PK76576: SPECIFYING 'USER GROUP PROFILE' ON WUI SIGNON SCREEN

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• When signing on to the CPSM WUI, there is no way for the WUI to
  provide a proper GROUP option.  AS an alternative, there may be
  a way to allow the 'user group profile' to be specified on the
  WUI screen.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All CICSPlex SM V3R2M0 Users.                *
  ****************************************************************
  * PROBLEM DESCRIPTION: - CICSPlex SM Web User Interface (WUI)  *
  *                        users need a mechanism to specify     *
  *                        which WUI user group profile should   *
  *                        be used.                              *
  *                      - The WUI Signon screen does not save   *
  *                        the user id, nor does it position     *
  *                        the cursor to the appropriate field.  *
  *                      - WUI User group profiles do not allow  *
  *                        * in the name.                        *
  ****************************************************************
  * RECOMMENDATION: After applying the PTF that resolves this    *
  *                 APAR, all Web User Interface (WUI) servers   *
  *                 must be recycled to pick up the new code.    *
  *                 Note that the restarts do not need to be     *
  *                 done at the same time.                       *
  ****************************************************************
  - The WUI User group object associated with a user id is always
    the user id's default group. In some installations, the
    default group cannot be used to identify job roles, so a
    mechanism is required to allow WUI Users with the same default
    group to specify which WUI User group should be used.
  - The WUI Signon screen does not remember a previously specified
    user id and it does not attempt to position the cursor to a
    field if it requires input.
  - Some External Security Managers allow an * (asterisk) in the
    name of user group profiles. The CICSPlex SM WUI should
    support user group profiles with an * in the name.
  

Problem conclusion

• A new WUI system parameter called SIGNONPANEL has been added.
  The SIGNONPANEL system parameter is only effective when the
  WUI server is running with security active (SEC=YES in the SIT).
  SIGNONPANEL has two options:
  
    - BASIC (the default)
      The WUI signon screen functions as it does prior to the
      installation of the PTF that resolves this APAR.
  
      - The GROUP option is not displayed on the signon screen.
      - The user group profile is set according to the users
        default group.
      - The user id value is not saved in a cookie.
      - JavaScript is not used to position the cursor on the
        signon screen.
  
    - ENHANCED
      The GROUP option will be displayed on the signon screen.
  
      - If the user does not enter a value, then the user group
        profile is set according to the users default group.
  
      - If the user does enter a value, the signon will proceed.
  
        - If the user id is connected to the specified group,
          then this group will be used as the WUI user group
          profile.
        - If the user id is not connected to the specified group,
          or the group name is invalid, then the signon will
          continue, but the WUI User group profile will be set
          based on the default group of the user and message
          EYUVC1227W will be issued to the WUI user (once sign on
          is complete) and message EYUVS0024W will be written to
          the WUI Server's EYULOG.
  
      Note: The GROUP option does not change the current
            connect group of the user being signed on. The
            security environment built by the WUI is always
            based on the user's default group. The only effect
            that the group option on the WUI signon screen has
            is to specify which WUI user group profile the
            user should be associated with. It does not change
            any security decisions that might be made by the
            External Security Manager.
  
      Additionally when the SIGNONPANEL(ENHANCED) option is set
      and JavaScript is enabled in the web browser, the signon
      process will attempt to:
  
      - save the user id and group values in a cookie, so
        that when the signon process is run again, the form is
        pre-filled with previously entered values.
  
      - position the cursor to the field requiring input.
  
  To enable this support, the following changes have been made:
  
  - EYU0VSPT now contains definitions for the SIGNONPANEL option.
  
  - EYU0VITI will retrieve the SIGNONPANEL option and set a new
    flag in the WUI anchor block.
  
  - EYU0VPSN and EYU0VPSP will check for the new flag and,
    depending on the options in use, enable the enhanced function
    or not.
  
  - EYU0VGAI will check that the user is connected to the
    group specified on the signon screen during the start up of
    the users COVA long running task. If the user is not connected
    to the requested group, VGAI will issue new EYULOG message:
  
      EYUVS0024W User (<user>) is not connected to requested group
                  (<group1>). Default group (<group2>) used.
  
    indicating that the user will be associated with a WUI user
    group profile that is the same name as the user's default
    group. EYU0VGAI will also set an indicator for EYU0VISX that
    the requested group was not used.
  
    If the user is connected to the group, then the specified
    group will be used as the WUI user group profile.
  
  - EYU0VISX will issue new message:
  
      EYUVC1227W Not connected to requested group <group1>.
                 Default group <group2> used.
  
    via the web browser if EYU0VGAI indicated that the user was
    not able to use the group requested on the signon screen.
  
  - EYU0VWHN has been changed so that it will perform a decode
    URL encoded cookie values.
  
  - New JavaScript class EYUCOOKIE has been created. This class
    contains methods for getting and setting HTTP cookies. The
    WUI JavaScript catalog, EYUTVTJE, has been updated to include
    the new class.
  
  To allow user groups containing an asterisk to be used, a user
  group validation has been added to EYU0VEB2 that allows the
  same characters as a user profile in addition to *.
  
  Please note that there are restrictions with the COVC EXPORT
  facility, when an export of a WUI user group is performed with
  a * in it's name. See the DOC hold associated with the PTF that
  resolves this APAR for details.
  

Temporary fix

• FIX AVAILABLE BY PTF ONLY
  

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

  PK67667

• APAR is sysrouted TO one or more of the following:

  UK43570

Modules/Macros

•    DYU0VEBB DYU0VEB2 DYU0VEXX DYU0VGAI DYU0VISX
  DYU0VITS DYU0VPSF DYU0VPSN DYU0VPSP DYU0VSPM DYU0VWHA EYUBVITA
  EYUBVKAB EYUBVKTB EYUBVPSN EYUEVGAI EYUEVGAR EYUEVPSN EYUKVGAI
  EYUKVGAR EYUKVPSN EYURVGAI EYURVGAR EYURVPSN EYUSVGAI EYUSVGAR
  EYUSVPSN EYUTVTHE EYUTVTHK EYUTVTHS EYUTVTJE EYUTVTJK EYUTVTJS
  EYU0DVWI EYU0DVWJ EYU0VEBB EYU0VEB2 EYU0VGAI EYU0VISX EYU0VITA
  EYU0VITI EYU0VITT EYU0VPSF EYU0VPSN EYU0VPSP EYU0VSPI EYU0VSPL
  EYU0VSPT EYU0VWHN EYU7VITB EYU7VITT EYU7VKAB EYU7VKTB EYU7VSP7
  

Fix information

• Fixed component name

  CICSTS V3 Z/OS

• Fixed component ID

  5655M1500

Applicable component levels

• R50M PSY UK43570

     UP09/02/04 P F902

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.