SecurityProfiles configurable service

Select the objects and properties that you want to change for the SecurityProfiles configurable service.

To change these properties, you must specify the integration node name and -c SecurityProfiles. You must also set the ObjectName to either Default_Propagation or the name of a SecurityProfiles configurable service that you have defined by using the mqsicreateconfigurableservice command. The properties and values are the same for all services.

For SecurityProfiles configurable services, you must stop and start the integration server for a change of property value to take effect.

The SecurityProfiles configurable service is independent of the securitycache component.

Supplied configurable services that are created for each integration node Properties for each configurable service that is defined Description of properties

Default_Propagation

Start of change

AlternateServers

End of change		 Start of changeThe comma-separated list of alternate LDAP servers to failover when the primary server is not available. The list has the following format:
ldap[s]://host1:[port1], ldap[s]://host2:[port2], ldap[s]://host3:[port3]
After failover, the newly connected LDAP server becomes the primary server. End of change

authentication

The type of authentication that is performed on the source identity. Valid values are:
  • NONE
  • LDAP
  • TFIM
  • WS-Trust V1.3 STS
  • A user-defined value

If you are using TFIM V6.1, specify TFIM. If you are using TFIM V6.2, specify WS-Trust V1.3 STS.

authenticationConfig

The information that the integration node needs to connect to the provider, specific to the provider. It is a provider-specific configuration string.

authorization

 The types of authorization checks that are performed on the mapped or source identity. Valid values are:
  • NONE
  • LDAP
  • TFIM
  • WS-Trust V1.3 STS
  • A user-defined value

If you are using TFIM V6.1, specify TFIM. If you are using TFIM V6.2, specify WS-Trust V1.3 STS.

authorizationConfig

How the integration node connects to the provider, specific to the provider. It is a provider-specific configuration string.
idToPropagateToTransport Enables the use of a specific security identity for propagation. Set the value to Static ID and set the security identity by using the transportPropagationConfig property. This property has a default value of Message ID.
transportPropagationConfig This property provides a specific security identity to propagate when idToPropagateToTransport is set to Static ID. Set the value of this property to the name that you associate with the static user name and password identity when you run the mqsisetdbparms command (see Configuring a message flow for identity propagation).

mapping

 The type of mapping that is performed. Valid values are:
  • NONE
  • TFIM
  • WS-Trust V1.3 STS
  • A user-defined value

If you are using TFIM V6.1, specify TFIM. If you are using TFIM V6.2, specify WS-Trust V1.3 STS.

mappingConfig

How the integration node connects to the provider, specific to the provider. It is a provider-specific configuration string.

passwordValue

 How passwords are treated when they enter a message flow. Valid values are:
  • PLAIN
  • MASK
  • OBFUSCATE
Default is PLAIN.

propagation

 Indicates whether identity propagation is performed on output and request nodes. Valid values are:
  • TRUE
  • FALSE
Default is TRUE.
 

rejectBlankpassword

 Indicates whether the security manager internally rejects a user name that has an empty password token, without passing it to the configured security provider for authentication, for example an LDAP server. Valid values are:
  • TRUE
  • FALSE
Default is FALSE.