PROXY=proxyurl
This optional keyword stores the URL (in the form http://proxyserver) of a
proxy server into the Web global work area, then enables the supplied
DFH$WBEX sample program as the XWBOPEN global user exit.
LDAPBIND=profilename
This optional keyword stores the name of an LDAP bind profile into the
Web global work area, then enables the supplied DFH$WBX1 sample
program as the XWBAUTH global user exit.
Note that you cannot specify both LDAPBIND and STS. To do so causes
DFH$WBPI to abend with code WBPI. Message DFHSI1580D is issued,
which may cause CICS to be terminated.
STS=sts-server-url
This optional keyword stores the URL (usually in the form https://sts-server)
of a Secure Token Service into the Web global work area, then enables the
supplied DFH$WBX2 sample program as the XWBAUTH global user exit.
Note that you cannot specify both STS and LDAPBIND. To do so causes
DFH$WBPI to abend with code WBPI. Message DFHSI1580D is issued,
which may cause CICS to be terminated.
Note that the total length of the INITPARM quoted text cannot exceed 60
characters.
DFH$WBEX
This sample global user exit program is designed to check the host name specified
on the EXEC CICS WEB OPEN command, and make any host name starting with www
use a proxy server if a proxy server name is specified in the global work area.
If all the requests from your CICS system should use a single proxy server, you can
use the proxy server name from the INITPARM system initialization parameter, that
DFH$WBPI used to initialize the global work area.
v The proxy name must be specified as:
INITPARM=(DFH$WBPI=’PROXY=proxyurl’)
where proxyurl is the URL if a proxy server. If you use a number of proxy servers or
want to apply a security policy to different host names, you can load or build a table
that matches host names to appropriate proxy servers or marks them as barred,
which can then be used as a look-up table during processing of the EXEC CICS WEB
OPEN command.
DFH$WBX1
This sample global user exit program has the following functions:
v If a GLUE global workarea is provided and it contains a non-zero LDAP
connection token, it uses that token in subsequent SEARCH requests.
v If the exit is called at the XSTERM (system termination) exit point, it terminates
the LDAP connection by invoking the DFHDDAP UNBIND_LDAP function.
Otherwise, it obtains a connection token by issuing DFHDDAP BIND_LDAP and
stores it in the global workarea. The LDAPBIND profile specified in the
INITPARM parameter for DFH$WBPI is used to obtain LDAP credentials.
v Composes a distinguished name in the following format: racfcid=uuuuuuuu,
ibm-httprealm=rrrrrrrr, labeledURI=xxxxxxxx, cn=BasicAuth where:
Chapter 1. Global user exit programs 21