Setting up Trust Between External Applications and M3 BE

M3 Business Engine and its client applications can be set up to run trusted connections over the MI socket protocol. When a trusted connection is used, the client is responsible for authenticating users, and no user credentials need be transmitted to M3 BE. The connection must be configured for client-authenticated SSL, and the certificate in the client keystore must be generated with the role run-as-m3user.

Configuring client-authenticated SSL MI ports

By default, M3 BE is configured with a secure MI port on the grid M3Router. This is a secured connection dispatcher, denoted by a padlock symbol in the grid Management UI. If you add your own connection dispatchers to use for trusted connections, these must be set up with one of these authentication types:

Generating a client keystore

How to generate a client keystore for connections to a specific grid is described in Infor ION Grid Security Administration Guide, section "Creating an SSL Client Keystore in ION Grid for LifeCycle Manager".


To set up a trusted connection, the role list entered in the Create Client Keystore window must include the role <M3 BE deployed application name>/run-as-m3user.