| Author |
Message
|
| ksrocks9 |
 Posted: Thu Jul 16, 2015 9:20 pm Post subject: Error in NTLM Authentication |
 |
|
Apprentice
Joined: 11 Mar 2015
Posts: 35
|
I tried to implement the NTLM authentication in IIB. I followed the instructions given in the IBM knowledge center. I am getting error 'Auth requested, but no security profile present. Ignoring.' . I created security profile in the MQ. Where I need the mention the Security profile name?
Thanks. |
|
| Back to top |
|
 |
| mgk |
| Posted: Fri Jul 17, 2015 2:38 am Post subject: |
|
|
Padawan
Joined: 31 Jul 2003
Posts: 1642
|
You do not need to create a new security profile. You can simply use the built-in "Default Propagation" profile on the node using the bar editor. However, the error you show is only output when the Auth-Type is "Basic" auth, so it appears your configuration changes to use NTLM did not work. Did you restart the Server after making the change.
If you still can't get it working, please post more information, including all the commands you ran, and the platform you are using etc...
Kind regards,
_________________
MGK
The postings I make on this site are my own and don't necessarily represent IBM's positions, strategies or opinions. |
|
| Back to top |
|
|
| ksrocks9 |
| Posted: Sat Jul 18, 2015 12:17 pm Post subject: |
|
|
Apprentice
Joined: 11 Mar 2015
Posts: 35
|
Thank MGK. Thanks for your help.
What you suggested me is correct I implemented NTLM successfully.
NTLM authentication Implementation Steps for outbound Request:
1) mqsichangeproperties broker_name -e IntegrationServerName -o ComIbmSocketConnectionManager
-n allowedAuthTypes -v "NTLM"
Run this command in IIB console.
2) mqsireportproperties broker_name -e IntegrationServerName
-o ComIbmSocketConnectionManager -r
To check the current outbound authentication setting.
3) Set Security Profile to "Default Propagation"
Bar file-> SOAP Request -> Properties -> Configure -> Security Profile = Default Propagation
Thanks ,
ksrocks
IIB Developer
 |
|
| Back to top |
|
|
| bdrummond |
| Posted: Mon Jan 11, 2016 8:06 am Post subject: |
|
|
Disciple
Joined: 06 May 2004
Posts: 164
|
| Which version of IIB did you get this working on and did you have to add an APAR from IBM? |
|
| Back to top |
|
|
| ksrocks9 |
| Posted: Tue Jan 12, 2016 2:07 pm Post subject: Steps to implement NTLM authentication |
|
|
Apprentice
Joined: 11 Mar 2015
Posts: 35
|
It's working in both IIB 9.0.0.2 & 9.0.0.3. I don't have APAR.
Steps to implement NTLM authentication Outbound and Inbound Requests:
Command for Outbound:
1) mqsichangeproperties broker_name -e IntegrationServerName -o ComIbmSocketConnectionManager
-n allowedAuthTypes -v "NTLM"
It allow the broker to authenticate by using the NTLM protocol.
or
mqsichangeproperties broker_name -e IntegrationServerName -o ComIbmSocketConnectionManager
-n allowedAuthTypes -v "IWA"
It allow the broker to authenticate by using any IWA(NTLM, Negotiate, Nego2) protocol.
Command to check the outbound settings:
mqsireportproperties broker_name -e IntegrationServerName
-o ComIbmSocketConnectionManager -r
In the output
allowedAuthTypes='PropertyValue'
Where PropertyValue is NTLM, Negotiate, Nego2, None, or Basic. If multiple values are set, they are separated by a semicolon.
Command for Inbound Request:
2) mqsichangeproperties Broker_Name -e ExecutionGroupName -o HTTPConnector -n integratedWindowsAuthentication -v "NTLM;Negotiate"
It allows to communicate with NTLM and Negotiate.
or
mqsichangeproperties Broker_Name -e ExecutionGroupName -o HTTPConnector -n integratedWindowsAuthentication -v "NTLM"
It allows to communicate only with NTLM protocol.
To check the inbound settings:
mqsireportproperties broker_name -e IntegrationServerName -o ConnectorType -r
Make sure it in the output
IntegratedWindowsAuthentication='PropertyValue'
Where PropertyValue is NTLM, Negotiate, Nego2, None, or Basic. If multiple values are set, they are separated by a semicolon.
3) Set Security Profile to "Default Propagation" for outbound requests
Bar file-> SOAP Request -> Properties -> Configure -> Security Profile = Default Propagation
We don't need anything for inbound authentication.
Thanks,
KS
IIB Developer. |
|
| Back to top |
|
|
| bdrummond |
| Posted: Wed Jan 13, 2016 2:57 am Post subject: |
|
|
Disciple
Joined: 06 May 2004
Posts: 164
|
Hi KS,
Many thanks for your post. I've done all of those settings (and followed the Infocenter also) but I'm still getting an error of HTTP/1.1 407 Proxy Authentication Required.
I am not using the Windows IIB service id for authentication so am setting the appropriate values in the message properties (IdentitySourceToken, IdentitySourcePassword etc) but to no avail.
My Integration Server properties are as follows:
| Code: |
ComIbmSocketConnectionManager
uuid='ComIbmSocketConnectionManager'
userTraceLevel='none'
traceLevel='none'
userTraceFilter='none'
traceFilter='none'
vrmfIntroducedAt='7.0.0.0'
resourceStatsReportingOn='inactive'
resourceStatsMeasurements='<ResourceStatsSwitches ResourceType="Sockets" version='1'> <Measurement name="TotalSockets"
collect="on" /> <Measurement name="TotalMessages" collect="on" /> <Measurement name="TotalDataSent_KB" collect="on" />
<Measurement name="TotalDataReceived_KB" collect="on" /> <Measurement name="SentMessageSize_0-1KB" collect="on" /> <Meas
urement name="SentMessageSize_1KB-10KB" collect="on" /> <Measurement name="SentMessageSize_10KB-100KB" collect="on" /> <
Measurement name="SentMessageSize_100KB-1MB" collect="on" /> <Measurement name="SentMessageSize_1MB-10MB" collect="on" /
> <Measurement name="SentMessageSize_Over10MB" collect="on" /> <Measurement name="ReceivedMessageSize_0-1KB" collect="on
" /> <Measurement name="ReceivedMessageSize_1KB-10KB" collect="on" /> <Measurement name="ReceivedMessageSize_10KB-100KB"
collect="on" /> <Measurement name="ReceivedMessageSize_100KB-1MB" collect="on" /> <Measurement name="ReceivedMessageSiz
e_1MB-10MB" collect="on" /> <Measurement name="ReceivedMessageSize_Over10MB" collect="on" /> </ResourceStatsSwitches>'
activityLogSupported='no'
maxSocketAge='4'
maxKeepAliveRequests='90'
resetCollectionStatistics=''
tcpNoDelay='Platform Default'
tcpNoDelaySSL='Platform Default'
preemptiveAuthType='Ntlm'
allowNtlmNegotiation='TRUE'
negotiateMutualAuth='FALSE'
allowedAuthTypes='Ntlm; Negotiate' |
I might have to check with the Network team in order to see what the Proxy server is requiring for authentication.
Cheers. |
|
| Back to top |
|
|
| bdrummond |
| Posted: Thu Jan 14, 2016 2:31 am Post subject: |
|
|
Disciple
Joined: 06 May 2004
Posts: 164
|
Looks like the Broker is sending the Broker Service Id in order to authenticate and not the username/password that is required to authenticate. (HTTP/1.1 403 Forbidden)
I guess I'll need to create a Security Profile and not use the 'Default Propagation'? |
|
| Back to top |
|
|
| mgk |
| Posted: Thu Jan 14, 2016 4:36 am Post subject: |
|
|
Padawan
Joined: 31 Jul 2003
Posts: 1642
|
The support for IWA/NTLM/basicAuth etc is for direct connections to the remote server. If you need to go via a proxy and are using SSL, you can try using the ProxyConnectHeaders LocalEnvironment override to send the proxy 'Proxy-Authorization' header information as documented on this page:
http://www-01.ibm.com/support/knowledgecenter/SSMKHH_10.0.0/com.ibm.etools.mft.doc/ac04595_.htm?lang=en
If you are not using SSL you can set the proxy auth header directly in the HTTPRequestHeaders, as documented on the same page above (in the same section as the "ProxyConnectHeaders").
Kind regards,
_________________
MGK
The postings I make on this site are my own and don't necessarily represent IBM's positions, strategies or opinions. |
|
| Back to top |
|
|
| balu2608 |
| Posted: Wed Jul 11, 2018 2:11 pm Post subject: Ntlm authentication is not working in IIB on linux |
|
|
Apprentice
Joined: 18 May 2012
Posts: 39
|
As mentioned in the pages, configured all the properties..
It is working in the windows iib. When we deploy the bar In Linux it is giving 401 un authorized..
The same bar is working in windows integration node.
Iib version:-9.0.0.3  |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Jul 12, 2018 4:55 am Post subject: Re: Ntlm authentication is not working in IIB on linux |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| balu2608 wrote: |
As mentioned in the pages, configured all the properties..
It is working in the windows iib. When we deploy the bar In Linux it is giving 401 un authorized..
The same bar is working in windows integration node.
Iib version:-9.0.0.3 |
This post is a) 2 years old and b) discussing NTLM, which is a Windows specific security profile. It's not surprising that the instance of IIB on the OS which supports NTLM can handle it where the instance on the OS which doesn't support it can't, and correctly returns a 401 because it can't successfully authorize the call.
Unless you'd care to add the steps you took to enable NTLM support on Linux?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| balu2608 |
| Posted: Sat Jul 14, 2018 12:04 pm Post subject: Ntlm authentication is not working in IIB on linux |
|
|
Apprentice
Joined: 18 May 2012
Posts: 39
|
@Vitor, Thanks for the reply, a) i know that the post is 2 years back, but im facing the same issue
2) i followed all the steps its better to help us in solving problem.
NTLM in IIB 9.0.03 on AIX is supported or not?
if you know the solution or suggestion , kindly give us |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sun Jul 15, 2018 1:33 am Post subject: Re: Ntlm authentication is not working in IIB on linux |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| balu2608 wrote: |
@Vitor, Thanks for the reply, a) i know that the post is 2 years back, but im facing the same issue
2) i followed all the steps its better to help us in solving problem.
NTLM in IIB 9.0.03 on AIX is supported or not?
if you know the solution or suggestion , kindly give us |
As Vitor specified, the real question is what steps do you need to follow on AIX to enable NTLM (kerberos?)?
Once those have been taken you can look at what you need to do in IIB to make use of it. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| balu2608 |
| Posted: Sun Jul 15, 2018 1:45 pm Post subject: Ntlm authentication is not working in IIB on AIX |
|
|
Apprentice
Joined: 18 May 2012
Posts: 39
|
yes i agree with both of you,
i have followed all the steps mentioned in the IBM links, but no luck.
i just concentrated only on the NTLM,
Kerberos  is not my issue, i have issue only with NTLM  |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sun Jul 15, 2018 4:54 pm Post subject: Re: Ntlm authentication is not working in IIB on AIX |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| balu2608 wrote: |
yes i agree with both of you,
i have followed all the steps mentioned in the IBM links, but no luck.
i just concentrated only on the NTLM,
Kerberos is not my issue, i have issue only with NTLM |
Have you looked at http://www.tutorialspoint.com/unix_commands/ntlm_auth.htm and what have you done about it?
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| balu2608 |
| Posted: Wed Jul 25, 2018 11:32 am Post subject: Ntlm authentication is not working in IIB on AIX |
|
|
Apprentice
Joined: 18 May 2012
Posts: 39
|
Guys, I looked all the blogs ,
raised PMR with IBm,..
They have cleared that no NTLM on IIB AIX.
So i have used JAVA to connects.
thanks for all your support. |
|
| Back to top |
|
|
|
|
