It is possible with MQSeries if application is using this product. The midrange WAS/Web page can connect to MQ on Z/OS and put a request message. This message has a extra header i.e. MQCIH which has password for userid and also has information regarding CICS transaction or program to link after successful authentication. Setup this MQ queue to trigger CKBR transaction on first message which will actually authenticates userid and password in RACF before proceeding further. CKBR interface also communicate back to the requestor if the userid/password is incorrect. There are different authentication settings in CKBR like to verify a password or not or to verify a password for every UOW. etc.
Dinesh Thakur Regional DB/MQ Integration -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Bob Bonhard Sent: Friday, July 17, 2009 6:11 AM To: [email protected] Subject: Authenticate with RACF from Web App Thanks in advance for all/any advice, direction, samples, expertise related to my question. I was approached by one of our distributed application folks with a request that I believe should be very possible to accommodate based on my experiences with zOS system sftwr/hdwr, WAS, etc. The app is web-based running on non-zOS platform. They would likebe able to connect to the mainframe to authenticate a RACF ID/password; if the ID and password are OK, continue with the app (possibly return a RC=0 or any other "OK"); if ID unknown, pswd wrong, pswd revoked or expired, provide a non-zero return code or "not OK" msg with explicit reason, even routing user to a web page where they can update an expiring password, correct an invalid password. I'm hoping to find something that is *easy* and *cheap* to implement ("free" being the key word), and generic enough to be used by any subsequent apps. I figure there has to be an easy way to do this but I don't know what that way is, whether a direct call to RACF or USS, some kind of non-html call to the IBM HTTP server, WebSphereAS, MQ ... something simple and free. Thank you, Bob Bonhard/UPS I.S. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
