Configurations that support identity propagation

A range of products and network topologies support identity propagation.

Products that support identity propagation

The following IBM® products support identity propagation:

Network topology for using identity propagation

Identity propagation is supported when connecting to CICS using an IPIC connection. A client authenticated SSL connection is required unless CICS Transaction Gateway and CICS Transaction Server are on z/OS and on the same sysplex

For more information about the topologies that are supported by CICS Transaction Gateway, see Deployment topologies.

The following example shows identity propagation in a remote mode topology:

Figure 1. Example of identity propagation in a remote mode topology

The user security information consists of a distinguished name and a realm name. The distinguished name uniquely identifies an entry within a user registry. The realm name represents a named collection of users and groups that can be used in a specific security context.

When the user has been authenticated in WebSphere Application Server, the security information is passed unchanged as a distributed identity to CICS. The distributed identity is mapped to a RACF user ID, which is used for authorization by CICS.


Information Information

Feedback


Timestamp icon Last updated: Tuesday, 19 November 2013


https://ut-ilnx-r4.hursley.ibm.com/tgzos_latest/help/topic/com.ibm.cics.tg.zos.doc//ctgzos/idprop_end2end.html