Direct attach of web transaction in CICS does not happen due to Basic Authenticate error

Question & Answer

Question

When trying to implement the new Direct Attach optimization for webservice requests, why would I continue to see a 1:1 relationship of a CWXN transaction and the transaction requested in the webservice request? I did not think I would not need transaction CWXN for web service provider transactions in CICS Transaction Server for z/OS (CICS TS) V5.3 when I am not using Secure Sockets Layer (SSL) and an analyzer. I am using PIPELINEs.

Answer

The reason the webservice request does not directly attach the requested tranid is because there is a BASIC_AUTHENTICATE error. This is due to your TCPIPSERVICE definition being defined with AUTHENTICATE(BASIC) and the request coming in to CICS does not contain an authentication header.

Because the request does not contain an authentication header, transaction CWXN is attached so it can pass back the basic authentication error which will prompt the end user and challenge for a userid and password. Once the end user replies with a userid and password, CICS will have enough information to attach the end user transaction.

To stop CWXN from being attached, you should send an authenticate header in the original request.
Here is an example of an authorization header being sent with the original request. It contains a base64 encoded userid and password:

 *POST /myscript/Action2Take HTTP/*  *1.1..Content-Type: text/xml..SOA*  *PAction: ""..Authorization: Basi*  *c XXXXXXXXXyyyyZZZZZyyXX==..Host*  *: abcde-test.my.net:1234..User-A*  *gent: Apache-HttpClient/4.1.1 (j*  *ava 1.5)..Via: 1.1 XyZZZXXyZZZ-.*  *.X-Client-IP: 00.11.22.333..X-Gl*  *obal-Transaction-ID: 012345678..*  *Connection: Keep-Alive..Content-*  *Length: 123....<?xml version="1.*  *0" encoding="UTF-8"?>.<soapenv:E*  *nvelope xmlns:req="http://www.xx*  *xxxxxxxxxx.my/act/request" xmlns*  *:soapenv="http://schemas.xmlsoap*  *.org/soap/envelope/">.   <soapen*  *v:Header/>.   <soapenv:Body>.   *

See HTTP basic authentication in the CICS TS documentation for more information about the Authorization header.

To determine if you are getting a BASIC_AUTHENTICATE error, turn on CICS auxiliary trace using transaction CETR then recreate the problem. If you format the trace, you should see a "SO 0201 SOCK ENTRY - FUNCTION (SEND)" trace entry with an eyecatcher like the following in Data 2:

 *HTTP/1.1 401 Basic Authenticatio*  *n Error..CONTENT-TYPE: text/html*  *..WWW-Authenticate: Basic realm=*  *"realm  "..                     *  *Date: Fri, 28 Jul 2017 20:44:17 *  *GMT  ..Server: IBM_CICS_Transact*  *ion_Server/5.3.0(zOS)..Content-L*  *ength: 000000000000183..Connecti*  *on: Keep-Alive....              *

Here is the complete trace entry showing the "Basic Authentication error": alt text

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"Security","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

CICS/TS CICSTS CICS TS CICS Transaction Server

Was this topic helpful?

Document Information

Modified date:
24 August 2017

UID

dwa1395860

Tips