Our broker implementation has SECURITY=YES which requires all caller to send in a userid which is used to authenticate against RACF. The userid is then used by Natural RPC set with LOGONRQ = ON.
In addition to the userid authentication, we also want to limit broker usage to certain ip addresses.
We have a racf resource class profile setup which not only limits calls to broker to be made via certain userid but also the calls can only be issued from 2 specific ip addresses.
With CHECK-IP-ADDRESS=YES and SECURITY-LEVEL=AUTHORIZATION, the userid authorization check seems to be working as expected. The ip address aspect seems to be ignored. When I issued the “valid” userid from an ip address source not defined to the resource class, then broker proceeds to allow the connection. If I used a userid not defined to the resource class and tried to connect, I get a “IP restriction error” which is what I expect.
How can I get broker to consider both the userid and the ip-address source for authorization?
Many thanks in advance.