Use a Security Profiles policy to configure a security profile at run time.
A security profile defines the security operations that are completed in a message flow by SecurityPEP nodes and security-enabled input and output nodes. Security profiles are configured by the integration administrator before a message flow is deployed, and are accessed by the security manager at run time. You can use a Security Profiles policy to control, at run time, those security operations.
Property | Property name in .policyxml file | Value |
---|---|---|
Authentication | authentication | This property specifies the type of authentication that is performed on the source identity.
Valid values are:
If you are using Tivoli Federated Identity Manager (TFIM) V6.1, set this property to TFIM. If you are using TFIM V6.2, set this property to WS-Trust V1.3 STS. Value type: String |
Authentication configuration | authenticationConfig | This property specifies the information that the integration server
needs to connect to the provider and look up the identity tokens. This property is in the form of a
provider-specific configuration string. Value type: String |
Mapping | mapping | This property specifies the type of mapping that is performed (see Identity mapping). Valid values are:
If you are using TFIM V6.1, set this property to TFIM. If you are using TFIM V6.2, set this property to WS-Trust V1.3 STS. Value type: String |
Mapping configuration | mappingConfig | This property specifies how the integration node connects to the provider and looks up the
mapping routine. This property is in the form of a provider-specific configuration string. Value type: String |
Authorization | authorization | This property specifies the types of authorization checks that are performed on the mapped or
source identity (see Authorization). Valid values are:
If you are using TFIM V6.1, set this property to TFIM. If you are using TFIM V6.2, set this property to WS-Trust V1.3 STS. Value type: String |
Authorization configuration | authorizationConfig | This property specifies how the integration node connects to the provider and checks access
(for example, checking a group for membership). This property is in the form of a provider-specific
configuration string. Value type: String |
Propagation | propagation | This property indicates whether identity propagation is performed on output and request
nodes. On security-enabled input nodes, you can choose to select only identity propagation, without
specifying any other security operations, to make the extracted incoming identity or security token
available for use in the other nodes in the message flow, such as output or request nodes. See Identity and security token propagation. Valid values are:
Value type: Boolean |
Identifier to propagate | idToPropagateToTransport | This property enables the use of a specific security identity for propagation. Set the value
to Static ID and set the security identity by using the Transport
propagation configuration property. This property has a default value of
Message ID. Value type: String |
Transport propagation configuration | transportPropagationConfig | This property provides a specific security identity to propagate when Identifier to
propagate is set to Static ID. Set the value of this property to
the name that you associate with the static user name and password identity when you run the
mqsisetdbparms command (see Configuring a message flow for identity propagation).
Value type: String |
Keystore | keyStore | This property is reserved for future use. |
Truststore | trustStore | This property is reserved for future use. |
Password value | passwordValue | This property specifies how passwords are treated when they enter a message flow. Valid
values are:
Value type: String |
Reject blank passwords | rejectBlankpassword | This property specifies whether the security manager internally rejects a user name that has
an empty password token, without passing it to the configured security provider for authentication
(for example, an LDAP server). Valid values are:
Value type: Boolean |