Re: Authenticate with RACF from Web App

Fri, 17 Jul 2009 08:12:23 -0700 

If you have CICS web services (included free with CICS 3.1 and above), you can 
call a CICS web service that executes a CICS "verify password" command.  This 
gives you various return codes for the conditions that you mentioned, which you 
can pass back to your web app.  Sample CICS code:

EXEC CICS VERIFY                 
          PASSWORD(WS-PASSWORD)  
          USERID(WS-USER-ID)     
          RESP(Resp-Fld)         
          RESP2(Resp2-Fld)       
          END-EXEC.              
                                 
Evaluate Resp-Fld                
  When DFHRESP(NORMAL)           
    Continue                     
  When DFHRESP(NOTAUTH)          
    Perform 2110-NOTAUTH-ERROR   
  When DFHRESP(USERIDERR)        
    Perform 2120-USERIDERR-ERROR 
  When DFHRESP(INVREQ)           
    Perform 2130-INVREQ-ERROR    
  When Other                     
    Perform 7020-CICS-ERROR-STOP 
END-EVALUATE.                    
 

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of 
Bob Bonhard
Sent: Thursday, July 16, 2009 5:11 PM
To: [email protected]
Subject: Authenticate with RACF from Web App

Thanks in advance for all/any advice, direction, samples, expertise related to 
my question.  I was approached by one of our distributed application folks with 
a request that I believe should be very possible to accommodate based on my 
experiences with zOS system sftwr/hdwr, WAS, etc.   
 
The app is web-based running on non-zOS platform.  They would likebe able to 
connect to the mainframe to authenticate a RACF ID/password; if the ID and 
password are OK, continue with the app (possibly return a RC=0 or any other 
"OK");  if ID unknown, pswd wrong, pswd revoked or expired, provide a non-zero 
return code or "not OK" msg with explicit reason, even routing user to a web 
page where they can update an expiring password, correct an invalid password.  
I'm hoping to find something that is *easy* and *cheap* to implement ("free" 
being the key word), and generic enough to be used by any subsequent apps.  I 
figure there has to be an easy way to do this but I don't know what that way 
is, whether a direct call to RACF or USS, some kind of non-html call to the IBM 
HTTP server, WebSphereAS, MQ ... something simple and free. 
 
Thank you,
Bob Bonhard/UPS I.S.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to