Connection authentication
Connection authentication allows applications to supply authentication credentials when they connect to a queue manager. The queue manager validates the credentials. The user ID supplied in the credentials can also be adopted for use in authorization checks for resources that the application accesses.
Applications can supply a user ID and password for authentication when they connect to a queue manager.
From IBM® MQ 9.3.4, IBM MQ client applications can also supply an authentication token as an alternative method of authentication.
The queue manager can be configured to validate the credentials that are supplied by the application.
A user ID and password that is supplied by an application is checked by using the user repository in the queue manager configuration. For more information about the repository that is used for checking user IDs and passwords, see User repositories.
Authentication tokens are validated by using the certificates and symmetric keys in the queue manager's token authentication keystore to validate the token's signature. For more information about authenticating users with authentication tokens, see Working with authentication tokens.
In the diagram, two applications are making connections with a queue manager, one application as
a client and one using local bindings. Applications might use various APIs to connect to the queue
manager, but all have the ability to provide a user ID and a password. The user ID that the
application is running under, User2
and User4
in the diagram,
which is the usual operating system user ID presented to IBM MQ, might be different from the user ID provided by the
application, User1
and User3
.
The queue manager receives configuration commands (in the diagram, IBM MQ Explorer is being used) and manages the opening of resources and checks the authority to access those resources. There are many different resources in IBM MQ that an application might require authority to access. The diagram illustrates opening a queue for output, but the same principles apply to other resources as well.