IBM Support

Connect:Direct for Windows: How does the 'proxy.attempt' parameter work?

Technical Blog Post


Abstract

Connect:Direct for Windows: How does the 'proxy.attempt' parameter work?

Body

Connect:Direct for Windows processes incoming user IDs from remote nodes based on how the 'proxy.attempt' parameter is set in the Initparms.

The default setting is 'proxy.attempt=N'.

 

The best way to answer this question is provide different scenarios.


Scenario 1:
proxy.attempt=N
The Remote ID has both a Functional Authority and Proxy record on your C:D node.
Your C:D node will attempt to validate the incoming ID with the Functional Authority record. If this fails, the process fails. C:D will not try the Proxy record.

Scenario 2:
proxy.attempt=N
The Remote ID has only a Proxy record on your C:D node.
Your C:D node will first look in Functional Authorities for the incoming ID and will not find a record for the incoming ID, C:D will then look in Proxies for a record. Finding it, C:D will map the process to the LocalUserid specified in the Proxy record. C:D will then attempt to validate the LocalUserid in the Functional Authorities records. If this validation for the LocalUserid fails, the process fails.

Scenario 3:
proxy.attempt=Y
The Remote ID has both a Functional Authority and Proxy record on your C:D node.
Your C:D node will first look in the Proxy records. Finding the record, C:D will map the process to the LocalUserid specified in the Proxy record. C:D will then attempt to validate the LocalUserid in the Functional Authorities records. If this validation for the LocalUserid fails, the process fails. C:D will not try the Functional Authorities record for the incoming ID.

Scenario 4:
proxy.attempt=Y
The Remote ID has only a Proxy record on your C:D node.
Your C:D node will first look in the Proxy records. Finding the record, C:D will map the process to the LocalUserid specified in the Proxy record. C:D will then attempt to validate the LocalUserid in the Functional Authorities records. If this validation for the LocalUserid fails, the process fails.
If your C:D node does not find a Proxy record, it will look in Functional Authorities for a record for the remote ID. Not finding one, the process will fail.

"Best practice":
a. Define remote user IDs in the Proxies.
b. Do not define remote user IDs in Functional Authorities.
c. Set 'proxy.attempt=Y'.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS4PJT","label":"IBM Sterling Connect:Direct"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

UID

ibm11123557

Page Feedback