Start of change
WebSphere Message Brokers
File: ap04130_
Writer: Stephanie J Strugnell

Task topic

This build: July 31, 2007 21:34:49

Configuring identity mapping

Before you start:

Before you can configure a message flow to perform identity mapping, you need to check that an appropriate security profile exists, or create a new security profile. See Configuring a security profile.

To enable an existing message flow to perform identity mapping:
  1. On the Security tab for each input node, select a security profile that has mapping enabled:

    Screen capture of the Security tab on the MQInput Node Properties panel.

    Ensure that TFIM is selected in the security profile as the mapping provider.

  2. Configure TFIM to map the incoming security token (and, if required, to authenticate and authorize it). The security token is the X.509 certificate, username, and username+password.

    To configure TFIM to map the incoming security token, you need to create a custom module chain in TFIM, which performs the security operations. The TFIM configuration controls the token type that is returned from the mapping. For information on how to configure TFIM, see the IBM Tivoli Federated Identity Manager information center.

Related concepts
Identity
Authentication
Identity mapping
Authorization
Identity propagation
Security profiles
Security exception processing
Related tasks
Configuring identity
Configuring authentication
Configuring a security profile
Creating a security profile for LDAP
Configuring a security profile for TFIM
Configuring authorization
Configuring a message flow for identity propagation
Setting up message flow security
Related reference
mqsicreateconfigurableservice command
mqsideleteconfigurableservice command
mqsichangeproperties command
mqsireportproperties command
MQInput node
HTTPInput node
HTTPRequest node
MQOutput node
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2007Copyright IBM Corporation 1999, 2007. All Rights Reserved.
This build: July 31, 2007 21:34:49

ap04130_ This topic's URL is:
End of change