IBM Support

IBM Integration Bus V9.0 support for WebSphere MQ V8

News


Abstract

IBM Integration Bus V9.0 support for WebSphere MQ V8

Content


IBM Integration Bus V9 - Runtime

WebSphere MQ V8 is supported from IBM Integration Bus V9.0.0.2 onwards. In order for the Integration Bus to work with WebSphere MQ V8, the following 'runmqsc' commands can be run to disable the new IDPWOS Authentication that is enabled by default in MQ8:

ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKLOCL(NONE)

REFRESH SECURITY TYPE(CONNAUTH)

These commands remove the optional requirement for Username and Password authentication when connecting to the Queue Manager locally and then refresh the Authentication Service so the changes are picked up.

The reason that this is required is because for a WebSphere MQ Version 8.0 Queue Manager the CONNAUTH CHCKLOCL attribute is set to OPTIONAL by default. This means that user IDs and passwords are not required, but if they are provided then they must be a valid pair, or they are rejected.

Currently, the Config Manager Proxy passes only a Username to MQ, and therefore due to the new default a MQRC 2035 (MQRC_NOT_AUTHORIZED) error is seen when trying to connect to a Node using a WebSphere MQ V8 Queue Manager using the CMP.

If the customer needs to run using the default MQ Security settings with the IBM Integration Bus Runtime, then they can contact IBM service to request APAR IT03599 which will ship a new version of the ConfigManagerProxy.jar that works with the new MQ defaults.


IBM Integration Bus V9 - Clients

Clients that make use of CMP such as Integration Toolkit will hit the same issues with the IDPWOS Authentication described above and therefore in order for them to work with WebSphere MQ V8 the following 'runmqsc' commands can be run to disable the new IDPWOS Authentication that is enabled by default in MQ8:

ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(NONE)

REFRESH SECURITY TYPE(CONNAUTH)

These commands remove the optional requirement for Username and Password authentication when connecting to the Queue Manager locally and then refresh the Authentication Service so the changes are picked up.

Note:
For runmqsc usage instructions see IBM Knowledge Center page:
http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.ref.adm.doc/q083460_.htm

If you want to run using the default MQ Security settings with the IBM Integration Toolkit or Explorer then you should contact IBM service to request APAR IT03599 which can be applied to the Toolkit and Explorer so that they can work with the new MQ Defaults. The Toolkit and Explorer have been enhanced to optionally use a userid and password for the connection so you can connect remotely. The Integration API has two new methods to set the userid and password when using a Java application based on the Integration API.
For example,
MQBrokerConnectionParameters bcp =
new MQBrokerConnectionParameters(host, port, qmgr);
bcp.setConnectionUserid("myuser");
bcp.setConnectionPassword("mypassword");


IBM Integration Explorer support

The Integration Explorer plugins are only supported with MQ Explorer versions 7.1 or 7.5.

Administering MQ v8 brokers using Integrations Explorer with MQ Explorer versions 7.1 or 7.5 is supported.


Document information

More support for: IBM Integration Bus

Component: Environment

Software version: 9.0

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows, z/OS

Reference #: 1685549

Modified date: 04 July 2018