Implementing Client Authentication
When connecting to a Connect:Direct server, a user or client application must supply the user ID of a valid user account that is configured in the functional authorities of a Connect:Direct node.
In addition, the application usually includes a means of authentication, such as a password or a security certificate.
There are two types of client authentication:
• LOCAL—Authenticating users or applications that are trying to connect from the same node that the connect:direct server is running on.
• HOST—Authenticating users or applications that are trying to connect from a node that has a different IPv4 or IPv6 address than the connect:direct server.
- When a user or application attempts to connect to a CDW server, the system checks to see if the user is configured in local functional authority.
- If so, authentication occurs using any one of these assigned authentication method:
- Password-based authentication if the user has provided the username/password.
For example, File Agent is configured with a userid and password that allows it to connect to Connect:Direct for Windows via. an API connection. This user id and password must be a valid Windows credentials for the Connect:Direct for Windows server that File Agent connects to.
- Certificate-based authentication
Authenticates a client such as, IBM Control Center (ICC) using digital certificates (SSL). For more information on Client Authentication see, Certificate Authentication for Client API Connections.
To enable Certificate-based authentication, go to IBM Connect:Direct Requester>Functional Authorities Users Main panel > select Allow client certificate authentication check box. For more information see, Defining User Authority.
- Trusted Local Host Authentication (no password)
Authenticates with a user name configured in the functional authorities but no password.
To enable local authentication without a password, go to IBM Connect:Direct Requester>Functional Authorities Users Main panel > select Allow no-password local connection check box. For more information see, Defining User Authority.
- Password-based authentication if the user has provided the username/password.