SecurityProfiles configurable service
Select the objects and properties that you want to change for the SecurityProfiles configurable service.
To change these properties, you must specify the integration node name and -c SecurityProfiles. You must also set the ObjectName to either Default_Propagation or the name of a SecurityProfiles configurable service that you have defined by using the mqsicreateconfigurableservice command. The properties and values are the same for all services.
For SecurityProfiles configurable services, you must stop and start the integration server for a change of property value to take effect.
The SecurityProfiles configurable service is independent of the securitycache component.
Supplied configurable services that are created for each integration node | Properties for each configurable service that is defined | Description of properties |
---|---|---|
Default_Propagation |
AlternateServers |
The comma-separated list of alternate LDAP servers to failover
when the primary server is not available. The list has the following
format: After
failover, the newly connected LDAP server becomes the primary server. |
authentication |
The type of authentication that is performed on the source identity. Valid
values are:
If you are using TFIM V6.1, specify TFIM. If you are using TFIM V6.2, specify WS-Trust V1.3 STS. |
|
authenticationConfig |
The information that the integration node needs to connect to the provider, specific to the provider. It is a provider-specific configuration string. |
|
authorization |
The types of authorization checks that are performed on the mapped or source
identity. Valid values are:
If you are using TFIM V6.1, specify TFIM. If you are using TFIM V6.2, specify WS-Trust V1.3 STS. |
|
authorizationConfig |
How the integration node connects to the provider, specific to the provider. It is a provider-specific configuration string. |
|
idToPropagateToTransport | Enables the use of a specific security identity for propagation. Set the value to Static ID and set the security identity by using the transportPropagationConfig property. This property has a default value of Message ID. | |
transportPropagationConfig | This property provides a specific security identity to propagate when idToPropagateToTransport is set to Static ID. Set the value of this property to the name that you associate with the static user name and password identity when you run the mqsisetdbparms command (see Configuring a message flow for identity propagation). | |
mapping |
The type of mapping that is performed. Valid values are:
If you are using TFIM V6.1, specify TFIM. If you are using TFIM V6.2, specify WS-Trust V1.3 STS. |
|
mappingConfig |
How the integration node connects to the provider, specific to the provider. It is a provider-specific configuration string. |
|
passwordValue |
How passwords are treated when they enter a message flow. Valid values are:
|
|
propagation |
Indicates whether identity propagation is performed on output and request
nodes. Valid values are:
|
|
rejectBlankpassword |
Indicates whether the security manager internally rejects a user name that has
an empty password token, without passing it to the configured security provider for authentication,
for example an LDAP server. Valid values are:
|