WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Configuring authentication with TFIM V6.1

You can configure a message flow to perform identity authentication by using Tivoli® Federated Identity Manager (TFIM) V6.1.

Before you start:

Before you can configure a message flow to perform identity authentication, you need to check that an appropriate security profile exists, or create a new security profile. See Creating a security profile for TFIM V6.1.

Note: Support for TFIM V6.1 is included for compatibility with previous versions of WebSphere Message Broker. If possible, upgrade to TFIM V6.2 and follow the instructions in Configuring authentication or security token validation with a WS-Trust v1.3 STS (TFIM V6.2).
When you use TFIM V6.1 for authentication, a request is made to the TFIM trust service with the following three parameters, which select the module chain:
  • Issuer = Properties.IdentitySourceIssuedBy
  • Applies To = The Fully Qualified Name of the Flow: <Brokername>.<Execution Group Name>.<Message Flow Name>
  • Token = Properties.IdentitySourceToken

For more information about these parameters, see Authentication, mapping, and authorization with TFIM V6.1 and TAM.

For further information about how to configure TFIM, see the IBM® Tivoli Federated Identity Manager Information Center.

Steps for enabling TFIM authentication:

To enable an existing message flow to perform identity authentication, use the Broker Archive editor to select a security profile that uses TFIM for authentication. You can set a security profile on a message flow or on individual input nodes. If no security profile is set for the input nodes, the setting is inherited from the setting on the message flow.
  1. Switch to the Broker Application Development perspective.
  2. In the Broker Development view, right-click the BAR file, then click Open with > Broker Archive Editor.
  3. Click the Manage and Configure tab.
  4. Click the flow or node on which you want to set the security profile. The properties that you can configure for the message flow or for the node are displayed in the Properties view.
  5. In the Security Profile Name field, select a security profile that uses TFIM for authentication.
  6. Save the BAR file.

For a SOAPInput node to use the identity in the WS-Security header (rather than an underlying transport identity) an appropriate policy set and bindings must also be defined and specified. For more information, see Policy sets.

If the message identity does not contain enough information for authentication, the information must be taken from the message body. For example, if a password is required for authentication but the message came from WebSphere MQ with only a username, the password information must be taken from the message body. For more information, see Configuring the extraction of an identity or security token.

Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:47:25


Task topicTask topic | Version 8.0.0.7 | ap04122_