Destination based security and/or JNDI based security

You need to set up destination based security and/or JNDI based security.

About this task

For IBM® WebSphere® and IBM WebSphere MQ, specify the following name-value pairs in the parameter name and values explained in Table 1:
  • For Destination Based Security, set the following parameters:
    • sci.queuebasedsecurity.userid=<username configured in the APPLICATION_SERVER and assigned to the queue or topic>
    • sci.queuebasedsecurity.password=<password for the above username as configured for the APPLICATION_SERVER
  • For JNDI Based security set the following parameters:
    • java.naming.security.principal=<user ID configured in the APPLICATION_SERVER and assigned to the JNDI>
    • java.naming.security.credentials=<password for the above user ID as configured for the APPLICATION_SERVER>
      Note: For more information about the authentication mechanism, setting up queues and topics, and Connection Factory, refer to individual Application Server's documentation.

For IBM WebSphere and IBM WebSphere MQ, set up the desired forms of authentication and encryption where appropriate. Additionally, modify the Java™ commands as described below to suit the desired goal.

Before modifying, ensure that you have defined the following variables in your environment:

  • WAS_HOME refer to the installation directory of the IBM WebSphere software
  • MQ_HOME refers to the installation location of the IBM WebSphere MQ software.
  • PROFILE_NAME refers to the name of the profile in which you created the server.
  • To allow agents to be authenticated to IBM WebSphere JNDI, add the following definitions:
    • -Djava.ext.dirs=<CLASSPATH>, where the CLASSPATH should contain the following directories:
      • $MQ_HOME\java\lib
      • $WAS_HOME\AppServer\java\jre\lib\ext
      • $WAS_HOME\AppServer\java\jre\lib
      • $WAS_HOME\AppServer\lib
      • $WAS_HOME\AppServer\lib\ext
      • $WAS_HOME\AppServer\properties
      • $WAS_HOME\AppServer\profiles\<PROFILE_NAME>\properties.
    • com.ibm.CORBA.ConfigURL should be set to the full path to the sas props file that you want to use such as -Dcom.ibm.CORBA.ConfigURL=$WAS_HOME/AppServer/profiles/<PROFILE_NAME>/properties/sas.client.props.

      The SAS props file is obtained from the IBM WebSphere installation. You need to modify this text file to contain the username and password to be used for authentication to the IBM WebSphere (corbaloc based) JNDI.

      Note: For more information about how to set any of the above mentioned defines refer to IBM documentation. In specific, read the IBM WebSphere documentation to understand how to enable and configure Global security.
  • To enable SSL encryption on the transmission of JMS messages to MQ, enable SSL on the channel to which your agents and services are connected. Create the Connection Factory using the equivalent SSLCIPHERSPEC. On the java command line specify the following definitions:
    • javax.net.ssl.trustStore
    • javax.net.ssl.keyStorePassword
    • javax.net.ssl.KeyStore
      Note: Refer to the IBM WebSphere MQ documentation to learn how to turn on the SSL on the server channel to which the Sterling Order Management System agents and services connect. For more information about how to use the SSLCIPHERSPEC option while creating the Connection Factory, see the IBM documentation.