Usage Notes
The connection string pointer specifies the address of the connection string for the session.
| Language | Variable Name |
|---|---|
| COBOL: | DBCAREA-CONNECT-PTR |
| C: DBCAREA.H | connect_ptr |
| Routine | Action Taken |
|---|---|
| DBCHINI: | writes |
| DBCHCL: | reads (CON) |
| Used by | Action Taken |
|---|---|
| application program | writes |
Before calling DBCHCL for the connect function, the application may build a connection string and provide its address in the Connection String Pointer. A connection string has the following format:
“attribute1=value1;attribute2=value2;…;attributeN=valueN”
The following rules govern the format of a valid connection string:
- The connection string consists of an alphanumeric string of attribute=value pairs, separated by a semicolon delimiter character.
- The connection string supports the same session character sets and encodings as the logon string.
- Attribute names are case insensitive. Attribute values are case sensitive.
- If an attribute occurs more than once in the connection string, the last instance takes precedence.
- The quote character is the double quote (“) character.
- Leading and trailing spaces in the attribute name are trimmed.
- Leading and trailing spaces of an unquoted value are trimmed. Leading and trailing spaces outside of a quoted value are trimmed.
- If the value contains spaces as part of the value, the value must be enclosed in quotes.
- Embedded double quote characters (for example, not the first or last character in the value) are allowed and do not require enclosing the value in quotes. For example:
attribute value: abc”def connection string: attribute=abc”def
- If a value contains a double quote as the first or last character in the value, the value must be enclosed in double quotes, and the embedded double quote must be escaped by doubling it. For example:
attribute value: “abcdef connection string: attribute=”””abcdef”
The connection string supports the following attributes:
| Attribute | Description |
|---|---|
| jws_private_key . | Location of the file that contains the JWS private key obtained from your identity provider. Can be in PEM or JWK format |
| jws_cert | Use if your identity provider requires an “x5t” header thumbprint. |
| oidc_clientid | Commonly used to override the default client ID when using bearer authentication. |
| oidc_scope | Used to override the default scope. |
| oidc_refresh | Enable or disable automatic token refresh. Default is enable. Valid values: enable, disable |
| oidc_refresh_percent | Specifies the percentage of token lifetime remaining at which automatic token refresh should occur. Default is 15, meaning 15% of lifetime remaining. A value of 0 means tokens will not be preemptively refreshed before they expire. A value of 100 means tokens will always be refreshed before use. Valid values: positive integer between 0 and 100. |
| oidc_token_cache | Enable or disable token caching. Default is enable. Valid values: enable, disable |
| oidc_claim | Specifies the JWT claim to use for identifying the user. Default is ‘sub’. Valid values: string identifying any JWT claim present in the payload |
| jws_algorithm | Default is RS256. Valid algorithms are RS256, RS384, RS512. |
| code_append_file | <filename>: appends the verification URL and code to the specified file if the file already exists or creates a new file if the specified file does not exist. -out: prints the verification URL and code to standard out (stdout) -err: prints the verification URL and code to standard error (stderr) |
| sslmode | TLS security mode. Default is allow. For more information, see How to Secure Connections using TLS. Valid values: disable, allow, prefer, require, verify-ca, verify-full |
| sslca | The full path to a file in PEM format containing a list of trusted SSL CA certificates. For more information, see How to Secure Connections using TLS. Valid values: An operating system file path |
| sslcapath | The full path to a directory containing trusted SSL CA certificates in PEM format. For more information, see How to Secure Connections using TLS Valid values: An operating system directory path |
| sslcrc | Certificate revocation check mode. Default is allow. For more information, see How to Secure Connections using TLS. Valid values: allow, require |
| tdmstport | The non-TLS port number. Default is 1025. Valid values: A valid integer port number |
| tdmsttlsport | The TLS port number. Default is 443. Valid values: A valid integer port number |
| httpsport | Same as tdmsttlsport |
| sslprotocol | The TLS protocol version. Default is “TLS1_2”. For more information on sslprotocol, see How to Secure Connections using TLS. Valid values: TLS1_2 |
| http_proxy | Hostname or IP address of the proxy server to use for HTTP requests |
| http_proxy_user | Proxy server username for http_proxy server |
| http_proxy_password | Proxy server password for http_proxy server |
| https_proxy | Hostname or IP address of the proxy server to use for HTTPS/TLS requests. In most cases, this is the same as http_proxy. |
| https_proxy_user | Proxy server username for https_proxy server |
| https_proxy_password | Proxy server password for https_proxy server |
| all_proxy | Hostname or IP address of the proxy server to use for HTTP and HTTPS/TLS requests. Use instead of http_proxy and https_proxy if the proxy server is the same for both HTTP and HTTPS/TLS connections. |
| all_proxy_user | Proxy server username for all_proxy server |
| all_proxy_password | Proxy server password for all_proxy server |
| proxy_bypass_hosts | Do not use proxy server for addresses that match these hostname, domain, or IP address patterns |
proxy_bypass
Connection string examples
sslmode=require sslmode=prefer;tdmstport=10250;tdmsttlsport=4430 sslmode=verify-full;sslca=/home/user/”My Certificates”