Input nodes can retrieve identity from the bitstream. For example, an MQ input node retrieves the UserIdentifier from the message descriptor (MQMD) and puts it in the Identity Source Token element of the properties folder. At the same time, it sets the Identity Source Type element to username and the Identity Source Issued By element to MQMD.PutApplName (the put application name).
However, this information is not sufficient to perform authentication. For authentication to occur, a usernameAndPassword type token is required. If this is not available, the incoming identity has to be trusted, although you can reduce the problem by applying transport-level security using MQ Extended Security Edition for MQ.
If authentication is required, the username and password information must be provided as part of the incoming message. To enable this, the flow must include a path into the message to locate the security information. You specify this information using the Security tab on the Input nodes: