Db2 REST services trusted context and trusted connection support

If Db2 trusted context support is enabled, Db2 REST requests exploit it.

The way in which Db2 uses a trusted context depends on the types of authentication that are used to establish the REST connection:

• If either HTTP basic authentication or client certificate authentication, but not both, is used, Db2 establishes a connection in the following way:
  1. Db2 performs authentication and authorization processing using the presented credentials.
  2. If authentication is successful, Db2 searches for a trusted context definition with attributes that match the REST request connection attributes.
  3. If a matching trusted context is found, that trusted context is associated with the Db2 REST request, thereby creating a trusted connection.
  4. If a matching trusted context is not found, the Db2 REST request runs on a normal Db2 connection.
• If both HTTP basic authentication and client certificate authentication are used, Db2 establishes a connection in the following way:
  1. Db2 performs authentication and authorization processing using the client certificate credentials.
  2. If authentication is successful, Db2 uses the client certificate information to establish a trusted connection.
  3. After the trusted connection is established, Db2 performs authentication and authorization processing using the HTTP basic authentication credentials.
  4. If authentication is successful, Db2 uses the HTTP basic authentication credentials to perform a switch-user operation on the trusted connection.

  If any of the previous steps are unsuccessful, Db2 rejects the Db2 REST request and issues a security failure error.