IPIC connections enforce link security to restrict the resources that can be accessed over a connection to a CICS® server, bind security to prevent an unauthorized client system from connecting to CICS, and user security to restrict the CICS resources that can be accessed by a user. If the CICS server supports password phrases, a password phrase can be used for user security.
There are two ways that you can specify the link user for IPIC connections. You can use the SECURITYNAME attribute, or an SSL certificate in the IPCONN definition in CICS. You can use an SSL certificate if you have a client authenticated SSL connection. The client's certificate is mapped by RACF® to a specific user ID, which is defined as the link user. This means that you can specify different link users, depending on which certificate you are using.
The IPCONN resource must refer to a
TCPIPSERVICE definition that is configured for SSL and client authentication.
The certificate must be mapped in RACF to
your chosen user ID. For more information on certificate mapping,
see the CICS Transaction
Server Information Center.
For IPIC connections bind security is implemented using a client authenticated SSL connection. In this configuration the Java client application or CICS Transaction Gateway need to be authenticated by the CICS server before they are able to successfully connect. This prevents an unauthorized system from connecting.
If you are using the ECI base classes, set the user ID and password or password phrase (if required) on the ECIRequest.
Identity propagation can be used as an alternative to specifying a user ID, for more information, see Identity propagation.
A user ID can also be obtained from a mapping of an SSL client certificate.