SAFMQ provides the ability to securely log into the SAFMQ server with out specifying a user id or password. This feature is only available when utilizing SAFMQ over SSL (safmqs), and assigning an X509 identity to a user account in the SAFMQ server instance. Items needed to perform this task are as follows:
To successfully use passwordless authentication, perform the following steps:
- SAFMQ built with SSL enabled
- A valid X509 certificate
- Obtain a valid X509 certificate.
- Assign an X509 identity to a valid user account using the MQConnection::AddUserIdentity() method, or the SAFMQ manager Java GUI, specifying the Subject and Issuer distinguished names from the certificate listed above.
- Establish an SSLContext object specifying the Private Key and X509 Digital Certificate from above.
- Utilize the SSLContext object to build an MQConnection or MessageQueue object using the MQFactory class.
Notes on password authentication:
- The User ID mapped to the Subject and Issuer from the X509 certificate will be automatically used as the security context when using passwordless authentication.
- The User ID is not required to be specified when connecting and authenticating using passwordless authentication.
- If a User ID is specified when establishing a connection, it must match the User ID mapped to the X509 certificate identity. Otherwise, SAFMQ will default to password authentication, and a valid password must be sent to the server.
- Password Authentication is supported with SAFMQ over SSL. This is the default behavior, if the X509 certificate identity is not mapped to a user, or if now X509 certificate is supplied by the client.
Example using safmqc to perform passwordless authenticationsafmqc --key=myCert.pem --cert=myKey.pem --enumeratequeues safmqs://:@localhost
Notes about the passwordless URL and safmqc:
- The URL specifies SAFMQ over SSL safmqs://:@localhost
- The URL specifies a blank user name and password safmqs://:@localhost
Table of Contents Hierarchy of classes