Configure security

We can configure security for the IBM MQ Console and the REST API by editing the mqwebuser.xml file. We can configure and authenticate users by configuring either a basic user registry, or an LDAP registry, or any of the other registry types that are provided with WebSphere Liberty. We can then authorize those users by assigning users and groups a role.

About this task

To configure security for the IBM MQ Console, and REST API, we must configure users and groups. These users and groups can then be authorized to use the IBM MQ Console, or REST API, or both. For more information about configuring users and groups, and authenticating and authorizing users, see IBM MQ Console and REST API security.

When users authenticate with the IBM MQ Console, an LTPA token is generated. This token enables the user to use the IBM MQ Console without re-authenticating until the token expires.

If we use token based authentication with the REST API, a different LTPA token is generated when the user logs in using the /login REST API resource with the HTTP POST method. You can configure when this token expires, and whether this token can be used for both HTTP and HTTPS connections. For more information, see Configure the LTPA token.

Parent topic: Configure the IBM MQ Console and REST API