Set up IBM® Integration Bus to use Integrated Windows Authentication (IWA) to secure inbound requests against a broker on Windows.
Securing an IBM Integration Bus service with IWA modifies the behavior of only the HTTPInput and SOAPInput nodes. For inbound support, IWA requires the HTTP and SOAP nodes to use an embedded (integration server) listener. IWA is not supported by broker listeners. SOAP nodes use embedded listeners by default, but HTTP nodes use broker listeners by default. For information on how to switch to an embedded listener, see Switching from a broker-wide listener to embedded listeners.
If you are using HTTP over SSL (HTTPS), you must set up a public key infrastructure (PKI). For more information, see Setting up a public key infrastructure.
To enable IWA on a broker running on Windows, run the following command:
mqsichangeproperties broker_name -e IntegrationServerName -o ConnectorType
-n integratedWindowsAuthentication -v "PropertyValue"
Where: To check what the current IWA setting is, run the following command:
mqsireportproperties broker_name -e IntegrationServerName -o ConnectorType -r
The following output is displayed within the connector properties:Local environment tree credentials | Properties folder credentials |
---|---|
username (root folder) | IdentitySourceType |
> fullName
(consisting of realm\username) |
|
> username | IdentitySourceToken |
> realm | IdentitySourceIssuedBy |
> package | |
> spn | |
> sid |
mqsichangeproperties IB9NODE -e default -o HTTPSConnector
-n integratedWindowsAuthentication -v "Negotiate"
mqsichangeproperties IB9NODE -e default -o HTTPConnector
-n integratedWindowsAuthentication -v "NTLM;Negotiate"
mqsichangeproperties IB9NODE -e default -o HTTPConnector
-n integratedWindowsAuthentication -v ""