IBM Integration Bus, Version 9.0.0.8 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Creating a security profile for TFIM V6.1

You can create a security profile for Tivoli® Federated Identity Manager (TFIM) V6.1 for any combination of the following functions: authentication, authorization, and mapping. You can use either the mqsicreateconfigurableservice command or an editor in the IBM® Integration Explorer to create the security profile.

Note: Support for TFIM V6.1 is included for compatibility with previous versions of IBM Integration Bus. If possible, upgrade to TFIM V6.2 and follow the instructions in Creating a security profile for WS-Trust V1.3 (TFIM V6.2).
Parent topic: Creating a security profile

Creating a profile using mqsicreateconfigurableservice

To create a security profile that uses TFIM V6.1, you can use the mqsicreateconfigurableservice command by setting the configuration parameter to the URL of the TFIM server. For example: http://tfimserver.mycompany.com:9080

To create a security profile that uses TFIM V6.1 for mapping, enter the following command: 
mqsicreateconfigurableservice brokername -c SecurityProfiles -o profilename 
-n mapping,mappingConfig -v TFIM,http://tfimserver.mycompany.com:9080
If the URL specifies an address beginning with https://, an SSL secured connection is used for requests to the TFIM server. For example, to create a security profile that uses an HTTPS connection to TFIM for mapping, enter the following command:
mqsicreateconfigurableservice brokername -c SecurityProfiles -o profilename 
-n mapping,mappingConfig -v TFIM,https://tfimserver.mycompany.com:9443
where https://tfimserver.mycompany.com:9443 is the address of the TFIM server.

If TFIM is selected for more than one operation (for example, for authentication and mapping), the TFIM server URL must be identical for all the operations, and is therefore specified only once.

The following example creates a security profile that uses TFIM for authentication, mapping, and authorization: 
mqsicreateconfigurableservice MYBROKER -c SecurityProfiles -o TFIM 
-n authentication,mapping,authorization,propagation,mappingConfig 
-v TFIM,TFIM,TFIM,TRUE,http://tfimhost1.ibm.com:9080

Creating a profile for TFIM V6.1 using the IBM Integration Explorer

You can use the IBM Integration Explorer to create a security profile for using TFIM V6.1.
  1. In the IBM Integration Explorer, right-click on the broker with which you want to work, and click Properties.
  2. In the Properties window, select the Security tab, and click Security Profiles. The Security Profiles window is displayed, containing a list of existing security profiles for the broker on the left and, on the right, a pane in which you can configure the profile.
  3. Click Add to create a new profile and add it to the list. You can edit the name of the security profile by highlighting it in the list and pressing F2.
  4. Configure the security profile using the entry fields on the right side of the pane:
    1. Select the type of Authentication, Mapping, and Authorization required. If you select TFIM V6.1 for any of these options, the TFIM Configuration field at the bottom of the pane is enabled.
    2. If you have selected TFIM V6.1 for authentication, mapping or authorization, type the URL of the TFIM server into the TFIM Configuration field. The URL that you enter forms a configuration string, which is displayed in one or more of the configuration fields (Authentication Config, Mapping Config, and Authorization Config) depending on the entry fields that have TFIM selected.

      For more information about the valid values for the configuration parameter, see Creating a profile using mqsicreateconfigurableservice.

    3. In the Propagation field, specify whether you require the identity to be propagated. The default is False.
    4. In the Password Value field, select the way in which the password is displayed in the properties folder. The options are:
      PLAIN
      The password is shown in the Properties folder as plain text.
      OBFUSCATE
      The password is shown in the Properties folder as base64 encoding.
      MASK
      The password is shown in the Properties folder as four asterisks (****).
  5. Click Finish to deploy the security profile to the broker.
Related concepts:
Identity
Authentication and validation
Identity mapping
Authorization
Identity and security token propagation
Security profiles
Related tasks:
Configuring the extraction of an identity or security token
Configuring identity authentication and security token validation
Configuring identity mapping
Creating a security profile
Configuring authorization
Configuring a message flow for identity propagation
Setting up message flow security
Related reference:
mqsicreateconfigurableservice command
ap04142_.htm | Last updated Friday, 21 July 2017