+

Search Tips   |   Advanced Search

Security for bus bus_name [Settings]

Configure the security settings for the service integration bus.

To view this pane in the console, click one of the following paths:

  • Service integration -> Buses -> bus_name > [Additional Properties] Security.
  • Service integration -> Buses -> security_value.

    The value of security_value is either Enabled if messaging security is enabled, or Disabled if messaging security is not enabled.


    Configuration tab

    The Configuration tab shows configuration properties for this object. These property values are preserved even if the runtime environment is stopped then restarted. See the information center task descriptions for information about how to apply configuration changes to the runtime environment.


    Launch Bus Security Wizard

    Click to start a wizard to configure the security settings bus for a bus. If the wizard detects that bus security is disabled, you are prompted to enable it.


    General Properties

    Enable bus security

    Select this option to inherit the secure administration setting of the cell. Deselect this option if you always wish to disable bus security.

    Information Value
    Required No
    Data type Boolean

    Inter-engine authentication alias

    The name of the authentication alias used to authorize communication between messaging engines on the bus.

    Specify an inter-engine authentication alias if the bus contains a WAS v6 bus member. When bus security is enabled, the bus uses the inter-engine authentication alias to authenticate incoming connections from other messaging engines. An unauthorized messaging engine cannot connect to the bus.

    Information Value
    Required No
    Data type drop-down list

    Permitted transports

    Select the type of allowed permitted transports.

    Allow the use of all defined transport channel chains

    Restrict the use of defined transport channel chains to those protected by SSL

    Restrict the use of defined transport channel chains to the list of permitted transports

    To ensure that all ports used by the bus are secure, select Restrict the use of defined transport channel chains to those protected by SSL , or if the permitted transport chains are secure, select Restrict the use of defined transport channel chains to the list of permitted transports. This prevents the InboundBasicMessaging port being opened. Changes to this setting are effective when the server is restarted.

    Information Value
    Required No
    Data type Radio button

    Use the Server ID when running mediations

    Check this option to run mediations using the server identity, instead of using a mediation authentication alias.

    Select this option to run mediations on multiple servers in different domains. Using the server identity enables you to run mediations successfully across multiple security domains without having to specify a mediation authentication alias for each domain. We can also use this option when multiple domains are not in use.

    Information Value
    Required No
    Data type Boolean

    Mediations authentication alias

    The name of the authentication alias used to authorize mediations to access the bus.

    Specify a mediation authentication alias if the bus contains a WAS v6 bus member. The mediations authentication alias ensures that the bus operates securely. If a mediation authentication alias is specified for a bus containing no Version 6 bus members, it is ignored.

    Information Value
    Required No
    Data type drop-down list

    Bus security domain

    Select one of the following options to assign the bus to a security domain:

    Use the global security domain

    Assign the bus to the global security domain. If we have a mixed-version bus, you must assign it to the global security domain.

    Information Value
    Required No
    Data type Radio button

    Inherit the cell level security domain

    Select this option to let the bus inherit the cell level security domain. If no cell level domain is specified then the global security domain will be used.

    Information Value
    Required No
    Data type Radio button

    Use the selected domain

    Select a custom security domain for this bus. This domain will be used for authentication and determining other security information.

    Information Value
    Required No
    Data type Radio button

    Configure Security Domain...

    Select this link to configure security settings for a custom security domain. This link becomes active only after we have applied or saved the option to use a non-global domain.

    Performance

    Group cache timeout

    The length of time, in minutes, that a security group will be cached for.

    Increasing the timeout decreases the load on the user registry and improves performance but makes the system less responsive to changes in a user's group membership. To tune the user's group cache to the optimum setting, we have to balance the need for responsiveness with the registry load. The default value is 120 minutes. If the system must respond quickly to changes in a user's group membership, specify a timeout of approximately 15 minutes. If it is acceptable to update a user's group membership only once a day, for example, as an overnight process, specify a timeout of 1440 minutes (24 hours). With a setting of 0, entries in the cache do not timeout, and so remain until the server is next restarted.

    A change to this value is effective immediately and only affects the group cache of the bus for which the configuration was changed.

    Information Value
    Required No
    Data type Long
    Range 0 through 99999

    Audit

    Enable the auditing service for this bus

    Information Value
    Required No
    Data type Boolean


    Authorization Policy

    Users and groups in the bus connector role

    The list of users and groups in the bus connector role.

    Manage default access roles

    Manage the assignment of default role types to users and groups

    Manage destination access roles

    Manage the assignment of destination role types to users and groups

    Manage foreign bus access roles

    Manage the assignment of foreign bus role types to users and groups

    Manage temporary destination prefix access roles

    Manage the assignment of temporary destination prefix role types to users and groups

    Manage topic access roles

    Manage the assignment of topic role types to users and groups

    Manage users and groups not known to the user repository

    Manage users and groups not known to the user repository


    Additional Properties

    Permitted transports

    The list of permitted transports.


    Related Items

    JAAS - J2C authentication data

    List of user identities and passwords for Java 2 connector security to use.

    Secure Administration and Applications

    Link to configure WebSphere global security settings.

    Security domains

    Security domain configuration.

    Audit Service

    Configure the global audit settings


    Related concepts

  • Messaging security

  • Message security in a service integration bus


    Related tasks

  • Secure service integration

  • Auditing the service integration security infrastructure

  • Administer permitted transports for a bus


    Related information:

  • Administrative console buttons

  • Administrative console preference settings Reference topic