SET BAQ-ZCON-PARM-ADDRESS OF BAQ-ZCON-PARMS(1) 
             TO ADDRESS OF MY-USER 
           MOVE LENGTH OF MY-USER 
             TO BAQ-ZCON-PARM-LENGTH OF BAQ-ZCON-PARMS(1) 
           MOVE BAQZ-SERVER-PASSWORD 
             TO BAQ-ZCON-PARM-NAME OF BAQ-ZCON-PARMS(2) 
           SET BAQ-ZCON-PARM-ADDRESS OF BAQ-ZCON-PARMS(2) 
             TO ADDRESS OF MY-PSWD 
           MOVE LENGTH OF MY-PSWD 
             TO BAQ-ZCON-PARM-LENGTH OF BAQ-ZCON-PARMS(2). 
      * Make the BAQINIT call
...

For more information, see CICS as an HTTP client: authentication and identification, HTTP client send exit XWBAUTH and URIMAP attributes in the CICS documentation.