Using IBM® WebSphere MQ-CICS bridge to control authentication

The WebSphere® MQ-CICS bridge is the control point for establishing the authentication level required.

Application programmers who want to code the service requestor to use the WebSphere MQ-CICS bridge, should see the WebSphere MQ Application Programming Guide and the WebSphere MQ Application Programming Reference.

  1. Using the AUTH parameter that is passed to the CICS® bridge monitor task at startup, the authentication level required for the CICS bridge link task is established. If you are using FEPI with PassTickets, you must set the AUTH parameter to a value other than LOCAL.

    See the WebSphere MQ for OS/390® V2R1 System Management Guide for information on Security considerations while using WebSphere MQ with CICS.

  2. Based on the authentication level requested and on the userid or password or both in the request message (MQMD header structure and MQCIH header structure, respectively), checks are made to ensure the user has the authority to run the particular CICS bridge link task.
  3. Subsequent CICS Service Flow Runtime programs and processes will run in CICS under the authentication level that was established for the CICS bridge link task. See the CICS Business Transaction Services manual for information on security.

The authentication level required for the CICS bridge monitor task is controlled and determined by the mechanism used to initiate the task. See the WebSphere MQ for OS/390 V2R1 System Management Guide for information on security considerations for using WebSphere MQ with CICS .

To establish different levels of authentication, it is possible to initiate multiple bridge monitor tasks with different AUTH parameters specified. One potential scenario might have request messages with varying degrees of importance processed by separate bridge monitor tasks, each with a specific level of authority.

The service requestor would send request messages at one level of importance to one queue. The service requestor would send request messages at a different level of importance to a different queue.

When a CICS application is accessed via FEPI, a PassTicket can be requested that is used in conjunction with the original userid to sign on to the application. See the CICS Front End Programming User's Guide for information on how to use PassTickets .