Setting up CMCI in a CICS region with active security

To set up CMCI with active security in a single CICS® region (SMSS), you must change the settings in the sample definitions. Copy and rename the samples, then change the TCPIPSERVICE definition to enable security, and update the URIMAP definition to refer to the updated TCPIPSERVICE definition.

About this task

You can choose to use either HTTP basic authentication, or for a higher level of security, secure sockets layer (SSL) authentication. See Security for CICS Web support for information about the security measures you can use to protect access to the interface.

If security is active, messages produced by auditing system programming interface commands contain the user ID used to log on to CICS Explorer®.

To set up the CICS management client interface with active security using the sample definitions, use the following procedure.

Procedure

Copy and rename the sample TCPIPSERVICE definition, DFH$WUTC, and the sample URIMAP definition, DFH$WUUR.
These samples are included in the CICS system definition file (CSD) in group DFH$WU.
Change the TCPIPSERVICE definition to incorporate the security features that you want.
See Creating TCPIPSERVICE resource definitions for CICS web support for guidance about creating TCPIPSERVICE definitions that include security for web clients.
Change the TCPIPSERVICE attribute in your URIMAP definition to refer to your renamed TCPIPSERVICE.
You can also change the SCHEME attribute from HTTP to HTTPS, but this is not essential because this change is made automatically to an installed URIMAP if its associated TCPIPSERVICE has security enabled.
Install the definitions into your CICS region.
See Ways of defining CICS resources for an explanation of the methods that you can use to install these resource definitions.
Note: You must define the CWWU and CWXN transactions to RACF®, or an equivalent external security manager, and ensure that CMCI users are authorized to access the transactions.