0

I have tried enabling http authentication to a SOAPInput node in my message flow, however it does not seem to take effect. I don't have to pass any credentials and I still get a reply. These are the steps I have taken:

1.) created a security profile with the following commands: 

## Set up the security id 
mqsisetdbparms DEV_ESB30_AP01 -n basicSecurityId -u user1 -p testPass1 

## Set up the security profile 
mqsicreateconfigurableservice DEV_ESB30_AP01 -c SecurityProfiles -o orsSecurityProfile -n "propagation,idToPropagateToTransport,transportPropagationConfig" -v "TRUE,STATIC ID,basicSecurityId"

2.) I set the security profile in the BAR to basicSecurityId

Am I missing something?

Did I define the security profile correctly?

This security profile authenticates correctly when used in a SOAPRequest node, but completely ignored in a SOAPInput node. Thanks for any help you can give.

Angel
  • 57
  • 1
  • 1
  • 8

1 Answers1

1

You need to tell broker how to authenticate by setting and authentication provider in the security profile (ie/ LDAP, WS-TRUST).

The security profile you have posted just tells broker to put the ID in the properties folder, not actually to do anything with it.

Note that is it not currently possible to do both WS-Security and Basic Auth at the same time so if you have a policyset configured basic auth will not work.

Dave
  • 633
  • 4
  • 6
  • Can I configure it without going through a third party? I just want it to check against the credentials stored in the security profile. – Angel Jun 06 '14 at 12:11
  • You aren't storing an identity in the security profile. You are telling the security profile where to get the id that you want to propagate. Authentication and identity propagation are different concepts that both happen to be configured via the SecurityProfile. – Dave Jun 06 '14 at 16:31
  • So in other words, no you cant get basic auth without having some auithentication mechanism. You could do it yourself in the flow but you wouldnt get the 401 challenge / response logic that the nodes provide and there also isnt any way to access the password store from ESQL or Java – Dave Jun 06 '14 at 16:33
  • Thank you for clearing that up. Is there an authentication mechanism built into the broker I can use? – Angel Jun 06 '14 at 18:52