EntireX supports two user ID/password pairs: a broker user ID/password pair and an (optional) RPC user ID/password pair sent from RPC clients to RPC servers. With EntireX Security, the broker user ID/password pair can be checked for authentication and authorization.
The RPC user ID/password pair is designed to be used by the receiving RPC server. This component's configuration determines whether the pair is considered or not. Useful scenarios are:
Credentials for Natural Security
Web Service Transport Security with the RPC Server for XML/SOAP, see XML Mapping Files
Service execution with client credentials for EntireX Adapter Listeners, see Configuring Listeners
etc.
Sending the RPC user ID/password pair needs to be explicitly enabled by the RPC client. If it is enabled but no RPC user ID/password pair is provided, the broker user ID/password pair is inherited to the RPC user ID/password pair.
With the flag COM_CLIENT_NATSECURITY (see below)
sending the RPC user ID/password pair is enabled for the PL/I RPC clients.
If you do so, we strongly recommend using SSL/TLS. See Using SSL/TLS.
To use the broker and RPC user ID/password
Specify a broker user ID and broker password in COM_CLIENT_USERID and COM_CLIENT_PASSWORD of the RPC Communication Area.
Set the flag COM_CLIENT_NATSECURITY to ERX_TRUE. If set to ERX_FALSE or other values, the RPC user ID/password will not be sent.
The flag must be set before you issue any interface object calls. It is not needed for broker communication (see Using Broker Logon and Logoff), but it is also harmful if set.
If different user IDs and/or passwords are used for broker and RPC, use COM_CLIENT_RPCUSERID and COM_CLIENT_RPCPASSWORD to provide a different RPC user ID/password pair.
By default the library name sent to the RPC server is retrieved from the IDL file (see library-definition under Software AG IDL Grammar in the IDL Editor documentation). The library name can be overwritten. This is useful if communicating with a Natural RPC
server. Specify a library in COM_SERVER_LIBRARY.