Before you begin
Before you can configure a message flow to perform identity
authentication, you need to check that an appropriate security profile
exists, or create a new security profile. See Creating a security profile for TFIM V6.1.
About this task
When you use TFIM V6.1 for
authentication, a request is made to the TFIM trust service with the
following three parameters, which select the module chain:
- Issuer = Properties.IdentitySourceIssuedBy
- Applies To = The Fully Qualified Name of the Flow: <integrationNodeName>.<Integration
Server Name>.<Message Flow Name>
- Token = Properties.IdentitySourceToken
For more information about these parameters, see Authentication, mapping, and authorization with TFIM V6.1 and TAM.
For further information about
how to configure TFIM, see the
IBM
Tivoli Federated Identity
Manager product documentation online.
Steps
for enabling TFIM authentication:
Procedure
To enable an existing message flow to perform identity
authentication, use the BAR editor
to select a security profile that uses TFIM for authentication. You can set a security profile on a message flow or on individual
input nodes. If no security profile is set for the input nodes, the
setting is inherited from the setting on the message flow.
- Switch to the Integration Development perspective.
- In the Application Development view,
right-click the BAR file, then click Open with > BAR
Editor.
- Click the Manage and Configure tab.
- Click the flow or node on which you want to set the
security profile. The properties that you
can configure for the message flow or for the node are displayed in
the Properties view.
- In the Security Profile Name field,
select a security profile that uses TFIM for authentication.
- Save the BAR file.
What to do next
If
the message identity does not contain enough information for authentication,
the information must be taken from the message body. For example,
if a password is required for authentication but the message came
from WebSphere® MQ with
only a username, the password information must be taken from the message
body. For more information, see Configuring the extraction of an identity or security token.