HostBridge currently supports a Trusted Host model. It is implemented as follows:
- On the CICS TCPIPSERVICE definition(s) for HostBridge (for example, HBJNSSL, HBXNSSL and/or HBRNSSL), the Basic Authentication parameter should be set to Basic.
- The directive HB_TRUSTED_HOST=1 must be specified in the HostBridge initialization module or DOCTEMPLATE (HBR@INIT). Click here for a further explanation of this directive.
- The directive HB_TRUSTED_USERIDS=(userid1,...,userid4) must be specified in the HostBridge initialization module or DOCTEMPLATE (HBR@INIT). Click here for a further explanation of this directive.
- The inbound HTTP request must contain a standard basic authentication header, specifying a mainframe (RACF/ACF2/TopSecret) user id and password. Ordinarily, this will be a generic user id (perhaps associated with the trusted host), rather than a specific user id associated with an end user.
- The HTTP request should also contain an HTTP header named HB_TRUSTED_HOST (all caps). The value specified by this header is the mainframe (RACF/ACF2/TopSecret) user id under which the request will be run.
CICS (via your mainframe security process) will validate access based on the generic user id/password specified in the basic authentication header. However, HostBridge will cause the request to be run under the identity specified by the hb_trusted_host header.
Click here to see a sample of how to specify the HB_TRUSTED_HOST HTTP header and issue a HostBridge trusted host request.