Destination based security and/or JNDI based security
You need to set up destination based security and/or JNDI based security.
About this task
For IBM®
WebSphere® and IBM
WebSphere MQ,
specify the following name-value pairs in the parameter name and values explained in Table 1:
- For Destination Based Security, set the following
parameters:
- sci.queuebasedsecurity.userid=<username configured in the APPLICATION_SERVER and assigned to the queue or topic>
- sci.queuebasedsecurity.password=<password for the above username as configured for the APPLICATION_SERVER
- For JNDI Based security set the following parameters:
- java.naming.security.principal=<user ID configured in the APPLICATION_SERVER and assigned to the JNDI>
- java.naming.security.credentials=<password for
the above user ID as configured for the APPLICATION_SERVER> Note: For more information about the authentication mechanism, setting up queues and topics, and Connection Factory, refer to individual Application Server's documentation.
For IBM WebSphere and IBM WebSphere MQ, set up the desired forms of authentication and encryption where appropriate. Additionally, modify the Java™ commands as described below to suit the desired goal.
Before modifying, ensure that you have defined the following variables in your environment:
- WAS_HOME refer to the installation directory of the IBM WebSphere software
- MQ_HOME refers to the installation location of the IBM WebSphere MQ software.
- PROFILE_NAME refers to the name of the profile in which you created the server.
- To allow agents to be authenticated to IBM WebSphere JNDI, add the following definitions:
- -Djava.ext.dirs=<CLASSPATH>, where the CLASSPATH
should contain the following directories:
$MQ_HOME\java\lib
$WAS_HOME\AppServer\java\jre\lib\ext
$WAS_HOME\AppServer\java\jre\lib
$WAS_HOME\AppServer\lib
$WAS_HOME\AppServer\lib\ext
$WAS_HOME\AppServer\properties
$WAS_HOME\AppServer\profiles\<PROFILE_NAME>\properties.
com.ibm.CORBA.ConfigURL
should be set to the full path to the sas props file that you want to use such as-Dcom.ibm.CORBA.ConfigURL=$WAS_HOME/AppServer/profiles/<PROFILE_NAME>/properties/sas.client.props.
The SAS props file is obtained from the IBM WebSphere installation. You need to modify this text file to contain the username and password to be used for authentication to the IBM WebSphere (corbaloc based) JNDI.
Note: For more information about how to set any of the above mentioned defines refer to IBM documentation. In specific, read the IBM WebSphere documentation to understand how to enable and configure Global security.
- -Djava.ext.dirs=<CLASSPATH>, where the CLASSPATH
should contain the following directories:
- To enable SSL encryption on the transmission of
JMS messages to MQ, enable SSL on the channel to which your agents
and services are connected. Create the Connection Factory using the
equivalent SSLCIPHERSPEC. On the java command line specify the following
definitions:
- javax.net.ssl.trustStore
- javax.net.ssl.keyStorePassword
- javax.net.ssl.KeyStore Note: Refer to the IBM WebSphere MQ documentation to learn how to turn on the SSL on the server channel to which the Sterling Order Management System agents and services connect. For more information about how to use the SSLCIPHERSPEC option while creating the Connection Factory, see the IBM documentation.