| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ authorization service |
« View previous topic :: View next topic » |
| Author |
Message
|
| jlalbor |
 Posted: Mon Oct 26, 2009 9:42 pm Post subject: MQ authorization service |
 |
|
Apprentice
Joined: 18 Feb 2003
Posts: 38
|
Hello, Does anyone know if there are any available third party authorization services for WebSphere MQ to use instead the Object Authority Manager (OAM)?
_________________
Ing. José Luis Albor GarcÃa
IBM Certified System Administrator – WebSphere MQ V6.0
IBM Certified Solution Designer – WebSphere Message Broker V6.0 |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Tue Oct 27, 2009 5:51 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
I'm curious. What issues do you have with OAM that would lead you to look for a replacement?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| jlalbor |
| Posted: Tue Oct 27, 2009 9:20 am Post subject: |
|
|
Apprentice
Joined: 18 Feb 2003
Posts: 38
|
| bruce2359 wrote: |
| I'm curious. What issues do you have with OAM that would lead you to look for a replacement? |
OAM works fine, the situation we are facing is that a customer would like to separate the MQ administration from the OS administration in terms of MQ authorization. The MQ OAM requires that the users and groups must exist in the OS. The customer would like to use another kind of authorization mechanism that does not requiere the OS administrators to create new users and groups everytime a new application needs to use some MQ queues.
As far as I know, OAM can not be change to solve in some way the scenario explained above, thats why we are looking for another authorization service for the MQ.
Any suggestions?
_________________
Ing. José Luis Albor GarcÃa
IBM Certified System Administrator – WebSphere MQ V6.0
IBM Certified Solution Designer – WebSphere Message Broker V6.0 |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Oct 27, 2009 9:44 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Quote: |
| a customer would like to separate the MQ administration from the OS |
An odd request. Does the customer want something other than OAM to do authentication, too?
So, you want application-level authorization. WMQ makes use of the underlying (OAM, in this case) security on each platform. Like most other WMQ components, the security component is a replaceable component.
Perhaps Roger has something.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| jlalbor |
| Posted: Tue Oct 27, 2009 10:38 am Post subject: |
|
|
Apprentice
Joined: 18 Feb 2003
Posts: 38
|
Rigth now our customer is authenticating using a security exit.
It would be posible that this would have to change if the OAM is replaced with other kind of security component that supports both, authentication and authorization using some mechanisms that do not involve the operating system Users/Groups.
_________________
Ing. José Luis Albor GarcÃa
IBM Certified System Administrator – WebSphere MQ V6.0
IBM Certified Solution Designer – WebSphere Message Broker V6.0 |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Thu Oct 29, 2009 1:40 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| bruce2359 wrote: |
| Quote: |
| a customer would like to separate the MQ administration from the OS |
An odd request. Does the customer want something other than OAM to do authentication, too? |
This is not an odd question. I get it all the time. When a company implements a security solution that authenticates the connection's UserID and Password against an LDAP server (i.e. MQAUSX) then the same UserID cannot be used for the "connection" because it is not known to the local OS.
I've spoken with IBM Hursley developers and there are no exit points in the OAM to plug in a replacement lookup method. Hence, you need to replace the entire OAM to handle this situation. 
I've been working on a solution but it is not ready for prime time.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
