Joined: 07 Oct 2013
|This is really a Peoplesoft question, but they don't seem to have much experience with CICS so maybe someone here has done this.
Attempting to access CICS web services using PeopleSoft Integration Broker.
Have tested successfully using SoapUI, curl, and Integration Broker with http connection to CICS web services using a userid/password client authentication, but would like production system to use HTTPS.
Which of following configurations would be workable and most desirable:
a) 2 way SSL handshake between Integration Broker and CICS web services using HTTPS. The Integration Broker client
SSL certificate would authenticate to one CICS userid and be used by all Peoplesoft user transactions (for this web service)..
b) Use Weblogic as a proxy server in front of Integration Broker. 2way SSL handshake between Weblogic proxy
and CICS web service using HTTPS. Weblogic web server SSL certificate would authenticate to one CICS userid and be used
by all Peoplesoft user transactions.
c) 1way SSL handshake between Integration Broker and CICS web services using HTTPS. Soap ws-security userid/password would
authenticate the client to CICS. I understand that Peoplesoft does not support use of a certificate within ws-security for client authentication.
Userid used would be the default userid on the node definition in order to avoid defining several thousand userids to CICS RACF security.
d) any other options?
We are currently testing option a without any success. Integration Broker is only doing a 1way SSL handshake and then sending
an APP_DATA SSL packet with the soap transaction. The Integration Broker client SSL certificate is not being sent to CICS.