In this scenario, CICS® Transaction Gateway and CICS Transaction Server are both on z/OS®. User security information (the distributed identity) is held in IBM® Tivoli® Directory Server and, when it is passed to CICS Transaction Server, the identity is mapped to a user ID in RACF®.
This scenario uses WebSphere® Application Server and the CICS Transaction Gateway ECI resource adapter on AIX®. The CICS Transaction Gateway configuration file has the default name ctg.ini.
Component | Parameter | Where set | Example value |
---|---|---|---|
WebSphere Application Server |
Application security |
WebSphere Admin Console |
Enable application security (check box) |
WebSphere Application Server |
Authentication method |
WebSphere Admin Console |
CTG_idprop (the name of the identity propagation login module) |
CICS TG |
APPLID |
PRODUCT section of ctg.ini |
MYAPPL |
CICS TG |
APPLIDQUALIFIER |
PRODUCT section of ctg.ini |
MYQUAL |
CICS TG |
Server name |
IPICSERVER section of ctg.ini |
CICSA |
CICS TG |
HOSTNAME |
IPICSERVER section of ctg.ini |
cicssrv2.company.com |
CICS TG |
PORT |
IPICSERVER section of ctg.ini |
50889 |
CICS TS |
TCPIPService |
TCPIPService definition |
IPICSRV (must match the TCPIPService specified in the IPCONN definition in CICS) |
CICS TS |
Portnumber |
TCPIPService definition |
50889 (must match the IPICSERVER PORT specified in the ctg.ini file) |
CICS TS |
APplid |
IPCONN definition on the CICS server |
MYAPPL (must match the APPLID specified in the ctg.ini file) |
CICS TS |
Networkid |
IPCONN definition on the CICS server |
MYQUAL (must match the APPLIDQUALIFIER specified in the ctg.ini file). |
CICS TS |
TCPIPService |
IPCONN definition on the CICS server |
IPICSRV (must match the name of the TCPIPService in CICS) |
CICS TS |
Userauth |
IPCONN definition on the CICS server |
Must be set to Identify |
CICS TS |
IPConn |
IPCONN definition on the CICS server |
IPICIP |
RACF |
USERID |
RACF resource access list |
TESTID |
RACF |
USERDIDFILTER |
RACF resource access list |
uid=CTGuser1,ou=TMS,dc=CTGTest,o=COMPANYCTG |
RACF |
REGISTRY |
RACF |
ctg-test-registry.company.com:389 |