Start of change
WebSphere Message Brokers
File: ap04120_
Writer: Stephanie J Strugnell

Task topic

This build: July 31, 2007 21:34:48

Configuring authentication

Before you start:

Before you can configure a message flow to perform identity authentication, you need to check that an appropriate security profile exists, or create a new security profile. See Configuring a security profile.

LDAP:

To authenticate the identity of a user or system, the broker attempts to connect to the LDAP server using the username and password associated with the identity. To do this, the broker needs the following information:
  • To resolve the username to an LDAP entry, the broker needs to know the base distinguished name (Base DN) of the accepted login IDs. This is required to enable the broker to differentiate between different entries with the same name.
  • If subtree search has been specified, the broker must first connect to the LDAP server and search for the given user in order to obtain the full user distinguished name (DN) to be used for authentication. If your LDAP directory does not permit anonymous logins, use the mqsisetdbparms command to specify a username and password:
    mqsisetdbparms -n LDAP -u username -p password
    or
    mqsisetdbparms -n <servername> -u username -p password
    where <servername> is your base LDAP server name, for example, ldap.mydomain.com.
To enable an existing message flow to perform identity authentication:
On the Security tab for each input node, select a security profile that has authentication enabled:
Screen capture of the Security tab on the MQInput Node Properties panel.

If the message identity does not contain enough information for authentication, the information must be taken from the message body. For example, if a password is required for authentication but the message came from MQ with only a username, the password information must be taken from the message body. For more information, see Configuring identity.

Related concepts
Identity
Authentication
Identity mapping
Authorization
Identity propagation
Security profiles
Security exception processing
Related tasks
Configuring identity
Configuring identity mapping
Configuring a security profile
Configuring authorization
Configuring a message flow for identity propagation
Setting up message flow security
Related reference
mqsicreateconfigurableservice command
mqsideleteconfigurableservice command
mqsichangeproperties command
mqsireportproperties command
MQInput node
HTTPInput node
HTTPRequest node
MQOutput node
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2007Copyright IBM Corporation 1999, 2007. All Rights Reserved.
This build: July 31, 2007 21:34:48

ap04120_ This topic's URL is:
End of change