mqsisetdbparms command

Use the mqsisetdbparms command to associate a specific user ID and password (or SSH identity file) with one or more resources that are accessed by an independent integration server or an integration node.

Supported platforms

Windows
Linux®
AIX®
IBM® z/OS® Container Extensions (zCX). Run this command by modifying and submitting the supplied JCL or by using an IBM z/OS console command.

Purpose

Use the mqsisetdbparms command to set security credentials for a specific user ID and password for connections (or user ID and SSH identity file for SFTP) for the following resources:

A CICS Connection policy
An ODBC data source name (DSN) that is accessed from a message flow
An Email Server policy
An FTP Server policy
An IMS Connect policy
A JDBC Providers policy
A JMS or JNDI resource, for example a JMS Providers policy
Kerberos Key Distribution Center (KDC) client credentials for SOAPRequest nodes with a WS-Security policy set and bindings that specify Kerberos
Lightweight Directory Access Protocol (LDAP) bind credentials for the integration server security manager
An MQTT server that requires a username and password
An HTTP proxy server that requires a username and password
A Kafka cluster that requires a username and password
A secured IBM MQ queue manager
An SMTP policy
The keystore password for the integration node or integration server
The web user interface keystore password
An account name, with a username and password, for the WebSphere® Adapters
A WXSServer policy
An ODM Server policy
SOAPRequest nodes
SalesforceRequest (no discovery) nodes
LoopBackRequest nodes
AppConnectRESTRequest nodes
RESTRequest and RESTAsyncRequest nodes.

The user ID and password pair is created in the DSN folder under the integration server registry folder.

You can run the mqsisetdbparms command while the integration server or integration node is running. However, you must stop and start each integration server that uses a particular ResourceName, before that information is read and used by that integration server.

If you are using the mqsisetdbparms command on Linux or AIX, add an escape character if you use one or more of the reserved characters. For example, you must specify these values:

mqsisetdbparms -w /var/server/ACEServ1 -n ftp::DUMMYFTP -u dummy\\user -p abcdef

Do not use the following format:

mqsisetdbparms -w /var/server/ACEServ1 -n ftp::DUMMYFTP -u dummy\user -p abcdef

If you use the latter format, the backslash character (\) in the user ID or password is ignored. The example causes the FTP connection through the FileInput node to fail with incorrect user credentials.

For a full list of reserved characters, and the rules that are associated with those characters when you use quotation marks and escape characters, see the documentation that is supplied with the shell.

To check any credentials that you set by using the mqsisetdbparms command, use the mqsireportdbparms command; see mqsireportdbparms command.

As an alternative to using the mqsisetdbparms command, you can use the mqsicredentials command to encrypt credentials and store them in the IBM App Connect Enterprise vault. These credentials can then be used by an integration node or integration server to access secured resources. For more information, see Configuring encrypted security credentials.

Syntax

Create

Alter

Delete

Adapter connection

Parameters

integrationNodeName

(Required) The name of the integration node for which settings are to be created, altered, or deleted. This parameter is required if you are setting security credentials for resources associated with an integration node. You cannot also specify a value for a work directory on the -w workDir parameter.

-w workDir

(Required) The work directory of the independent integration server for which settings are to be created, altered, or deleted. This parameter is required if you are setting security credentials for resources associated with an independent integration server that is not associated with an integration node. You cannot also specify an integration node name.

The specified directory must already exist and it must be the work directory of an integration server. The work directory is created by the mqsicreateworkdir command. For more information, see Configuring an integration server by modifying the server.conf.yaml file.

-n ResourceName or AdapterName

(Required) This parameter identifies one of the following resources:

The ODBC data source for which the user ID and password pair are to be created or modified. The ResourceName takes one of the following forms:
- datasource_name
- odbc::datasource_name
- odbc::datasource_name::integrationserver_name
- dsn::DSN (a fixed ResourceName literal used to define default user ID and password values for ODBC connections)
where datasource_name identifies the data source name for the database to which you want to connect.
Data source names are used by the following nodes:
- Compute
- Database
- DatabaseRetrieve
- DatabaseRoute
- Filter
- Mapping
If you use the same datasource_name to refer to the same database instance from multiple nodes, the same user ID and password pairing is used. To define default values for user ID and password for the integration server or integration node to use for all data source names for which you have not set specific values, specify dsn::DSN as the ResourceName. If you migrated the integration node from a previous version, the values that you define on this command replace the values that you set on the mqsicreatebroker command before migration; the relevant parameter on that command was deprecated in WebSphere Message Broker Version 8.0.
The name of the security identity that is used to connect an IBM Sterling Connect:Direct® CDOutput or node to itsConnect:Direct server. The ResourceName takes the form cd::secId, where secId is specified as the value of the security identity property on a Connect:Direct Server policy. Change security identity cd::default to alter the default user ID and password.
The name of the security identity that is used to authenticate a CICS® Transaction Server for z/OS connection. The ResourceName takes the form cics::secId, where secId is specified as the value of the Security identity property on the CICSRequest node or in the Security identity property of the associated CICS Connection policy.
The name of the security identity that the EmailInput node or Email Server policy use to authenticate with an email server to retrieve email messages. The ResourceName takes the form email::secId, where secId is specified as the value of the Security identity property on the EmailInput node or in the Security identity property of the associated Email Server policy.
The name of the IMS connection. The ResourceName takes the form ims::secId, where secId is the same as the value of the Security identity property on the IMSRequest node or in the Security identity property of the associated IMS Connect policy.
The name of the security identity that is used to authenticate a JDBC type 4 connection. The ResourceName takes the form jdbc::secId, where secId is specified as the value of the Security identity property of the associated JDBC Providers policy.
Specify jdbc::JDBC to define default values for user ID and password for the integration server or integration node to use for all JDBC connections for which you have not set specific values.
The name of the security identity that is used to authenticate a connection to a JMS or JNDI resource. The ResourceName takes the form jms::secId or jndi::secId, where secId is specified as the value.
The name of the security identity that is used for retrieving client credentials from the Kerberos Key Distribution Center (KDC) by a SOAPRequest node with a policy set and binding specifying Kerberos.
The name of the security identity that is used to authenticate an LDAP directory.
Specify ldap::<servername> to define credentials for an individual server. If you want the integration server or integration node to bind anonymously to this server, specify anonymous as the user ID.

Specify ldap::LDAP to define a default setting. The integration server or integration node uses the specified user ID and password values for all servers that do not have an explicit ldap::<servername> entry. Therefore, all servers that previously used anonymous bind by default start to use the details defined in an ldap::LDAP entry.
The name of the security identity that is used to authenticate a connection to a Salesforce system. The ResourceName takes the form salesforce::secId, where secId is the value of the Security Identity property in the SalesforceRequest (no discovery) node.
The name of the security identity that is used to authenticate a connection that is made through a LoopBack® connector. The ResourceName takes the form loopback::secId, where secId is the value of the Security Identity property in the LoopBackRequest node.
The name of the security identity that is used to authenticate a connection to an external REST API, such as an App Connect REST API. The ResourceName takes the form rest::secId, where secId is the value of the Security Identity property in the RESTRequest or RESTAsyncRequest node, or in the AppConnectRESTRequest node.
The name of the adapter connection to the external EIS. The AdapterName takes the form eis::adapterName, where adapterName is specified as the value.
The name of the security identity that is used to authenticate a connection to an MQTT server. The security identity is used to locate the username and password. The ResourceName takes the form mqtt::secId, where secId is specified as the value of the Security identity property of the MQTTPublish or MQTTSubscribe node.
- Specify mqtt::pubsubDefault to define security credentials for connecting to an external MQTT server that the integration server or integration node uses to publish its event messages.
The security identity that is used to authenticate a connection to a secured Kafka cluster. The security identity is used to locate the username and password, which are passed to the Kafka cluster when a connection is attempted. The ResourceName takes the form kafka::KAFKA::integrationServerName. These credentials are used when a connection is attempted by any Kafka node that has been deployed to the specified integration server or integration node.
The security identity that is used to authenticate a connection to a secured HTTP proxy server. The security identity is used to locate the username and password. The ResourceName takes either the form httpproxy::proxyHostname or httpproxy::HTTPPROXY:
- Specify httpproxy::proxyHostname to define a security identity to be used for retrieving username and password credentials for the specified HTTP proxy.
- Specify httpproxy::HTTPPROXY to define a security identity to be used as a default for any proxy server that does not have a matching httpproxy::proxyHostname setting.
The name of the security identity that is used to authenticate a connection to a secured IBM MQ queue manager. The security identity is used to locate the username and password, which are passed to the queue manager when a connection is attempted.
- Specify mq::securityIdentityName to define a security identity to be used for retrieving username and password credentials for an MQ node that has the Security identity property set to securityIdentityName (through either the MQ Connection properties on the node or an MQEndpoint policy).
- Specify mq::QMGR::QMName to configure a username and password to be used for all local or client connections to the named queue manager, when no security identity name has been specified in the MQ node or MQEndpoint policy.
- Specify mq::MQ to configure a username and password for all local or client connections to queue managers, where no security identity name has been set on the MQ node or MQEndpoint policy, and where the queue manager that is being connected to does not match any queue manager names that have been specified using mq::QMGR::QMName.
- Specify mq::pubsubDefault to define security credentials for connecting to an MQ pub/sub broker that the integration server or integration node uses to publish its event messages.
The name of the security identity that is used to authenticate a connection to an IBM Operational Decision Manager (ODM) Rule Execution server. The security identity is used to locate the username and password. The ResourceName takes the form odm::secId, where secId is specified as the value of the Security identity property of the associated ODM Server policy.
The name of the security identity that is used to authenticate an SMTP server.
The name of the security identity that is used to authenticate a connection to an FTP server. The ResourceName takes the form ftp::secId, where secId is specified as the value of the Security identity property of the FileInput or FileOutput node, or in the Security identity property of the associated FTP Server policy.
The name of the security identity that is used to authenticate a connection to an SFTP server. The security identity is used to locate the username and password or the Secure Shell (SSH) identity file. The ResourceName takes the form sftp::secId, where secId is specified as the value of the Security identity property of the FileInput or FileOutput node, or in the Security identity property of the associated FTP Server policy.
The name of the security identity that is used to authenticate an integration server or integration node keystore.
The name of the security identity that is used to connect to a secure WebSphere eXtreme Scale grid. The security identity represents a username and password that is used when you connect to an external grid. The name of this identity is used by the WXSServer policy.

-u UserId or EISUserId

(Required for Create and adapter connection; Optional for Alter) The user ID to be associated with this resource or EIS.

-p Password

(Required for Create, Alter, and adapter connection) The password to be associated with this resource or EIS.

For compatibility with existing systems, you can still specify <password>. However, if you do not specify a password with this parameter when you run the command, you are prompted to enter a password during its invocation, and to enter the password a second time to verify that you have entered it correctly.

This parameter is required with the ftp:: resource type, but is optional with the sftp:: resource type. However, if you do not specify a password with an sftp:: resource, you must specify the SSHIdentityFile parameter.

If you specify a password by using the -p Password parameter and the password includes characters that have special meaning to the command shell, you must use quotation marks around the password or escape the characters. Use single quotation marks on Linux and AIX systems. Use double quotation marks on Windows systems. For a full list of reserved characters, and the rules that are associated with those characters when you use quotation marks and escape characters, see the documentation that is supplied with the shell.

However, you can avoid the need to use quotation marks or to escape special characters if you omit to specify a password by using the -p Password parameter when you run the command. You are prompted to enter a password during the invocation of the command, and to enter the password a second time to verify that you have entered it correctly. The password that you specify after being prompted can include characters that have special meaning to the command shell with no need for you to use quotation marks or to escape these characters.

-c ClientIdentity

(Optional) The name of the consumer key of your Salesforce Connected App, to be used for authentication with Salesforce systems.
(Optional) The name of the client ID of your connected LoopBack application, to be used for authentication with LoopBack connectors.

-s ClientSecret

(Optional) The consumer secret of your Salesforce Connected App, to be used for authentication with Salesforce systems.
(Optional) The client secret of your connected LoopBack application, to be used for authentication with LoopBack connectors.

-k APIKey

(Optional) The API key to be used for authentication with REST APIs. You can specify only a REST API key to be used for authentication, or you can specify a REST API key together with a user ID and password.

-i SSHIdentityFile

(Optional) The name of an identity file, in PEM format, to be used for authentication with SFTP in place of a password. You must specify either a password or an identity file, but not both. If you specify an identity file, you can also specify a pass phrase with the Passphrase parameter.

-r Passphrase

(Optional) The pass phrase that is used for authentication with SFTP. This parameter is valid only when the SSHIdentityFile parameter is also specified. The pass phrase is used during decryption of the identity file.

-d

(Required for Delete) This parameter deletes completely the resource from the integration server registry.

-f

(Optional) Specify this parameter to process the mqsisetdbparms command only when the integration server or integration node itself is stopped.

Examples

The following examples show the setting of security credentials by using the mqsisetdbparms command. The security credentials can be set either for an independent integration server or an integration server that is associated with an integration node. Not all examples show the setting of security credentials for the integration server and the integration node.

CICS connections

Use the mqsisetdbparms command in the following format to associate a user ID and password pair with CICS.

Set credentials for the integration server:

mqsisetdbparms -w workDir -n ResourceName -u userID -p password

For example:

mqsisetdbparms -w c:\workdir\ACEServ1 -n cics::mySecurityIdentity -u myUserID -p myPassword

Set credentials for the integration node:

mqsisetdbparms integrationNodeName -n ResourceName -u userID -p password

For example:

mqsisetdbparms INODE -n cics::mySecurityIdentity -u myUserID -p myPassword

IBM MQ connections

The following examples show how to create a security identity to be used for retrieving username and password credentials when an MQ node has the Security identity property set to securityIdentityName (through either the MQ Connection properties on the node or an MQEndpoint policy).

For an integration server:

mqsisetdbparms  -w c:\workdir\ACEServ1 -n mq::securityIdentityName -u username -p password

For an integration node:

mqsisetdbparms INODE -n mq::securityIdentityName -u username -p password

The following examples show how to configure a username and password to be used for all local or client connections to a named queue manager, when no security identity name has been specified in the MQ node or MQEndpoint policy.

For an integration server:

mqsisetdbparms -w c:\workdir\ACEServ1 -n mq::QMGR::QMName  -u username -p password

For an integration node:

mqsisetdbparms INODE -n mq::QMGR::QMName  -u username -p password

The following examples show how to configure a username and password for all local or client connections to queue managers, where no security identity name has been set on the MQ node or MQEndpoint policy, and where the queue manager that is being connected to does not match any queue manager names that have been specified using mq::QMGR::QMName.

For an integration server:

mqsisetdbparms -w c:\workdir\ACEServ1 -n mq::MQ  -u username -p password

For an integration node:

mqsisetdbparms INODE -n mq::MQ  -u username -p password

The following examples show how to set the username and password for the fixed security identity name pubsubDefault. These credentials are used to connect to an MQ pub/sub broker that the integration server uses to publish its event messages. For more information, see Configuring the publication of event messages.

For an integration server:

mqsisetdbparms -w c:\workdir\ACEServ1 -n mqtt::pubsubDefault -u myUserID -p myPassword

For an integration node:

mqsisetdbparms INODE -n mqtt::pubsubDefault -u myUserID -p myPassword

ODBC Data source names

The following examples show the use of the command to associate a userid and password for a specific ODBC data source name (no Universal Record Identifier (URI) prefix is required).

For an integration server:

mqsisetdbparms -w c:\workdir\ACEServ1 -n USERDB1 -u myuserid1 -p mypassword1

For an integration node:

mqsisetdbparms INODE -n USERDB1 -u myuserid1 -p mypassword1

The following examples show the use of the optional prefix odbc::. Use this option to set the user ID and password for an ODBC data source.

For an integration server:

mqsisetdbparms -w c:\workdir\ACEServ1 -n odbc::USERDB2 -u myuserid2 -p mypassword2

For an integration node:

mqsisetdbparms INODE -n odbc::USERDB2 -u myuserid2 -p mypassword2

The following examples show how to set up a default user ID and password for the integration server to use for all ODBC data source names where no explicit Resource Names were set.

For an integration server:

mqsisetdbparms -w c:\workdir\ACEServ1 -n dsn::DSN -u myuserid4 -p mypassword4

For an integration node:

mqsisetdbparms INODE -n dsn::DSN -u myuserid4 -p mypassword4

The following examples delete all the values that are defined for specific resource names from the integration server registry:

mqsisetdbparms -w c:\workdir\ACEServ1 -n USERDB1 -d

mqsisetdbparms -w c:\workdir\ACEServ1 -n odbc::USERDB2 -d

mqsisetdbparms INODE -n odbc::USERDB2::myIntegrationServer -d

Email server connections

Use the mqsisetdbparms command in the following format to associate a user ID and password pair with an email server for the EmailInput node or the Email Server policy to use to retrieve email messages.

For an integration server:

mqsisetdbparms -w workDir -n ResourceName -u userID -p password

For example:

mqsisetdbparms -w c:\workdir\ACEServ1 -n smtp::mySecurityIdentityObjectName 
-u myUserID -p myPassword

For an integration node:

mqsisetdbparms integrationNodeName -n ResourceName -u userID -p password

For example:

mqsisetdbparms INODE -n smtp::mySecurityIdentityObjectName 
-u myUserID -p myPassword

IBM Sterling Connect:Direct

Use the mqsisetdbparms command in the following format to associate a user ID and password pair with a Connect:Direct server.

For an integration server:

mqsisetdbparms -w workDir -n ResourceName -u userID -p password

For example:

mqsisetdbparms -w c:\workdir\ACEServ1 -n cd::default -u mqbroker -p xxxxxxx

For an integration node:

mqsisetdbparms integrationNodeName -n ResourceName -u userID -p password

For example:

mqsisetdbparms INODE -n cd::default -u mqbroker -p xxxxxxx

JDBC type 4 connections

Use the mqsisetdbparms command to associate a user ID and password pair with a JDBC type 4 connection. The value that you specify for the -n ResourceName must have a prefix of jdbc::, followed by the value that matches the -n securityIdentity property of the associated JDBC Providers policy.

For an integration server:

mqsisetdbparms -w workDir -n resource_name -u userID -p password

For example:

mqsisetdbparms -w c:\workdir\ACEServ1 -n jdbc::mySecurityIdentity -u myuserid -p secretpw

For an integration node:

mqsisetdbparms integrationNodeName -n resource_name -u userID -p password

For example:

mqsisetdbparms INODE -n jdbc::mySecurityIdentity -u myuserid -p secretpw

The following example shows how to set up a default user ID and password for the integration server to use for all JDBC connections for which you have not set specific values:

mqsisetdbparms -w c:\workdir\ACEServ1 -n jdbc::JDBC -u UserId2 -p password2

JMS and JNDI resource names

The following examples show the use of the command when the URI for a JMS or JNDI resource name is substituted for the -n ResourceName parameter.

For a JMS resource, the URL prefix is "jms::"; for JNDI, the prefix is "jndi::".

On Linux and AIX systems, if the parameter string includes a backslash (\) character, you must escape from this character by using a second backslash character (\\) when you enter the mqsisetdbparms command.

For example, to specify a user ID of myuserid and password secret for JMS topic connection factory tcf1, use the following syntax:

mqsisetdbparms -w c:\workdir\ACEServ1 -n jms::tcf1 -u myuserid -p secret

Similarly, to specify the same security for a JNDI initial context com.sun.jndi.fscontext.RefFSContextFactory, enter the following command:

mqsisetdbparms -w c:\workdir\ACEServ1 -n jndi::com.sun.jndi.fscontext.RefFSContextFactory 
     -u myuserid -p secret

JMS node account names

The preceding examples describe how to configure security for JMS and JNDI resources for all JMS nodes that use those resources in an integration server.

To increase the degree of control that you have in the security of JMS nodes, you can associate a resource with an account name. The account name comprises the message flow name that is concatenated with the node label by using the underscore character (_):

            Message Flow Name_Node label

For example, where the message flow name is MyJMSFlow1, and you require a specific user ID and password for JMSInput node MyJMSInput1, the resulting account name is:

             MyJMSFlow1_MyJMSInput1

You can then specify the account name string in the -n ResourceName parameter on the mqsisetdbparms command by prefixing the account name with the resource type, and concatenating the account name with an at sign (@) character followed by the resource name:

            resource typeaccount name@resource name

Therefore, assuming a JMS resource name of tcf1, used by JMSInput node MyJMSInput1 in message flow MyJMSFlow1, the following resource name is used:

            jms::MyJMSFlow1_MyJMSInput1@tcf1

To specify a user ID of myuserid, a password of secret, and the resource name that is created from the account name, use the following syntax:

mqsisetdbparms -w c:\workdir\ACEServ1 -n jms::MyJMSFlow1_MyJMSInput1@tcf1
                 -u myuserid -p secret

LDAP servers

Use the mqsisetdbparms command to set up authorization credentials for the LDAP server ldap.mydomain.com:

mqsisetdbparms -w c:\workdir\ACEServ1 -n ldap::ldap.mydomain.com -u ldapuid -p ********

To set up authorization for other servers, use the command to set up default credentials:

mqsisetdbparms -w c:\workdir\ACEServ1 -n ldap::LDAP -u ldapother -p ********

If you want the integration server to bind anonymously to an LDAP server, specify the LDAP server name and the user ID anonymous:

mqsisetdbparms -w c:\workdir\ACEServ1 -n ldap::ldap.mydomain2.com -u anonymous -p ********

For the user ID anonymous, the password is always ignored.

MQTT connections

The following example shows how to create a security identity that is used by MQTT nodes that are connecting to a secured MQTT server:

mqsisetdbparms -w c:\workdir\ACEServ1 -n mqtt::mySecurityIdentity -u myUserID -p myPassword

The MQTTSubscribe or MQTTPublish node that is connecting to a secure MQTT server must have its Security identity property set to the same value that is configured by using this command, so mySecurityIdentity in this example.

The following example shows how to set the username and password for the fixed security identity name pubsubDefault. These credentials are used to connect to an external MQTT server that the integration server uses to publish its event messages.

mqsisetdbparms -w c:\workdir\ACEServ1 -n mqtt::pubsubDefault -u myUserID -p myPassword

HTTP proxy server connections

Use the mqsisetdbparms command in the following format to associate a username and password with a connection to a specified HTTP proxy server (in this example, myProxyHostname):

mqsisetdbparms -w c:\workdir\ACEServ1 -n httpproxy::myProxyHostname -u myUserID -p myPassword

The following example shows how to specify credentials to be used for connecting to any HTTP proxy server that does not have a DSN matching its specific host name:

mqsisetdbparms -w c:\workdir\ACEServ1 -n httpproxy::HTTPPROXY -u myProxyUsername -p myProxyPassword

Kafka connections

Use the mqsisetdbparms command in the following format to associate a username and password with a connection to a Kafka cluster:

For an integration server:

mqsisetdbparms workDir -n kafka::KAFKA::integrationServerName -u userID -p password

For example:

mqsisetdbparms -w c:\workdir\ACEServ1 -n kafka::KAFKA::myIntegrationServer1 -u myKafkaUserID -p myKafkaPassword

For an integration node:

mqsisetdbparms integrationNodeName -n ResourceName -u userID -p password

For example:

mqsisetdbparms INODE -n kafka::KAFKA::myIntegrationServer1 -u myKafkaUserID -p myKafkaPassword

All Kafka nodes that are deployed to the same integration server must use the same set of credentials to authenticate to the Kafka cluster. The user ID and password specified by this command are used when a connection is attempted by any Kafka node that has been deployed to the specified integration server.

WebSphere Adapters account names

Use the mqsisetdbparms command in the following format to configure an account name with a username and password for the WebSphere Adapters.

For an integration server:

mqsisetdbparms -w workDir -n adapter name -u username -p password

For example:

mqsisetdbparms -w c:\workdir\ACEServ1 -n kafka::KAFKA::myIntegrationServer1 -u myKafkaUserID -p myKafkaPassword

For an integration node:

mqsisetdbparms integrationNodeName -n adapter name	-u username -p password

For example:

mqsisetdbparms INODE 	-n eis::SAPCustomerInbound.inadapter -u sapuid -p ********

IMS connections

Use the mqsisetdbparms command in the following format to associate a user ID and password pair with an IMS Connect connection.

For an integration server:

mqsisetdbparms -w workDir -n resource_name -u userID -p password

For example:

mqsisetdbparms -w c:\workdir\ACEServ1 -n ims::mySecurityIdentity -u myuserid -p mypassword

For an integration node:

mqsisetdbparms integrationNodeName -n resource_name -u userID -p password

For example:

mqsisetdbparms INODE -n ims::mySecurityIdentity -u myuserid -p mypassword

Salesforce connections

Use the mqsisetdbparms command in the following format to associate a Salesforce username, password, client identity, and client secret with a connection to a Salesforce system:

For an integration server:

mqsisetdbparms -w workDir -n salesforce::mySecurityIdentity -u userID -p password -c clientIdentity -s clientSecret

For example:

mqsisetdbparms -w c:\workdir\ACEServ1 -c
3MVG98_Pfg5cqqyb0NUwU1XtHr9NhWu_Kmb8RTIH53a7pdTzeychmvvtjTdiRbuoWtyr_QL.lepaXNk7W3PDA -s 
2050239087638761094 -n 'salesforce::SF' -p 'passwd1IWvMp3JqqklwG2erpaLs2oKz' -u 'salesforce_userid'

For an integration node:

For example:

mqsisetdbparms integrationNodeName -n salesforce::mySecurityIdentity -u userID -p password -c clientIdentity -s clientSecret

mqsisetdbparms INODE -c
3MVG98_Pfg5cqqyb0NUwU1XtHr9NhWu_Kmb8RTIH53a7pdTzeychmvvtjTdiRbuoWtyr_QL.lepaXNk7W3PDA -s 
2050239087638761094 -n 'salesforce::SF' -p 'passwd1IWvMp3JqqklwG2erpaLs2oKz' -u 'salesforce_userid'

LoopBack connections

Use the mqsisetdbparms command in the following format to associate a username, password, client identity, and client secret with a connection to a LoopBack application:

For an integration server:

mqsisetdbparms -w workDir -n loopback::mySecurityIdentity -u userID -p password

For example:

mqsisetdbparms -w c:\workdir\ACEServ1 -n loopback::lbreqid1 -u myLoopBackUserID -p myLoopBackPassword

For an integration node:

mqsisetdbparms integrationNodeName -n loopback::mySecurityIdentity -u userID -p password

For example:

mqsisetdbparms INODE -n loopback::lbreqid1 -u myLoopBackUserID -p myLoopBackPassword

REST API connections

Use the mqsisetdbparms command to associate a username, password, and API key with a connection to a REST API by using the RESTRequest or AppConnectRESTRequest node:

mqsisetdbparms -w c:\workdir\ACEServ1 -n rest::mySecurityIdentity -u myRESTUserID -p myRESTPassword -k myRESTAPIkey

Use the mqsisetdbparms command to associate a username and password with a connection to a REST API:

mqsisetdbparms -w c:\workdir\ACEServ1 -n rest::mySecurityIdentity -u myRESTUserID -p myRESTPassword

Use the mqsisetdbparms command to associate only an API key with a connection to a REST API:

mqsisetdbparms -w c:\workdir\ACEServ1 -n rest::mySecurityIdentity -k myRESTAPIkey

FTP and SFTP server connections

Use the mqsisetdbparms command to associate a user ID and password with an FTP server connection:

mqsisetdbparms -w c:\workdir\ACEServ1 -n ftp::identityA -u user1 -p MyPassword

Use the mqsisetdbparms command to associate a user ID and password with an SFTP server connection:

mqsisetdbparms -w c:\workdir\ACEServ1 -n sftp::identityB -u user2 -p MyPassword

Use the mqsisetdbparms command to associate a user ID and SSH identity file with an SFTP server connection:

mqsisetdbparms -w c:\workdir\ACEServ1 -n sftp::identityC -u user3 -i C:\key_rsa_no_pp

Use the mqsisetdbparms command to associate a user ID, SSH identity file, and pass phrase with an SFTP server connection:

mqsisetdbparms -w c:\workdir\ACEServ1 -n sftp::identityD -u user4 -i C:\key_rsa_pp -r MyPassPhrase

Kerberos

Use the mqsisetdbparms command to provide the integration server with the Kerberos client credentials for accessing the Kerberos Key Distribution Center (KDC). These credentials (which are required for SOAPRequest nodes) can also be provided in the properties tree in a message flow.

To set KDC credentials for a specific realm that is used by SOAPRequest nodes in the integration server:

mqsisetdbparms -w c:\workdir\ACEServ1 -n kerberos::realm1 -u clientId -p ClientPassword

To set KDC credentials for any realm that is used by SOAPRequest nodes in the integration server:

mqsisetdbparms -w c:\workdir\ACEServ1 -n kerberos::kerberos -u clientId -p ClientPassword

WebSphere eXtreme Scale grid connections

Use the mqsisetdbparms command to specify the username and password to use when you connect to a secure WebSphere eXtreme Scale grid.

To set the user ID and password for the security identity that is called "id1", use the following command:

mqsisetdbparms -w workDir -n wxs::id1 -u userId -p password

IBM Operational Decision Manager (ODM) Rule Execution Server connections

Use the mqsisetdbparms command to specify the username and password to use when you connect to a secure IBM Operational Decision Manager Rule Execution Server.

To set the user ID and password for the security identity that is called "id1", use the following command:

mqsisetdbparms -w workDir -n odm::id1 -u userId -p password