| Author |
Message
|
| Ramya.IN |
 Posted: Mon Apr 07, 2014 8:42 am Post subject: Basic HTTP Authentication |
 |
|
Novice
Joined: 07 Apr 2014
Posts: 13
Location: Los Angeles, USA
|
Hi,
How to configure Broker to use basic HTTP authentication?
Can the command 'mqsisetdbparms' be used for basic http auth? When I check the WMB help content it says the command is used to associate the user id and password but does not mention if it can be used for basic authentication.Can some one suggest any other command basic http auth.
Basically, I want to configure the user-id/pwd in the broker for basic http authentication first then change the message flow to use the security profile.
Please help.
Thanks,
Ramya.
Last edited by Ramya.IN on Mon Apr 07, 2014 9:01 am; edited 1 time in total |
|
| Back to top |
|
 |
| Vitor |
| Posted: Mon Apr 07, 2014 8:56 am Post subject: Re: Basic HTTP Authentication |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Ramya.IN wrote: |
| How to configure Broker to use basic HTTP authentication? |
Using the method detailed in the product documentation
| Ramya.IN wrote: |
| Can the command 'mqsisetdbparms' be used for basic http auth? |
Possibly, depending on product version (which you've not seen fit to mention) and your exact use case (which you've not seen fit to mention either).
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Ramya.IN |
| Posted: Mon Apr 07, 2014 9:06 am Post subject: |
|
|
Novice
Joined: 07 Apr 2014
Posts: 13
Location: Los Angeles, USA
|
|
| Back to top |
|
|
| Ramya.IN |
| Posted: Mon Apr 07, 2014 10:11 am Post subject: |
|
|
Novice
Joined: 07 Apr 2014
Posts: 13
Location: Los Angeles, USA
|
Use case:
I got to set up Basic HTTP Authentication where in if the given username and password doesnot match the set credentials it should throw an error. In such a case can i use 'mqsisetdbparams ' command to set up basic auth. Please let me know.
Thanks,
Ramya. |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Apr 07, 2014 10:14 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
And what arfe you still unclear on?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Apr 07, 2014 10:24 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Ramya.IN wrote: |
| I got to set up Basic HTTP Authentication where in if the given username and password doesnot match the set credentials it should throw an error. |
So your use case is that the flow should examine (authenticate) the credentials supplied by reference to a user id / password pair stored in the broker's own registry via the mqsisetdbparms commands?
No, you can't use mqsisetdbparms for that.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Ramya.IN |
| Posted: Mon Apr 07, 2014 4:06 pm Post subject: |
|
|
Novice
Joined: 07 Apr 2014
Posts: 13
Location: Los Angeles, USA
|
Thank you for the reply. May i know what command or other options that can be used in such a use case if mqsisetdbparams cannot be used.
Last edited by Ramya.IN on Mon Apr 07, 2014 4:28 pm; edited 1 time in total |
|
| Back to top |
|
|
| Ramya.IN |
| Posted: Mon Apr 07, 2014 4:22 pm Post subject: And what arfe you still unclear on?[/quote] |
|
|
Novice
Joined: 07 Apr 2014
Posts: 13
Location: Los Angeles, USA
|
And what arfe you still unclear on?[/quote]
I do not want any external provider to be used. But the link specifies the usage of an external provider. |
|
| Back to top |
|
|
| SandiSan |
| Posted: Mon Apr 07, 2014 11:20 pm Post subject: |
|
|
Acolyte
Joined: 01 Apr 2006
Posts: 57
Location: Pune/India
|
Check these steps
1. Register the u/p
mqsisetdbparms brokerName -n securityIdName -u username -p password
2. Create a Security Profile configurable service by using the mqsicreateconfigurableservice command:
mqsicreateconfigurableservice brokerName -c SecurityProfiles -o securityProfileName -n "propagation,idToPropagateToTransport,transportPropagationConfig" -v "TRUE,STATIC ID,securityIdName"
3. Register securityProfileName with the request node, either in the bar editor or by using mqsiapplybaroverride. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Apr 08, 2014 5:11 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| SandiSan wrote: |
Check these steps
1. Register the u/p
mqsisetdbparms brokerName -n securityIdName -u username -p password
2. Create a Security Profile configurable service by using the mqsicreateconfigurableservice command:
mqsicreateconfigurableservice brokerName -c SecurityProfiles -o securityProfileName -n "propagation,idToPropagateToTransport,transportPropagationConfig" -v "TRUE,STATIC ID,securityIdName"
3. Register securityProfileName with the request node, either in the bar editor or by using mqsiapplybaroverride. |
I thought that only worked for passing static credentials (i.e. those not held or derived from the message payload) out to an external service.
The OP is (if I'm reading the post correctly) trying to expose a flow as a web service and authenticate a user against the registry.
Note also that this only works on higher versions of WMB/IIB
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Ramya.IN |
| Posted: Tue Apr 08, 2014 8:13 am Post subject: |
|
|
Novice
Joined: 07 Apr 2014
Posts: 13
Location: Los Angeles, USA
|
| SandiSan wrote: |
Check these steps
1. Register the u/p
mqsisetdbparms brokerName -n securityIdName -u username -p password
2. Create a Security Profile configurable service by using the mqsicreateconfigurableservice command:
mqsicreateconfigurableservice brokerName -c SecurityProfiles -o securityProfileName -n "propagation,idToPropagateToTransport,transportPropagationConfig" -v "TRUE,STATIC ID,securityIdName"
3. Register securityProfileName with the request node, either in the bar editor or by using mqsiapplybaroverride. |
Thanks for the reply. I will try this once. |
|
| Back to top |
|
|
| Ramya.IN |
| Posted: Tue Apr 08, 2014 8:18 am Post subject: |
|
|
Novice
Joined: 07 Apr 2014
Posts: 13
Location: Los Angeles, USA
|
| Vitor wrote: |
I thought that only worked for passing static credentials (i.e. those not held or derived from the message payload) out to an external service.
The OP is (if I'm reading the post correctly) trying to expose a flow as a web service and authenticate a user against the registry.
Note also that this only works on higher versions of WMB/IIB |
Hi.. does higher versions of WMB/IIB mean higher version than 7.0.0.3? Thanks. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Apr 08, 2014 9:06 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Ramya.IN wrote: |
| Vitor wrote: |
I thought that only worked for passing static credentials (i.e. those not held or derived from the message payload) out to an external service.
The OP is (if I'm reading the post correctly) trying to expose a flow as a web service and authenticate a user against the registry.
Note also that this only works on higher versions of WMB/IIB |
Hi.. does higher versions of WMB/IIB mean higher version than 7.0.0.3? Thanks. |
Yes. Introduced in WMBv8
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| anurag.munjal |
| Posted: Fri Apr 11, 2014 5:41 am Post subject: This should help |
|
|
Voyager
Joined: 08 Apr 2012
Posts: 97
|
Use this esql code- it works! 
| Code: |
CREATE COMPUTE MODULE SomeCompute
CREATE FUNCTION Main() RETURNS BOOLEAN
BEGIN
CALL CopyEntireMessage();
SET OutputRoot.HTTPRequestHeader."Authorization" = 'Basic '||base64Encode(CAST('admin:admin123' as BLOB CCSID InputRoot.Properties.CodedCharSetId));
RETURN TRUE;
END;
CREATE PROCEDURE CopyEntireMessage() BEGIN
SET OutputRoot = InputRoot;
END;
CREATE PROCEDURE base64Encode(IN source BLOB)
RETURNS CHARACTER
LANGUAGE JAVA
EXTERNAL NAME "com.ibm.broker.javacompute.Base64.encode";
END MODULE; |
_________________
- Anurag
------------------------
Be Simple, Be Happy |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Apr 11, 2014 5:48 am Post subject: Re: This should help |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| anurag.munjal wrote: |
Use this esql code- it works!
| Code: |
CREATE COMPUTE MODULE SomeCompute
CREATE FUNCTION Main() RETURNS BOOLEAN
BEGIN
CALL CopyEntireMessage();
SET OutputRoot.HTTPRequestHeader."Authorization" = 'Basic '||base64Encode(CAST('admin:admin123' as BLOB CCSID InputRoot.Properties.CodedCharSetId));
RETURN TRUE;
END;
CREATE PROCEDURE CopyEntireMessage() BEGIN
SET OutputRoot = InputRoot;
END;
CREATE PROCEDURE base64Encode(IN source BLOB)
RETURNS CHARACTER
LANGUAGE JAVA
EXTERNAL NAME "com.ibm.broker.javacompute.Base64.encode";
END MODULE; |
|
If I'm reading this correctly, this is placing a hard coded value in the HTTP header rather than reading the values from the broker registry where it's been placed by mqsisetdbparms as the OP requested.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
