| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Problem with Configuring LDAP authorization in IIB |
« View previous topic :: View next topic » |
| Author |
Message
|
| ksrocks9 |
 Posted: Mon Aug 24, 2015 12:55 pm Post subject: Problem with Configuring LDAP authorization in IIB |
 |
|
Apprentice
Joined: 11 Mar 2015
Posts: 35
|
Steps I fallowed in Message broker 7 for LDAP authorization:
Creating Security Profile
mqsicreateconfigurableservice IIB9Node -c SecurityProfiles -o Test -n authorization,authorizationConfig,propagation,passwordValue -v "LDAP, \"ldap://ldap.corp.mycorp.com:389/CN=myGroupname,OU=All Groups,DC=corp,DC=MycropName,DC=com?member?sub?x-userBaseDN=OU=usersOU=Splusers%2cDC=corp%2cDC=Mycorpname%2cDC=com,x-uid_attr=attrname\",FALSE,PLAIN"
Configuring HTTP Port
mqsichangeproperties IIB9Node -b httplistener -o HTTPListener -n startListener -v false
mqsichangeproperties IIB9Node -e Test -o ExecutionGroup -n httpNodesUseEmbeddedListener -v true
mqsichangeproperties IIB9Node -e Test -o HTTPConnector -n explicitlySetPortNumber -v 7890
I configured Security Profile in bar file level
Soap Input Node-> Properties -> Configure :
Policy Set: WSS10Default
Policy Set Bindings: WSS10Default
Security Profile :Test
I fallowed the same procedure in Message Broker 7 LDAP Authorization is working successfully. I tried to implement the LDAP authorization in IIB I am getting error .
Soap Request:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:get="http://www.mycorp.com/xyzzzzz">
<soap:Header>
<wsse:Security soapenv:actor="" mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="unt_907818524">username</wsse:Username>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
…………………..
…………………..
</soap:Body>
</soap:Envelope>
SOAP Response:
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Body>
<soapenv:Fault>
<soapenv:Code>
<soapenv:Value>soapenv:Receiver</soapenv:Value>
</soapenv:Code>
<soapenv:Reason>
<soapenv:Text xml:lang="en">BIP3113E: Exception detected in message flow Authorization_Test.Authorization_Test.SOAP Input (broker IIB9Node)</soapenv:Text>
</soapenv:Reason>
<soapenv:Detail>
<Text>BIP2703W: The identity token type ''username'', issued by ''SOAP_WS_SECURITY'', was not authorized by security provider ''LDAP'' to access message flow ''Authorization_Test.Authorization_Test''. (For a 'username' token type, the token is: ''username''.)
If access is expected, ensure that the specified security provider has been configured to allow access to the specified message flow. If the security provider is shown as 'Cached', the authorization result is now being returned from the broker security cache. You can use the 'mqsireloadsecurity' command to clear the broker security cache. Check your security provider logs for information about why the identity token could not be authorized. : F:\build\slot1\S900_P\src\SecurityProviders\Ldap\ImbLdapSecurityProvider.cpp: 162: ImbLdapSecurityProvider::authorize: MessageFlow: f8eda960-4f01-0000-0080-cf7b4c5d1cde</Text>
</soapenv:Detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
In message broker 7 without configuring HTTP port 3 commands I got the same error. After execution of those commands its resolved.
In IIB I am getting error even after fallowing the same procedure. Do I need to configure anything other than this along with in IIB for authorization ?
Please help me. Thanks in advance. |
|
| Back to top |
|
 |
| smdavies99 |
| Posted: Mon Aug 24, 2015 11:01 pm Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
Which version of IIB are you using. This also includes the FixPack level
If you are not running the latest FP then have yo checked the release notes for later FP's to see if there are any fixes for this sort of thing included in one of them?
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Aug 25, 2015 4:21 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Locked as duplicate of this
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
