+

Search Tips   |   Advanced Search

Security for bus bus_name [Settings]

Configure the security settings for our service integration bus.

To view this pane in the console, click one of the following paths:

Service integration -> Buses -> bus_name > [Additional Properties] Security.

Service integration -> Buses -> security_value.

The value of security_value is either Enabled if messaging security is enabled, or Disabled if messaging security is not enabled.


Configuration tab

The Configuration tab shows configuration properties for this object. These property values are preserved even if the runtime environment is stopped then restarted.


Launch Bus Security Wizard

Click to start a wizard to configure the security settings bus for a bus. If the wizard detects that bus security is disabled, we are prompted to enable it.


General Properties


Enable bus security

Select this option to inherit the secure administration setting of the cell. Deselect this option if you always wish to disable bus security.

Information Value
Required No
Data type Boolean


Inter-engine authentication alias

The name of the authentication alias used to authorize communication between messaging engines on the bus.

Specify an inter-engine authentication alias if the bus contains a WebSphere Application Server v6 bus member. When bus security is enabled, the bus uses the inter-engine authentication alias to authenticate incoming connections from other messaging engines. An unauthorized messaging engine cannot connect to the bus.

Information Value
Required No
Data type drop-down list


Permitted transports

Select the type of allowed permitted transports.

Allow the use of all defined transport channel chains

Restrict the use of defined transport channel chains to those protected by SSL

Restrict the use of defined transport channel chains to the list of permitted transports

To ensure that all ports used by the bus are secure, select Restrict the use of defined transport channel chains to those protected by SSL, or if your permitted transport chains are secure, select Restrict the use of defined transport channel chains to the list of permitted transports. This prevents the InboundBasicMessaging port being opened. Changes to this setting are effective when the server is restarted.

Information Value
Required No
Data type Radio button


Use the Server ID when running mediations

Check this option to run mediations using the server identity, instead of using a mediation authentication alias.

Select this option to run mediations on multiple servers in different domains. Using the server identity enables us to run mediations successfully across multiple security domains without having to specify a mediation authentication alias for each domain. We can also use this option when multiple domains are not in use.

Information Value
Required No
Data type Boolean


Mediations authentication alias

The name of the authentication alias used to authorize mediations to access the bus.

Specify a mediation authentication alias if the bus contains a WAS v6 bus member. The mediations authentication alias ensures that the bus operates securely. If a mediation authentication alias is specified for a bus containing no v6 bus members, it is ignored.

Information Value
Required No
Data type drop-down list


Bus security domain

Select one of the following options to assign the bus to a security domain:

Use the global security domain

Select this option to assign the bus to the global security domain. If we have a mixed-version bus, we must assign it to the global security domain.

Information Value
Required No
Data type Radio button

Inherit the cell level security domain

Select this option to let the bus inherit the cell level security domain. If no cell level domain is specified then the global security domain will be used.

Information Value
Required No
Data type Radio button

Use the selected domain

Select a custom security domain for this bus. This domain will be used for authentication and determining other security information.

Information Value
Required No
Data type Radio button

Configure Security Domain...

Select this link to configure security settings for a custom security domain. This link becomes active only after we have applied or saved the option to use a non-global domain.


Performance


Group cache timeout

The length of time, in minutes, that a security group will be cached for.

Increasing the timeout decreases the load on the user registry and improves performance but makes the system less responsive to changes in a user's group membership. To tune the user's group cache to the optimum setting, we have to balance the need for responsiveness with the registry load. The default is 120 minutes. If the system must respond quickly to changes in a user's group membership, specify a timeout of approximately 15 minutes. If it is acceptable to update a user's group membership only once a day, for example, as an overnight process, specify a timeout of 1440 minutes (24 hours). With a setting of 0, entries in the cache do not timeout, and so remain until the server is next restarted.

A change to this value is effective immediately and only affects the group cache of the bus for which the configuration was changed.

Information Value
Required No
Data type Long
Range 0 through 99999


Audit

Enable the auditing service for this bus

Information Value
Required No
Data type Boolean


Authorization Policy

Users and groups in the bus connector role

The list of users and groups in the bus connector role.

Manage default access roles

Manage the assignment of default role types to users and groups

Manage destination access roles

Manage the assignment of destination role types to users and groups

Manage foreign bus access roles

Manage the assignment of foreign bus role types to users and groups

Manage temporary destination prefix access roles

Manage the assignment of temporary destination prefix role types to users and groups

Manage topic access roles

Manage the assignment of topic role types to users and groups

Manage users and groups not known to the user repository

Manage users and groups not known to the user repository


Additional Properties

Permitted transports

The list of permitted transports.


Related Items

JAAS - J2C authentication data

List of user identities and passwords for Java 2 connector security to use.

Secure Administration and Applications

Link to configure WebSphere global security settings.

Security domains

Security domain configuration.

Audit Service

Configure the global audit settings

  • Secure service integration
  • Auditing the service integration security infrastructure
  • Administer permitted transports for a bus