MQSeries.net :: View topic

erpankajgupta · Posted: Thu May 10, 2007 12:36 pm Post subject: Help for Authentication Exit

Hi experts,
We are currently using workflow authentication for our application. We need to switch to LDAP authentication soon.
I need to implement "Authentication Exit" to remove the workflow authentication.
We are using AIX 5.3 , J2RE 1.4.2, MQWF 3.6

I was trying to accomplish it using the sample programs provided by IBM (<MQWFDir>/SMP/java/authexit/*.java)

I changed the settings
fmczchk -c inst:m,RTAuthenticationExitTypeServer,JAVA

and restarted workflow.

I created the new X509 certificate (for testing) using keytool and modified hardcoded user etc. (basically I followed all the steps as mentioned in the readme.txt of sample IBM programs)

When I tried to test the "Authentication exit", i got time out error..
Error logging on to MQWF
com.ibm.workflow.client.util.FmcApiException:
FMC38009E MQSeries Workflow API Error :
API Return Code : 14
Error Origin : FmcFMLC.java:602
Error Message : FMC00014E Timeout occurred
Nested Exception : None
at com.ibm.workflow.client.util.FmcFMLC.GetMsgFmcFMLC.java:602)
at com.ibm.workflow.client.util.FmcFMLC.ConverseFmcFMLC.java:630)
at com.ibm.workflow.client.api.FmcSession.CallSync(FmcSession.java:451)
at com.ibm.workflow.client.api.FmcSession.LogonFmcSession.java:1309)
at com.ibm.workflow.client.api.FmcExecutionService.logon3(FmcExecutionService.java:818) at com.ibm.workflow.java.exit.AuthenticationClient.main(AuthenticationClient.java:193)

Any idea, what could be wrong? All suggestions are welcome.

P.S. Here is the readme file from IBM, which I followed religiously:
********************
The following steps are necessary to run the Authentication Exit sample:

1. In an empty working directory, create a directory structure com/ibm/workflow/java/exit.
Copy the file <MQWFDir>/SMP/java/authexit/AuthenticationConstants.java and the files
<MQWFDir>/SMP/java/authexit/sample1/*.java to the directory
structure com/ibm/workflow/java/exit.

Then compile the files with the command:

>javac -classpath <MQWFDir>/bin/fmcjapi.jar com/ibm/workflow/java/exit/*.java

Then you create a jar file of these Java classes:

>jar -cvf fmcaexit.jar com

2. You have to set the environment for the MQWF Administration Server correctly if you want
to use the Exit:

a. Set the classpath in the environment the MQWF Administration Server is going to run in,
e.g.:
set classpath=D:/INFO/MQWF/AuthenticationExit/fmcaexit.jar;%classpath%

NOTE: The file fmcjapi.jar and its prerequisites must be available and part of the CLASSPATH!

b. Enable the Java AuthenticationExit by executing:

fmczchk -c inst:m,RTAuthenticationExitTypeServer,JAVA -y <Cfg-ID>

NOTE: To disable the AuthenticationExit use:
fmczchk -c inst:m,RTAuthenticationExitTypeServer, -y <Cfg-ID>

c. Make sure, that a Java 2 Runtime Environment is available in the MQWF Administration Server's
environment.

After (re-)starting the MQWF Administration Server the AuthenticationExit will be enabled

3. A sample client program is provided in AuthenticationClient.java that shows the
new logon methods 'logon3(byte[] userCredentials)' and
'logon4(byte[] userCredentials, SessionMode mode,
AbsenceIndicator absenceIndicator, java.lang.String userName)
that are used to pass credentials to the AuthenticationExit.

To use the AuthenticationClient you should generate your own X509 certificate. That way
you avoid problems concerning the validity of the certificate. The generation of X509
certificates can be done using the keytool utility of jdk 1.2.2. The following shows an
example for creating a X509 certificate for the Administrator user.

a. Generate Keypair for the user:

b. Export a X509 certificate for the user with alias admin out of the keystore:

AuthenticationClient sample program when you start it:
e.g.:

> java com.ibm.workflow.java.exit.AuthenticationClient MyCert.cert

*****************************

Thank you.