| Author |
Message
|
| kartal10 |
 Posted: Wed Aug 15, 2007 8:55 am Post subject: MQIPT Proxy Authentication |
 |
|
Newbie
Joined: 26 Jun 2007
Posts: 4
|
Hello All,
I would like to know if proxy authentication is supported in MQIPT.
Thanks for any answers... |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Wed Aug 15, 2007 9:26 am Post subject: Re: MQIPT Proxy Authentication |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| kartal10 wrote: |
Hello All,
I would like to know if proxy authentication is supported in MQIPT.
Thanks for any answers... |
I know that proxies are supported. Don't remember about proxy authentication. What does the manual say about it?
Would you put the proxy authentication into the Key(X509)?
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| kartal10 |
| Posted: Thu Aug 16, 2007 2:40 am Post subject: |
|
|
Newbie
Joined: 26 Jun 2007
Posts: 4
|
Thanks for the reply.
I read posts on the internet from few years back (2004) saying that proxy authentication is not supported yet but that IBM were working on it. The manual says nothing about proxy authentication.
Would you put the proxy authentication into the Key(X509)?
I want to put the proxy authentication into the MQIPT conf files.
The current set-up is:
MQ client (SSL) --> MQIPT ----> Proxy Server ----> MQIPT ----> MQ Server (SSL).
Thanks... |
|
| Back to top |
|
|
| PhilBlake |
| Posted: Thu Aug 16, 2007 6:49 am Post subject: |
|
|
Acolyte
Joined: 25 Oct 2005
Posts: 64
|
If you mean authentication using the Proxy-Authorization/Proxy-Authenticate HTTP headers, then unfortunately not.
Have you raised this through the normal WMQ requirements process ?
Send me an email if you'd like to discuss.
HTH
Phil |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Aug 16, 2007 7:40 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| kartal10 wrote: |
Thanks for the reply.
I read posts on the internet from few years back (2004) saying that proxy authentication is not supported yet but that IBM were working on it. The manual says nothing about proxy authentication.
Would you put the proxy authentication into the Key(X509)?
I want to put the proxy authentication into the MQIPT conf files.
The current set-up is:
MQ client (SSL) --> MQIPT ----> Proxy Server ----> MQIPT ----> MQ Server (SSL).
Thanks... |
You have an unusual setup.
Usually you would find:
MQClient --> MQIPT(SSL)-->Proxy Server --> proxy server -->MQIPT(SSL) --> MQServer.
MQIPT is usually used to achieve SSL where your channels don't support it and you don't want to create channels with SSL.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| kartal10 |
| Posted: Fri Aug 17, 2007 2:31 am Post subject: |
|
|
Newbie
Joined: 26 Jun 2007
Posts: 4
|
I had a chat with IBM, and they havent developed this requirement.
Sorry actually my set is as what you said fjb_saper:
MQClient --> MQIPT(SSL)-->Proxy Server --> proxy server -->MQIPT(SSL) --> MQServer.
I have now gone past the proxy authentication stage, I had to change the settings on the proxy server.
The problem how is, I tried the above set up without ssl and it works but when i try it with SSL, i get the following error:
MQCPI014 Eyecatcher protocol ({0}) not recognized.
Thanks... |
|
| Back to top |
|
|
| PhilBlake |
| Posted: Fri Aug 17, 2007 5:45 am Post subject: |
|
|
Acolyte
Joined: 25 Oct 2005
Posts: 64
|
Which server is showing that error - MQIPT#2 nearest the queue manager ?
What route properties have you defined for MQIPT#2 ?
Send me an email if you'd rather not post the mqipt.conf details here.
Phil
WebSphere MQIPT Developer |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Aug 17, 2007 9:12 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Please remember as well that the certificates and MQIPT SSL settings differ on the client and server sides of the connection.
We used self signed certificates. The domain name (host.mydomain.com) on the certificate must match the domain of the MQIPT server holding the certificate. We do not use a proxy server in between but use direct connection (TCP) between the 2 MQIPT servers. (Firewalls had to be opened on the right ports).
Enjoy
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
