WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Configuring authentication with HTTP basic authentication

Use a security profile to configure HTTP basic authentication in the HTTPRequest or SOAPRequest nodes.

Basic authentication is a common extension in the HTTP protocol that allows a client to provide identity information to a remote web server in the form of a username and password sent in the HTTP header data. Security profiles in WebSphere® Message Broker provide a way for message flow designers to provide these credentials without building the HTTP headers in a Compute node.

If identity propagation is enabled for the selected security profile, the HTTPRequest and SOAPRequest nodes automatically pick up username and password credentials, if present, from the Properties tree. See Configuring a message flow for identity propagation. The predefined security profile Default Propagation has this setting enabled.

To enable basic authentication, select an appropriate security profile for the output node or the message flow in the Broker Archive editor. The credentials are picked up from the following Properties tree locations if set:

Properties.IdentityMappedType
Properties.IdentityMappedToken
Properties.IdentityMappedPassword

If the mapped identity fields are not set, the credentials are picked up from the following Properties tree locations:

Properties.IdentitySourceType
Properties.IdentitySourceToken
Properties.IdentitySourcePassword

For basic authentication both a username and password are required, therefore the appropriate Type field must be set to the string usernameAndPassword. For example:

SET OutputRoot.Properties.IdentitySourceType='usernameAndPassword';
SET OutputRoot.Properties.IdentitySourceToken = 'myUser';
SET OutputRoot.Properties.IdentitySourcePassword = 'myPassw0rd';

These fields are interpreted by a subsequent HTTPRequest or SOAPRequest node and converted into a basic authentication HTTP header.

You can also propagate credentials from an input message by setting a security profile which includes propagation on an input node, and then using the input node properties Identity token type, Identity Token location and Identity password location. These three properties take an XPath expression that specifies the location in the input message to retrieve the appropriate token or password from. When configured correctly, these properties place the identity information in the Properties.IdentitySourceType, Properties.IdentitySourceToken and Properties.IdentitySourcePassword fields. HTTPRequest or SOAPRequest nodes then use these values directly, with an appropriate security policy.

You can override the configuration of the security profile by selecting the build option Override configurable property values in the Broker Archive editor.

Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:48:23


Task topicTask topic | Version 8.0.0.7 | bp19260_