Set up IBM® Integration Bus to use Integrated Windows Authentication (IWA) to secure inbound requests against an integration node on Windows.
Securing an IBM Integration Bus service with IWA modifies the behavior of only the HTTPInput and SOAPInput nodes. For inbound support, IWA requires the HTTP and SOAP nodes to use an embedded (integration server) listener. IWA is not supported by integration node listeners. SOAP nodes use embedded listeners by default, but HTTP nodes use integration node listeners by default. For information on how to switch to an embedded listener, see Switching from an integration node listener to embedded listeners.
If you are using HTTP over SSL (HTTPS), you must set up a public key infrastructure (PKI). For more information, see Setting up a public key infrastructure.
To enable IWA on an integration node running on Windows, run the following command:
mqsichangeproperties integrationNodeName -e integrationServerName -o ConnectorType
-n integratedWindowsAuthentication -v "PropertyValue"
Where: To check what the current IWA setting is, run the following command:
mqsireportproperties integrationNodeName -e integrationServerName -o ConnectorType -r
The
following output is displayed within the connector properties:Local environment tree credentials | Properties folder credentials |
---|---|
username (root folder) | IdentitySourceType |
> fullName
(consisting of realm\username) |
|
> username | IdentitySourceToken |
> realm | IdentitySourceIssuedBy |
> package | |
> spn | |
> sid |
mqsichangeproperties IBNODE -e default -o HTTPSConnector
-n integratedWindowsAuthentication -v "Negotiate"
mqsichangeproperties IBNODE -e default -o HTTPConnector
-n integratedWindowsAuthentication -v "NTLM;Negotiate"
mqsichangeproperties IBNODE -e default -o HTTPConnector
-n integratedWindowsAuthentication -v ""