Configuring user authentication with an XML file by using the command line

Use the command line to configure the appliance to authenticate the users defined in an XML file.

About this task

You can use commands to configure role based management such that the appliance uses user credentials that are defined in an XML file. You must have already created the XML file (see User authentication with XML file)

Procedure

  1. Connect to the IBM MQ Appliance as described in Command line access. Log in as an administrative user.
  2. Type config to enter global configuration mode.
  3. Type the following command to configure role based management: 
    rbm
  4. Enter the following command to specify the XML file authentication method: 
    au-method xmlfile
  5. Specify the URL of the XML you want to use. 
    au-info-url URL
  6. Optionally specify fallback users who can log in to the appliance if the XML file is not available. Fallback users must already have been added as local users to the appliance. You can specify that all local users are fallback users by entering the following command: 
    fallback-login local
    Alternatively, you can specify one or more particular users by entering the following commands:
    fallback-login restricted
fallback-user localuser1
fallback-user localuser2
...
fallback-user localuserN
  7. Alter the default cache settings, if required. By default, the appliance caches results of authentication attempts for 600 seconds, but you can change the mode of caching, and the caching duration by entering the following commands: 
    au-cache-mode mode
au-cache-ttl seconds
    Where mode is one of:
    absolute

    Caches the results of user authentications for a period of time specified by the au-cache-ttl command (the explicit time-to-live). This is the default setting.

    disabled

    Disables caching. The appliance will not cache any results and instead always authenticates every time a user requests access.

    maximum

    Compares the explicit TTL to the TTL contained in the response (if any) and cache authentication results for the maximum of the two values.

    minimum

    Compares the explicit TTL to the TTL contained in the response (if any) and cache authentication results for the minimum of the two values.

Example

The following example configures the appliance to use the authentication details defined in the file store:///RBMInfo.xml.

mqa# config
Global configuration mode
mqa(config)# rbm
Modify RBM Settings configuration

mqa(config rbm)# au-method xmlfile
mqa(config rbm)# au-info-url store:///RBMInfo.xml
mqa(config rbm)# fallback-login local
mqa(config rbm)# exit
mqa(config)# write memory
Overwrite previously saved configuration? Yes/No [y/n]: y
Configuration saved successfully.

What to do next

After you specify the user authentication method, you must next configure credential mapping.