Precedence of JWT over asserted user IDs
The identity used by CICS® Transaction Server depends on whether a JSON Web Token (JWT) has been specified and whether a valid mapping exists:
The authorization mechanism at CICS® Transaction Server depends on JWT and security configurations.
The table display the usage of JWT in different scenario and their behavior with respect to CICS Transaction Gateway
Usage | Behavior |
JWT supplied and valid RACF mapping exists | The JWT is used, and any specified user ID is ignored |
JWT supplied but valid RACF mapping does not exist | If a user ID is specified and is valid, that user ID is used. |
JWT is supplied but it is not valid | EciErrSecurityError will be reported for the ECI Request |
JWT not supplied | If fallbackbasicauth attribute in IPIC is set to false then the ECI request will fail with EciErrSecurityError otherwise if a user ID is specified and is valid, that user ID is used. |