Implementing Client Authentication

When connecting to a Connect:Direct server, a user or client application must supply the user ID of a valid user account that is configured in the functional authorities of a Connect:Direct node.

In addition, the application usually includes a means of authentication, such as a password or a security certificate.

There are two types of client authentication:

• LOCAL—Authenticating users or applications that are trying to connect from the same node that the connect:direct server is running on.

• HOST—Authenticating users or applications that are trying to connect from a node that has a different IPv4 or IPv6 address than the connect:direct server.

Connect:Direct for Windows takes the following steps to authenticate users:
  1. When a user or application attempts to connect to a CDW server, the system checks to see if the user is configured in local functional authority.
  2. If so, authentication occurs using any one of these assigned authentication method:
    1. Password-based authentication if the user has provided the username/password.

      For example, File Agent is configured with a userid and password that allows it to connect to Connect:Direct for Windows via. an API connection. This user id and password must be a valid Windows credentials for the Connect:Direct for Windows server that File Agent connects to.

    2. Certificate-based authentication

      Authenticates a client such as, IBM Control Center (ICC) using digital certificates (SSL). For more information on Client Authentication see, Certificate Authentication for Client API Connections.

      To enable Certificate-based authentication, go to IBM Connect:Direct Requester>Functional Authorities Users Main panel > select Allow client certificate authentication check box. For more information see, Defining User Authority.

    3. Trusted Local Host Authentication (no password)

      Authenticates with a user name configured in the functional authorities but no password.

      To enable local authentication without a password, go to IBM Connect:Direct Requester>Functional Authorities Users Main panel > select Allow no-password local connection check box. For more information see, Defining User Authority.