Trusted IBM DB2 Database Connections
A data source that is used for trusted application connections must define open session blocks for any user-specific database state that must be defined before the proxy users queries being issued. The associated Open Connection block is only executed once when the trusted connection is attempted, while Open Session blocks can execute many times for different users.
The information that a connection is going to proxy a request on behalf of a user, who is allowed to use proxy logons, is provided to the database using the following session command block attached to the trusted database connection. The value that you use for the session variable, OCI_ATTR_USERNAME, must match the IBM DB2 user name.
<commandBlock>
<commands>
<sessionStartCommand>
<arguments>
<argument>
<name>OCI_ATTR_USERNAME</name>
<value>#$account.defaultName#</value>
</argument>
</arguments>
</sessionStartCommand>
</commands>
</commandBlock>
For information about adding a command block for a data source connection, see Add Command Blocks While Creating a Data Source.
Prerequisites for using trusted connections
There are some prerequisites to consider if you plan to use trusted connections.
- Use IBM DB2 client version 9.5 or higher on all platforms.
- Use a DB2 Call Level Interface (DB2 CLI) to create a trusted connection.
- You must create a signon for the data source connection to specify the IBM DB2 credentials of the trusted IBM DB2 user.
- The Trusted Context that you defined in your IBM DB2 database must not request credentials for the user that is being proxied.