Yes, the above steps will also work for CICS TS 5.6.
Original Message:
Sent: Thu October 31, 2024 06:49 PM
From: Dan Kalmar
Subject: Associating a USERID with a CICS-Liberty transaction
Thanks...I will review these steps. Will same work at CICS 5.6 level?
------------------------------
Dan Kalmar
Original Message:
Sent: Wed October 30, 2024 08:31 AM
From: Eric Phan
Subject: Associating a USERID with a CICS-Liberty transaction
Hi Dan,
Yes there is a way to do that, an example scenario is described in IBM Docs and the configuration steps are on the related page.
Just as a checklist, you'll need to:
- Enable a user registry in the Liberty server (I would assume a SAF registry)
- Enable TLS mutual authentication in the Liberty server (clientAuthentication attribute of the ssl configuration element)
- Enable the CICS security feature in the Liberty server (cf. feature info)
- Configure security constraints in the web application (at least one role needs to be defined, so that authentication is enforced)
- Verify which mechanism is used to map the client certificate to a user ID (cf. certificate mapping)
Hope that helps
------------------------------
Eric Phan
Original Message:
Sent: Tue October 29, 2024 06:53 AM
From: Dan Kalmar
Subject: Associating a USERID with a CICS-Liberty transaction
When sending a REST api request into a Liberty CICS server using TLS handshaking,
is there a way to have the userid associated with the client side certificate
to be used as the USERID running the CICS
transaction that is started on behalf of the REST request ?
------------------------------
Dan Kalmar
------------------------------