Connect:Direct credentials file format

The ConnectDirectCredentials.xml file in the agent configuration directory defines the user names and credential information that the Connect:Direct® agent uses to authorize itself with a Connect:Direct node.

The ConnectDirectCredentials.xml file must conform to the ConnectDirectCredentials.xsd schema. The ConnectDirectCredentials.xsd schema document is located in the MQ_INSTALLATION_PATH/mqft/samples/schema directory of the MQMFT installation. A sample ConnectDirectCredentials.xml file is located in the MQ_INSTALLATION_PATH/mqft/samples/credentials directory of the MQMFT installation.

The file ConnectDirectCredentials.xml is periodically reloaded by the agent and any valid changes to the file will affect the behavior of the agent. The default reload interval is 30 seconds. This interval can be changed by specifying the agent property xmlConfigReloadInterval in the agent.properties file.

Schema

The following schema describes which elements are valid in the ConnectDirectCredentials.xml file.


<?xml version="1.0" encoding="UTF-8"?>
 
<!-- 
  This schema defines the format of the XML file that is located in the agent properties 
  directory of a Connect:Direct bridge agent. The XML file ConnectDirectCredentials.xml
  is used by the default credential validation of the Connect:Direct bridge.
  For more information, see the WebSphere MQ InfoCenter
-->

<schema targetNamespace="http://wmqfte.ibm.com/ConnectDirectCredentials"
        elementFormDefault="qualified" 
        xmlns="https://www.w3.org/2001/XMLSchema" 
        xmlns:tns="http://wmqfte.ibm.com/ConnectDirectCredentials"

  <!--
    <?xml version="1.0" encoding="UTF-8"?>
    
    <tns:credentials xmlns:tns="http://wmqfte.ibm.com/ConnectDirectCredentials"
                       xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
                       xsi:schemaLocation="http://wmqfte.ibm.com/ConnectDirectCredentials
                       ConnectDirectCredentials.xsd">
      <tns:agent name="CDAGENT01">
        <tns:pnode name="cdnode*" pattern="wildcard">
          <tns:user name="MUSR_.*"
            ignorecase="true"
            pattern="regex"
            cdUserId="bob"
            cdPassword="passw0rd"
            pnodeUserId="bill"
            pnodePassword="alacazam">
          <tns:snode name="cdnode2" pattern="wildcard" userId="sue" password="foo"/>
          </tns:user>
        </tns:pnode>
      </tns:agent>
    </tns:credentials>

  -->

  <element name="credentials" type="tns:credentialsType"/>

  <complexType name="credentialsType">
    <sequence>
      <element name="agent" type="tns:agentType" minOccurs="0" maxOccurs="unbounded"/>
    </sequence> 
  </complexType  

  <complexType name="agentType">
    <sequence>
      <element name="pnode" type="tns:pnodeType" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="name" type="string" use="required"/>
  </complexType>


  <complexType name="pnodeType">
    <sequence>
      <element name="user" type="tns:userType" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="name" type="string" use="required"/>
    <attribute name="pattern" type="tns:patternType" use="optional"/>
  </complexType

  <complexType name="userType">
    <sequence>
      <element name="snode" type="tns:snodeType" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="name" type="string" use="required"/>
    <attribute name="ignorecase" type="boolean" use="optional"/>
    <attribute name="pattern" type="tns:patternType" use="optional"/>
    <attribute name="cdUserId" type="string" use="optional"/>
    <attribute name="cdUserIdCipher" type="string" use="optional"/>
    <attribute name="cdPassword" type="string" use="optional"/>
    <attribute name="cdPasswordCipher" type="string" use="optional"/>
    <attribute name="pnodeUserId" type="string" use="optional"/>
    <attribute name="pnodeUserIdCipher" type="string" use="optional"/>
    <attribute name="pnodePassword" type="string" use="optional"/>
    <attribute name="pnodePasswordCipher" type="string" use="optional"/>
  </complexType>

  <complexType name="snodeType"
    <attribute name="name" type="string" use="required"/>
    <attribute name="pattern" type="tns:patternType" use="optional"/>
    <attribute name="userId" type="string" use="optional"/>
    <attribute name="userIdCipher" type="string" use="optional"/>
    <attribute name="password" type="string" use="optional"/>
    <attribute name="passwordCipher" type="string" use="optional"/>
  </complexType>

  <simpleType name="patternType">
    <restriction base="string">
      <enumeration value="regex"/>
      <enumeration value="wildcard"/>
    </restriction>
  </simpleType>
</schema>

Understanding the ConnectDirectCredentials.xml file

The elements and attributes used in the ConnectDirectCredentials.xml file are described in the following list.

<credentials>

Group element containing elements that describe the credentials used by a Connect:Direct bridge agent to connect to a Connect:Direct node.

<agent>

Group element containing elements for <pnode> definitions for a named agent.

<pnode>

The primary node (PNODE) in the Connect:Direct transfer. This node initiates the connection to the secondary node (SNODE).

Attribute	Description
name	The name of the Connect:Direct node. The value of this attribute can be a pattern that matches many node names.
pattern	Specifies the type of pattern that is used for the value of the name attribute. Valid values for the pattern attribute are wildcard - wildcards are used regex - Java regular expressions are used

<user>

The WebSphere® MQ user that submits the transfer request.

Attribute	Description
name	The user name that is used with IBM® MQ Managed File Transfer. The value of this attribute can be a pattern that matches many user names.
ignorecase	Specifies whether the case of the name is ignored. Valid values for the ignorecase attribute are true - the name is not case sensitive false - the name is case sensitive
pattern	Specifies the type of pattern that is used for the value of the name attribute. Valid values for the pattern attribute are wildcard - wildcards are used regex - Java regular expressions are used
cdUserId or cdUserIdCipher	The user name that is used by the Connect:Direct bridge to connect to its associated Connect:Direct node. If the fteObfuscate command has been used then the cipher version of the attribute must be used.
cdPassword or cdPasswordCipher	The password associated with the user name specified by the cdUserId attribute. If the fteObfuscate command has been used then the cipher version of the attribute must be used.
pnodeUserId or pnodeUserIdCipher	The user name that is used by the Connect:Direct primary node. If the fteObfuscate command has been used then the cipher version of the attribute must be used.
pnodePassword or pnodePasswordCipher	The password associated with the user name specified by the pnodeUserId attribute. If the fteObfuscate command has been used then the cipher version of the attribute must be used.

<snode>

The Connect:Direct node that performs the role of secondary node (SNODE) during the Connect:Direct file transfer.

Attribute	Description
name	The name of the Connect:Direct node. The value of this attribute can be a pattern that matches many node names.
pattern	Specifies the type of pattern that is used for the value of the name attribute. Valid values for the pattern attribute are wildcard - wildcards are used regex - Java regular expressions are used
userId or userIdCipher	The user name used to connect to this node during a file transfer. If the fteObfuscate command has been used then the cipher version of the attribute must be used.
password or passwordCipher	The password associated with the user name specified by the userId attribute. If the fteObfuscate command has been used then the cipher version of the attribute must be used.

Example

In this example, the Connect:Direct bridge agent connects to the Connect:Direct node pnode1. When a WebSphere MQ user with the user name beginning with the prefix fteuser followed by a single character, for example fteuser2, requests a transfer involving the Connect:Direct bridge, the Connect:Direct bridge agent will use the user name cduser and the password passw0rd to connect to the Connect:Direct node pnode1. When the Connect:Direct node pnode1 performs its part of the transfer it uses the user name pnodeuser and the password passw0rd1.

If the secondary node in the Connect:Direct transfer has a name that begins with the prefix FISH, the node pnode1 uses the user name fishuser and the password passw0rd2 to connect to the secondary node. If the secondary node in the Connect:Direct transfer has a name that begins with the prefix CHIPS, the node pnode1 uses the user name chipsuser and the password passw0rd3 to connect to the secondary node.

<?xml version="1.0" encoding="UTF-8"?>

<tns:credentials xmlns:tns="http://wmqfte.ibm.com/ConnectDirectCredentials"
                 xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
                 xsi:schemaLocation="http://wmqfte.ibm.com/ConnectDirectCredentials ConnectDirectCredentials.xsd">
  <tns:agent name="CDAGENT01">
    <tns:pnode name="pnode1" pattern="wildcard">
      <tns:user name="fteuser?" pattern="wildcard" ignorecase="true" 
        cdUserId="cduser" cdPassword="passw0rd"
        pnodeUserId="pnodeuser" pnodePassword="passw0rd1">
      <tns:snode name="FISH*" pattern="wildcard" 
        userId="fishuser" password="passw0rd2"/>
      <tns:snode name="CHIPS*" pattern="wildcard" 
        userId="chipsuser" password="passw0rd3"/>
      </tns:user>
    </tns:pnode>
  </tns:agent>
</tns:credentials>