Configuring IMS Connect for SOAP Gateway
You must configure IMS Connect to allow SOAP Gateway to access IMS transactions.
To configure IMS Connect for SOAP Gateway:
- Configure IMS Connect
with user exit routine HWSSOAP1.
The HWSSOAP1 exit routine is an IMS Connect exit routine that manages the translation of message headers on input and output messages and provides a point of control to modify, route, and check security for messages from and to SOAP Gateway.
Ensure that the HWSSOAP1 exit routine is specified within the IMS Connect configuration member EXIT keyword within the TCPIP statement, as shown in the following sample code for the IMS Connect configuration member HWSCFGxx:
HWS=(ID=HWS8,RACF=Y,XIBAREA=20) TCPIP=(HOSTNAME=MVSTCPIP,RACFID=RACFID, PORTID=(9999,LOCAL),MAXSOC=2000,TIMEOUT=8800, EXIT=(HWSSMPL1,HWSSOAP1)) ADAPTER=(XML=Y)
-
Configure IMS Connect with
user exit routine HWSSMPL1.
The HWSSMPL1 exit routine internally manages SOAP Gateway ping support in IMS Connect. It is provided in the IMS.SDFSSMPL data set. Add the HWSSMPL1 exit routine to the EXIT parameter of the TCPIP statement of the HWSCFGxxx member in the IMS.PROCLIB data set. For more information about the exit routine, see in IMS 14 Exit Routines.
- For NIST SP800-131a, configure IMS Connect to enable TLSv1.2 support.
- Turn on TLS v1.2 support in the IMS Connect
SSL configuration member by setting the GSK_PROTOCOL_TLSV1_2 variable
to GSK_PROTOCOL_TLSV1_2_ON:
GSK_PROTOCOL_TLSV1_2=GSK_PROTOCOL_TLSV1_2_ON
- Specify the cipher suite to enable. For example:
GSK_V3_CIPHER_SPECS=3C0906030201
In this example, the first two characters, 3C, indicate 128-bit AES encryption with SHA-256 message authentication and RSA key exchange. For more information about cipher suite definitions for TLS v1.2, see Cipher Suite Definitions in z/OS® Cryptographic Services System SSL Programming information.
For more information about IMS Connect SSL setup and related variables, see the SSL initialization topic in IMS 14 Communications and Connections.
- Turn on TLS v1.2 support in the IMS Connect
SSL configuration member by setting the GSK_PROTOCOL_TLSV1_2 variable
to GSK_PROTOCOL_TLSV1_2_ON:
- After changing the IMS Connect configuration member, restart IMS connect.
- Optional: Configure SSL communications. You can use either z/OS Communications Server Application
Transparent Transport Layer Security feature (AT-TLS) or IMS Connect to manage your SSL communications.
AT-TLS is recommended because it provides greater flexibility with
respect to the use of ports in addition to simplifying the IMS Connect security implementation.
- For more information about configuring z/OS AT-TLS, see z/OS: Communications Server IP Configuration Guide.
- To use the XML conversion function in IMS Connect, you must configure the IMS Connect XML adapter function.