ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » ACE security profile for identify propagte

Post new topic  Reply to topic
 ACE security profile for identify propagte « View previous topic :: View next topic » 
Author Message
lium
PostPosted: Wed Feb 22, 2023 3:41 pm    Post subject: ACE security profile for identify propagte Reply with quote

Disciple

Joined: 17 Jul 2002
Posts: 184
In the message flow, we want to call exteranl webservice with user/password as part of the message

The user/password credential is set with mqsisetdbparms

We use the SecurityProfile for identity propagation, actually we got it working for the standard WS-Security. When we made the service call, the user/password were retrieved and filled in the WS header automatically.

Our current requirment is:
We want to fill in the user/password to our customized fields instead of standard WS-Security.

As what I searched, the WS Policy Sets and Bindlings editor does not give chance to specify customized field

My questions is: Is this possible?
Back to top
View user's profile Send private message
silly_name
PostPosted: Mon Feb 27, 2023 4:38 pm    Post subject: Reply with quote

Newbie

Joined: 26 Oct 2021
Posts: 5
Could you explain more about this "requirement"? What is the purpose, what happens on the receiving side?
https://i.kym-cdn.com/photos/images/original/000/976/824/913.gif

I think any solution which revolves around sending the username and password in the message body is bound to be flawed.

That being said, I have seen in one particular context code retrieving the password from a secure encrypted file with GPG and decrypted at runtime to send it over.
You could possibly also get it from a security identity via the mqsireportdbparms via the use of IBM Integration API.

I'm not entirely sure about which of these are worse and if I were you, I would push for some standardized authentication/authorization.
Back to top
View user's profile Send private message
axeleli12
PostPosted: Sun Mar 05, 2023 10:12 pm    Post subject: Reply with quote

Newbie

Joined: 10 Dec 2022
Posts: 2
Yes, it is possible to specify custom fields for user/password credentials instead of using the standard WS-Security in your message flow.

You can use the Compute node to create a custom SOAP header with the user/password credentials and then attach it to your message before sending it to the external web service. You can use the MQSI_SET_SOAP_HEADER function to set the custom header values.

In addition, you can also use the HTTPRequest node to create a custom HTTP header with the user/password credentials and attach it to your message before sending it to the external web service. You can use the MQSI_SET_HTTP_REQUEST_HEADER function to set the custom header values.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » ACE security profile for identify propagte
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.