| Author |
Message
|
| akil |
 Posted: Tue Aug 12, 2014 12:53 am Post subject: Using a SecurityProfile & the broker registry for Identi |
 |
|
Partisan
Joined: 27 May 2014
Posts: 338
Location: Mumbai
|
Hi
In the IIB 9 documentation , there's a section on using a custom security profile and the broker registry to provide the identity for a SOAPRequest
There is no specific mention on whether this works for HTTPRequest or not.
I tried the steps mentioned for the SOAPRequest & used it for an HTTPRequest with HTTP Basic Auth, and it seems to be working.
| Code: |
mqsisetdbparms brokerName -n securityIdName -u username -p password
mqsicreateconfigurableservice broker name -c SecurityProfiles -o securityProfileName -n "propagation,idToPropagateToTransport,transportPropagationConfig" -v "TRUE,STATIC ID,securityIdName"
|
1. Wanted a confirmation that this is indeed allowed, and I am doing the right thing..
2. I am unable to locate the meaning of STATIC ID and other options for idToPropagateToTransport - where can I learn more about this?
_________________
Regards |
|
| Back to top |
|
 |
| martinb |
| Posted: Wed Aug 13, 2014 12:40 am Post subject: |
|
|
Master
Joined: 09 Nov 2006
Posts: 210
Location: UK
|
Hi
This facility to propagate a fixed identity from the mqsisetdbparms credentials store was not documented extensively when it was added in WMB v8.
As you observed with HTTPRequrest, you can indeed use "idToPropagateToTransport" with value "STATIC ID" for any output/request node that can accept a username and password type identity.
"idToPropagateToTransport = 'STATIC ID'" means take the credentials from the mqsisetdbparms alias set in "transportPropagationConfig".
You can gleam the other allowed setting for "idToPropagateToTransport" from the topic
mqsireportproperties, "idToPropagateToTransport = 'Message ID'". Meaning take the identity from the current Message Properties tree. |
|
| Back to top |
|
|
| akil |
| Posted: Wed Aug 13, 2014 6:02 am Post subject: |
|
|
Partisan
Joined: 27 May 2014
Posts: 338
Location: Mumbai
|
Thank you , this helps me move ahead confidently ..
_________________
Regards |
|
| Back to top |
|
|
| shrusonu |
| Posted: Mon Mar 16, 2015 9:04 am Post subject: |
|
|
Novice
Joined: 20 Dec 2013
Posts: 16
|
Hi Akil & martinb
Does this mean that the username and password are passed in the SOAP Request xml ?
Many Thanks, |
|
| Back to top |
|
|
| martinb |
| Posted: Mon Mar 16, 2015 9:46 am Post subject: |
|
|
Master
Joined: 09 Nov 2006
Posts: 210
Location: UK
|
Hi
Better to state what you want to achieve?
The Broker message flow security can be configured for
- SOAP Request / AsyncReply Nodes to send either
- HTTP BasicAuth header, or
- WS-Sec username SOAP header.
- HTTP Request nodes to send
- HTTP BasicAuth
HTH |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Mar 16, 2015 11:03 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| martinb wrote: |
Better to state what you want to achieve?
The Broker message flow security can be configured for
- SOAP Request / AsyncReply Nodes to send either
- HTTP BasicAuth header, or
- WS-Sec username SOAP header.
- HTTP Request nodes to send
- HTTP BasicAuth |
Referencing this, the implication is that SOAPRequest does WS-Sec & HTTPRequest does Basic Auth. Is this not the case, and how does one affect the behaviour?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| martinb |
| Posted: Mon Mar 16, 2015 11:26 am Post subject: |
|
|
Master
Joined: 09 Nov 2006
Posts: 210
Location: UK
|
|
| Back to top |
|
|
|
|
