Skip to Main Content
IBM Data and AI Ideas Portal for Customers

This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal ( - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal ( - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM. - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

IBM Employees should enter Ideas at

Created by Guest
Created on Oct 19, 2023

DB2 Replication Engine support API-key authentication without username/password

Problem Statement:

With IDR CDC DB2 LUW Replication Engine, unable to create a source DB2 datastore for DB2 LUW running in Cloud Pak for Data (CP4D). Since CP4D is IAM-enabled for OIDC SSO integration with enterprise Azure AD, DB2 LUW only support programmatic connectivity using API key authentication (not user name/password). However, when creating DB2 LUW datastore in IIDR CDC DB2 LUW Replication Engine, user name/password is mandatory, even if we define extra JDBC parameter for API key and SSL security mechanism.

API key authentication is not an issue for the support packages (DB2 client and IBM Global Security Kit-GSKit) that drives IIDR CDC DB2 LUW Replication Engine. Both DB2 client & IBM GSKit are configured on the same IDR Linux VM, and successfully tested to establish SSL connection to DB2 LUW database running in CP4D using API key and SSL certificate.

There is no current workaround, since CP4D integration with IAM integration service is irreversible, hence there is no way to switch back to username/password authentication for programmatic access to DB2 LUW.

Proposed Solution:

Given IIDR mandates DB2 LUW instances to be created with a DB2 LUW datastore, an additional patch is needed. This patch for IDR DB2 LUW datastore creation function (./dmconfigurets) should allow api key-only authentication mechanism (and allow to omit username/password), when extra JDBC parameters is provided with an apiKey and securityMechanism=15. This will allow the IDR-DB2 LUW connection using custom JDBC connection string to the DB2 LUW instance residing in CP4D. This patch can be called before the step of configuring the username and password.

Needed By Yesterday (Let's go already!)
  • Admin
    Davendra Paltoo
    Oct 25, 2023

    IBM Update

    Thanks for filing this requirement.

    We think that the requirement is valid, and we've added it to our roadmap.