IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Delivered
Workspace CICS Transaction Server for z/OS
Categories Runtime
Created by Guest
Created on Mar 5, 2013

RELATED IDEAS

CICS SAML support - scenario 3 - create a SAML assertion

1. Channel services sends SOAP request message to CICS
2. SSL server authentication between channel services and CICS
3. CICS provider pipeline authenticates service requester (using mechanism other than SAML)
RACF user id is associated with Inbound DCR task
4. DPL to AOR to run target business logic program
5. DPL to Outbound DCR for outbound service call (INVOKE SERVICE)
6. Application or custom message handler creates SAML assertion containers including identity and entitlements.
REMARK (March 1st): The identity set for the outbound SAML assertion will depend on whether the CICS task has been initiated by a real user or automatically by another system. <MR> We are considering situtions where we have user initiated requests (some human being sat at a device interacting with HSBC) and ‘headless' requests – things just happen usually related to some external or timed event. For example, we have integration between batch and CICS. We have diarised processing that takes place at an appointed date/time or after an interval expires following the last time time we did this. We have background transactions that are polling something (e.g. MQ Q, TSQ, DB2 table etc…) that runs periodically to mop up any work accumulated since the last time it ran. Etc… So if we do have the identity of a human being, we'd want to use that. If we don't and all we have is what's available from the environment – e.g. CICS region name, transaction id etc… - we'd have no option but to fabricate an ‘id' for the purposes of the SAML </MR>
7. CICS requester pipeline security processing signs SAML token with CICS region's private key and attaches as WS-Sec header to SOAP request message
REMARK (March 1st): A RACF keystore is the most likely implementation for storing certificates.
REMARK (March 1st): The X.509 certificate containing the CICS public key is sent with the message. <MR> our interpretation of WS-SEC means we intend to send the X509 with every message. We should confirm that is still the case with our colleagues in IT & Security though – the collective thinking may have moved on since the last time I saw a sample message.
8. SSL server authentication between CICS and channel services

Idea priority Medium
  • Guest
    Reply
    |     Oct 5, 2015

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - Servers and Systems Software
    Product family - Transaction Processing
    Product - CICS Transaction Server

    For recording keeping, the previous attributes were:
    Brand - WebSphere
    Product family - Transaction Processing
    Product - CICS Transaction Server

  • Guest
    Reply
    |     Jun 13, 2014

    This requirement is satisfied by CICS TS 5.2 which is generally available from June 13th 2014.

  • Guest
    Reply
    |     Apr 14, 2014

    This requirement is satisfied by CICS TS 5.2 which was announced 7th April 2014 with a planned general availability date of June 13th 2014. For more information see the IBM CICS Transaction Server for  z/OS, V5.2 announcement letter

    http://www.ibm.com/common/ssi/cgi-bin/ssialias?infotype=an&subtype=ca&supplier=897&letternum=ENUS214-107

  • Guest
    Reply
    |     Apr 9, 2014

    This requirement is satisfied by CICS TS 5.2 which was announced 7th April 2014 with a planned general availability date of June 13th 2014. For more information see the IBM CICS Tools for  z/OS, V5.2 announcement letter

    http://www.ibm.com/common/ssi/cgi-bin/ssialias?infotype=an&subtype=ca&supplier=897&letternum=ENUS214-107

  • Guest
    Reply
    |     Jan 29, 2014

    This is something we would like to address. The RFE is being moved into 'Planned for Future release' status.  Please note:
    IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.   Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.