CICS Client authentification for webservice

Hello, I am trying to figure out how to authentificate CICS (client) when accessing web service hosted on another server. Easy way according to documentation should be configuring TCPIPSERVICE with AUTHENTICATE(BASIC). This will cause service provider to ask for user id and password – these I would like to attach in original request so how that could be done? Directly in Realm or I have to refer to these credentials using realm? Where it should be then?

Based on https://www.ibm.com/support/knowledgecenter/en/SSGMCP_5.2.0/com.ibm.cics.ts.internet.doc/topics/dfhtl2a.html after connection attempt, WWW-Authenticate header should be passed with credentials (based on the realm). Document mention also “Web clients can store the authentication information for each realm so that end users do not need to retype the information for every request. When the web client has obtained a user ID and password, it resends the original request with an Authorization header. Alternatively, the client can send the Authorization header when it makes its original request, and this header might be accepted by the server, avoiding the challenge and response process.
The format of the Authorization header is:
Authorization: Basic userid:password”

Documentation does not look complicated but I am wonderring where I should save this header so it’s taken when proper realm is used. This has to be saved in WSDL?
Customer does not want to consider SSL as they use internal web service only.

We already tried run commands in cobol WEB OPEN and WEB SEND to provide user id and password but it seems it did not passed properly, there is still XWBAUTH exit called when INVOKE SERVICE is performed – so we are looking how to compile this exit so it provides user id and password directly. Sample programs seems they need to use LDAP or some external authorisation server, is it possible to compile this exit so it provides credentials directly? Customer needs this for internal server connection and would prefer to have this exit used for authorisation or any other easy way to authentificate to web service.
Thanks for any help, hope I am not too mistaken with my approach.

Related:

Leave a Reply