| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| WS-Security set up in MB/MQ 7.0 + Tivoli FIM Usage |
« View previous topic :: View next topic » |
| Author |
Message
|
| MB_Naveen_Kumar |
 Posted: Wed Mar 31, 2010 10:54 pm Post subject: WS-Security set up in MB/MQ 7.0 + Tivoli FIM Usage |
 |
|
Novice
Joined: 25 Mar 2010
Posts: 16
|
Hi ,
I am setting up WS-security in MB/MQ 7.0 environement where i need to Message authentication based on Username / password.
going through the document support in MB infocenter i found this piece of info :-
WebSphere® Message Broker provides a Security Manager for implementing message flow security so that end-to-end processing of a message through a message flow is secured based on an identity carried in that message instance.
The Security Manager enables access to message flows to be controlled per message and includes the ability to:
1> Extract the identity from an inbound message.
2> Authenticate an inbound message by using an external security provider.
3> Map the identity to an alternative identity by using an external security provider.
4> Check that the alternative identity or the original identity is authorized to access the message flow by using an external security provider.
5> Propagate the inbound or alternative identity
for point no 2 i have to use IBM Tivoli Federated Identity Manager (FIM) along with IBM Tivoli Access Manager .
CAN someone tell me how do i go about ? is Tivoli FIM an additional product that i need to download or is it part of the MB package and if i need to download it , then how do i go on with the configuration of FIM and MB ... can you explain the process and related steps to me ? |
|
| Back to top |
|
 |
| elvis_gn |
| Posted: Wed Mar 31, 2010 11:46 pm Post subject: Re: WS-Security set up in MB/MQ 7.0 + Tivoli FIM Usage |
|
|
Padawan
Joined: 08 Oct 2004
Posts: 1905
Location: Dubai
|
|
| Back to top |
|
|
| MB_Naveen_Kumar |
| Posted: Thu Apr 01, 2010 12:45 am Post subject: |
|
|
Novice
Joined: 25 Mar 2010
Posts: 16
|
HI elvis,
Thanks for the help.
BTW the link u provided talks about HTTP nodes and no SSL, But I am using SOAP nodes and its HTTP SSL end to end message security. Will it make any defference for the Tivoli product to be used ? And if any other Consideration has to be looked into , please suggest .. |
|
| Back to top |
|
|
| elvis_gn |
| Posted: Thu Apr 01, 2010 3:18 am Post subject: |
|
|
Padawan
Joined: 08 Oct 2004
Posts: 1905
Location: Dubai
|
Hi MB_Naveen_Kumar,
| MB_Naveen_Kumar wrote: |
| BTW the link u provided talks about HTTP nodes and no SSL, But I am using SOAP nodes and its HTTP SSL end to end message security. |
Well that's not what you asked...
| MB_Naveen_Kumar wrote: |
| I am setting up WS-security in MB/MQ 7.0 environement where i need to Message authentication based on Username / password. |
| MB_Naveen_Kumar wrote: |
| Will it make any defference for the Tivoli product to be used ? And if any other Consideration has to be looked into , please suggest .. |
The Tivoli LDAP is just another User Directory like Oracle OID or Microsoft Active Directory. The TFIM is used to federate the users centrally...i.e when you have a 'Naveen' in HR Dept's Oracle LDAP named as 'Naveen Kumar' and 'Naveen K' in the Payroll Dept's MS Active Directory and a 'Kumar Naveen' in Employee Database using Tivoli LDAP, the TFIM will help identify that all the 'Naveen's are really 1 person...
To implement SSL you need to get into KeysStores and Certificates etc...that's a total different ball game. There are articles on this on developerWorks...happy searching 
Regards. |
|
| Back to top |
|
|
| MB_Naveen_Kumar |
| Posted: Sun Apr 04, 2010 9:36 pm Post subject: |
|
|
Novice
Joined: 25 Mar 2010
Posts: 16
|
Hi elvis,
thanks again for your reply..
I have already implemented Transport level Authentication(or client Authentication) by using self signed certificates.
Now i was trying to implement Message authentication , i was doing a reserch on all the options and the LDAP area came about , but now i have realised that i'll take it up at a later stage..
Now if want help me on message authentication , pls see this query
I am trying to create a WSDL which has security policies implemented i,e whenever i generate a project based on the WSDL in SOAP UI i must get the WS-SE security headers with username tokens in the request message, So that i can send the security information in the WS-SE headers and use data stored in a database for authentication.
how do i create such a wsdl ? can we create from the MB toolkit ? or is there any other means to it ? .. pls give some suggestion, links and clarifications on this .. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
