EntireX supports two user ID/password pairs: a broker user ID/password pair and an (optional) RPC user ID/password pair sent from RPC clients to RPC servers. With EntireX Security, the broker user ID/password pair can be checked for authentication and authorization.
The RPC user ID/password pair is designed to be used by the receiving RPC server. This component's configuration determines whether the pair is considered or not. Useful scenarios are:
Credentials for Natural Security
Web Service Transport Security with the RPC Server for XML/SOAP, see XML Mapping Files
Service execution with client credentials for EntireX Adapter Listeners, see Configuring Listeners
etc.
Sending the RPC user ID/password pair needs to be explicitly enabled by the RPC client. If it is enabled but no RPC user ID/password pair is provided, the broker user ID/password pair is inherited to the RPC user ID/password pair.
With the flag COM_CLIENT_NATSECURITY
(see below)
sending the RPC user ID/password pair is enabled for the PL/I RPC clients.
If you do so, we strongly recommend using SSL/TLS. See Using SSL/TLS.
To use the broker and RPC user ID/password
Specify a broker user ID and broker password in COM_CLIENT_USERID
and COM_CLIENT_PASSWORD
of the RPC Communication Area.
Set the flag COM_CLIENT_NATSECURITY
to ERX_TRUE
. If set to ERX_FALSE
or other values, the RPC user ID/password will not be sent.
The flag must be set before you issue any interface object calls. It is not needed for broker communication (see Using Broker Logon and Logoff), but it is also harmful if set.
If different user IDs and/or passwords are used for broker and RPC, use COM_CLIENT_RPCUSERID
and COM_CLIENT_RPCPASSWORD
to provide a different RPC user ID/password pair.
By default the library name sent to the RPC server is retrieved from the IDL file (see library-definition
under Software AG IDL Grammar in the IDL Editor documentation). The library name can be overwritten. This is useful if communicating with a Natural RPC
server. Specify a library in COM_SERVER_LIBRARY
.