M3 Business Engine and its client applications can be set up to run trusted connections over the MI socket protocol. When a trusted connection is used, the client is responsible for authenticating users, and no user credentials need be transmitted to M3 BE. The connection must be configured for client-authenticated SSL, and the certificate in the client keystore must be generated with the role run-as-m3user.
By default, M3 BE is configured with a secure MI port on the grid M3Router. This is a secured connection dispatcher, denoted by a padlock symbol in the grid Management UI. If you add your own connection dispatchers to use for trusted connections, these must be set up with one of these authentication types:
Clients may authenticate with certificate
Clients must authenticate with certificate
How to generate a client keystore for connections to a specific grid is described in Infor ION Grid Security Administration Guide, section "Creating an SSL Client Keystore in ION Grid for LifeCycle Manager".
To set up a trusted connection, the role list entered in the Create Client Keystore window must include the role <M3 BE deployed application name>/run-as-m3user.