Authentication tip: To create a service
integration bus link between two secure buses, you must add an authentication
alias to both ends of the link. The user ID you specify in the authentication
alias on each side of the link must be the same, and the user ID must exist
in the user registries accessed by the servers hosting each side of the link.
This is because the user ID is used for two purposes. Consider two messaging
engines, A and B, connected by a foreign bus link:
- The user ID is presented by Messaging Engine A (together with the password)
to Messaging Engine B, so that Messaging Engine B can authenticate Messaging
Engine A.
- The user ID is used by Messaging Engine A to authorize Messaging Engine
B.
Only the user ID needs to be the same. The passwords supplied in the
authentication aliases can be different, as long as the password sent matches
the information specified in the user registry at the receiving end of the
link. For example: An authentication alias is passed from Messaging Engine
A to Messaging Engine B. This user ID and password is then authenticated
by Messaging Engine B against its user registry. The user ID is authorized
for inter-bus connection if the following two conditions are met:
- The user ID exists in the user registries for both messaging engines.
- The password matches the password defined for that user ID on Messaging
Engine B.