Version 9.7
 —  EntireX Adapter Installation and User's Guide  —

Security Support

This document covers the following topics:


Security Support for Adapter Services

The EntireX Adapter uses adapter services to send synchronous or asynchronous requests to various backend systems. Access to these systems can be secured in the following ways:

Top of page

Security Support for Adapter Listeners

Adapter listeners receive synchronous or asynchronous requests from external RPC clients. If the RPC request is sent to the EntireX Adapter using an EntireX Broker which is configured to use security then the credentials of the RPC clients are checked to see if the client is permitted to call the adapter listener.

By enabling the listener property Execute Service with Client Credentials, an adapter listener can be configured to use the credentials (user ID and password) provided by the RPC client to execute the Integration Server service:

graphics/wmEexxAdapterSecurity4AdapterListeners.png

Then the RPC client has to provide credentials (RPC user ID and RPC password) which are used to execute the Integration Server service. Note that currently the RPC user ID and password are limited to 8 characters.

Top of page

Support for SSL/TLS

Communication between the Adapter and the backend systems is done using TCP/IP or, for secure communication, SSL/TLS.

The configuration of SSL depends on the connection type:

Connection type Description
Connection types using the EntireX Broker Use the URL-style syntax by which Broker IDs are defined to select SSL as transport method and to define the SSL parameters. For example: ssl://host:1958?definition_of_sslparameters. The syntax for defining SSL parameters is described in the notes below.
IMS Connect and CICS ECI Specify the SSL port in the Port property and the SSL parameters in the SSL Parameters property as described in Editing a Connection. The syntax for defining SSL parameters is described in the notes below.
Direct RPC Specify the SSL port and SSL parameters in the configuration wizard for Direct RPC.

Notes:

  1. SSL parameters are defined in URL style as name value pairs separated by an ampersand ('&').
  2. You always have to specify trust_store=file, where file is the path name of a Java keystore file which contains the list of trusted certificate authorities. Specify verify_server=no, if you do not want to check that the certificate of the SSL server is issued for the specified hostname. Example: ssl://host:1958?trust_store=/temp/ExxCACert.jks&verify_server=no
  3. If the SSL server requests a client certificate, specify key_store=file and key_passwd=pwd. Again, file is the path name of a Java keystore file which contains the private key and pwd is the password which is needed to access the private key entry in the keystore. Example: ssl://host:1958?trust_store=/temp/ExxCACert.jks&key_store=/temp/ExxJavaAppCert.jks&key_passwd=ExxJavaAppCert

Top of page