WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Kerberos token capabilities for identity mapping

This topic describes broker Web services capability for identity mapping using a Kerberos token.

Kerberos tickets from SOAP nodes are not supported for token mapping with an external security token server (STS) configured in the security profile.

On the Inbound route, with SOAPInput and SOAPAsyncResponse nodes, the presence of a security profile with propagation enabled causes the Kerberos Service Principal Name (SPN) to be placed in the properties tree as a Username token.

On the Outbound route, with SOAPRequest and SOAPAsyncRequest nodes, identity propagation can be used to provide the Kerberos Key Distribution Center (KDC) credentials. Arrange for the KDC credentials to be set as a Username and password token in the properties tree and associate the SOAP node with a security profile that specifies propagation; otherwise the KDC credentials are obtained using the Kerberos resource credentials that are created using the mqsisetdbparms command.

Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:48:24


Reference topicReference topic | Version 8.0.0.7 | bp28363_