| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| WS-Trust V1.3 STS - caching Security Tokens or session |
« View previous topic :: View next topic » |
| Author |
Message
|
| marko.pitkanen |
 Posted: Tue Aug 09, 2016 12:05 am Post subject: WS-Trust V1.3 STS - caching Security Tokens or session |
 |
|
Chevalier
Joined: 23 Jul 2008
Posts: 440
Location: Jamsa, Finland
|
Hi,
Perhaps this is already answered, but I wonder coud someone help me with my lack of understanding.
Requirement is to use TIM/TAM as WS-Trust STS and manage authentication and authorisation info and decisions there. If I have understood it right IIB has built in capabilities for interaction with WS-Trust STS. This interaction is invoked for every received request/message.
I can't find out how to implement flow or configure built-in capability so that IIB validates if request has a token or session where lifetime is valid and if is processes request and/or forwards request to the ultimate service provider without interacting with STS at all.
--
Marko |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Tue Aug 09, 2016 1:25 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Marko I believe the example that come with the product shows exactly those aspects. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| marko.pitkanen |
| Posted: Tue Aug 09, 2016 2:32 am Post subject: |
|
|
Chevalier
Joined: 23 Jul 2008
Posts: 440
Location: Jamsa, Finland
|
| Thanks, I'll restudy them! |
|
| Back to top |
|
|
| marko.pitkanen |
| Posted: Tue Aug 09, 2016 3:41 am Post subject: |
|
|
Chevalier
Joined: 23 Jul 2008
Posts: 440
Location: Jamsa, Finland
|
And there it is:
http://www.ibm.com/support/knowledgecenter/en/SSMKHH_10.0.0/com.ibm.etools.mft.doc/ap04090_.htm
| Quote: |
| To improve performance, the integration node security manager uses a security cache. Entries are created in the security cache when a message flow with a security profile performs authentication, mapping, or authorization. The entries are valid for the length of time that is specified by the cacheTimeout property of the securitycache component after which the entries are marked as expired. When an entry is marked as expired, it must be reauthenticated, mapped, or reauthorized with the security provider before it can be reused, and its expiry time is reset. You can use the mqsireloadsecurity command to force the immediate expiry of some or all of the entries in the security cache. |
|
|
| Back to top |
|
|
| marko.pitkanen |
| Posted: Tue Aug 09, 2016 5:41 am Post subject: |
|
|
Chevalier
Joined: 23 Jul 2008
Posts: 440
Location: Jamsa, Finland
|
Actually built in functionality is not exactly what they wanst but close enough I think so.
--
Marko |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
