Gen EDGE

Hi there,

So basically we want to force the USER ID to contain the value of the CLIENT USER ID.

Our environment is Websphere (client side) and CICS (server side). We're setting the client_user_id in the client side to a particular value, and we want the USER ID present in the server side to contain the value that was set on the client side to the CLIENT USER ID variable.

What've done so far:

1. Customize the CFBDynamicMessageSecurityExit.java user exit:

   • public byte getSecurityType() throws CSUException {

         return SECURITY_ENHANCED;

2. Customize the TIRSECVX user exit:
   • IF ENHANCED-SECURITY-FLAG = 'Y'
     SET SECURITY-USED TO TRUE
3. Customize the TIRCUSRX user exit:
   • By adding adding this to the end of the code:
   • MOVE CLIENT-USERID TO IET-USER-ID.

Our issue is, the value of the CLIENT USER ID is reaching the server side and is for example present in the variable CLIENT-USERID IN TIRSECV-CMCB. in the TIRSECVX user exit. However the CLIENT-USERID (from GLOBDATA) is empty. And there is no variable in the TIRCUSRX which contains the value of the CLIENT USER ID.

Our gen version is 8.5.

We need this because we've multiple applications that are using the USER ID on the server side and solution of passing the value using views is very time consuming.

Thank you,

Best regards,

Ricardo

Ricardo,

  There is a good write-up that documents Security and it can be found in the documentation at docops.ca.com.  Here is a direct link.

Server Security Processing - CA Gen - 8.5 - CA Technologies Documentation 

Please, if this post helped you resolve the problem, kindly click the 'Mark Correct' on his post.

The CA Communities is envisioned to be user(customer) driven where users provide input to Discussions and answers to Questions.  But, it is also monitored by CA Support and others at CA.  While CA Support tries to help on Questions, there are times when it may be more appropriate to open an official case on support.ca.com to get the full attention of CA Support, which is your judgement call.

Hello Ricardo,

You will need to replace MAINLINE that defaults to terminal transactions with the MAINLINE Sample Code for Non-Terminal transactions located in comments within the TIRCUSRX user exit.   This will populate IET-USER-ID.  When using enhanced security you will be using your own logic and/or program to validate UID and PSWD.  This is done in TIRSECVX where the CLIENT-USERID is present.  If you need further assistance, please open a helpdesk case.

Thanks, Letha

Ricardo, 

If you are getting the CLIENT USER ID value in the CLIENT-USERID in TIRSECV-CMCB, did you save that in the CLIENT-USERID of GLOBDATA and then try to pick that up in TIRCUSRX? 

You do not say what value you get returned for TESTUSER in TIRCUSRX (for the EXEC CICS ASSIGN USERID API call) but that would be the userid the server application is executing under, regardless of what version of the TIRCUSRX exit you using. The userid the application is executing under should match the CLIENT-USERID .

Like Letha says, you may need to customize the TIRCUSRX to use the code for non-terminal transactions. You do not say what protocol you using but it probably is TCP/IP (listeners TISRVMSL or TISRVLIS) since you have Java clients and those are non-terminal server transactions.   

And like Letha says, if after all this you still have the problem open a Support Case and we will work thru the details. And then we will post the resolution. 

Regards,

Teresa