Security Exit Messages

The security exit contains four types of messages:

  • GENERATE_MSG
  • GENERATE_REPLY_MSG
  • VALIDATE_MSG
  • VALIDATE_REPLY_MSG
CAUTION:
If the security exit is used, IBM® Connect:Direct® relies on it for user ID authentication. If the security exit is not implemented correctly, security can be compromised.

GENERATE_MSG

IBM Connect:Direct sends a generate message to the user exit program at the start of a session to establish a security environment. The PNODE sends the GENERATE_MSG to the security exit to determine a user ID and security token to use for authentication on the SNODE. The GENERATE_MSG contains:

  • Submitter ID
  • PNODE ID
  • PNODE ID password, if user specified one
  • SNODE ID
  • SNODE ID password, if user specified one
  • PNODE name
  • SNODE name

GENERATE_REPLY_MSG

The user exit program sends a reply message to IBM Connect:Direct. The GENERATE_REPLY_MSG contains:

  • Status value of zero for success or non zero for failure
  • Status text message (if status value is failure, status text message is included in the error message)
  • ID to use for security context on the SNODE side (may or may not be the same ID as in the generate message)
  • Security token used in conjunction with ID for security context on the SNODE side

VALIDATE_MSG

IBM Connect:Direct sends a validate message to the user exit program. The SNODE sends the VALIDATE_MSG to the security exit to validate the user ID and security token received from the PNODE. The VALIDATE_MSG contains:

  • Submitter ID
  • PNODE ID
  • PNODE ID password, if user specified one
  • SNODE ID
  • SNODE ID password, if user specified one
  • PNODE name
  • SNODE name
  • ID to use with security token
  • Security token (password, PASSTICKET, or other security token)

VALIDATE_REPLY_MSG

The user exit program sends a reply message to the IBM Connect:Direct VALIDATE_MSG. The VALIDATE_REPLY_MSG contains:

  • Status value of zero for success or non zero for failure
  • Status text message (if status value is failure, status text message is included in the error message)
  • ID used for security context
  • Security token to use in conjunction with ID for security context