A distributed identity takes precedence over user IDs that have been asserted directly using other mechanisms.
The identity used by CICS® Transaction Server depends on whether a distributed identity has been specified and whether a valid mapping exists:
Distributed identity supplied and valid RACF mapping exists | Distributed identity supplied but valid RACF mapping does not exist | Distributed identity not supplied |
---|---|---|
The distributed identity is used and any specified user ID is ignored. | If a user ID is specified and is valid, that user ID is used. | If a user ID is specified and is valid, that user ID is used. |
If a user is not authenticated by the WebSphere® Application Server user registry, a distributed identity is not used even if the CICS Transaction Gateway identity propagation login module is enabled. In this situation, if a user ID has been specified in the connection factory or application, that user ID is used.