Security for bus bus_name [Settings]
Configure the security settings for our service integration bus.
To view this pane in the console, click one of the following paths:
Service integration -> Buses -> bus_name > [Additional Properties] Security.
Service integration -> Buses -> security_value.
The value of security_value is either Enabled if messaging security is enabled, or Disabled if messaging security is not enabled.
Configuration tab
The Configuration tab shows configuration properties for this object. These property values are preserved even if the runtime environment is stopped then restarted.
Launch Bus Security Wizard
Click to start a wizard to configure the security settings bus for a bus. If the wizard detects that bus security is disabled, we are prompted to enable it.
General Properties
Enable bus security
Select this option to inherit the secure administration setting of the cell. Deselect this option if you always wish to disable bus security.
Information Value Required No Data type Boolean
Inter-engine authentication alias
The name of the authentication alias used to authorize communication between messaging engines on the bus.
Specify an inter-engine authentication alias if the bus contains a WebSphere Application Server v6 bus member. When bus security is enabled, the bus uses the inter-engine authentication alias to authenticate incoming connections from other messaging engines. An unauthorized messaging engine cannot connect to the bus.
Information Value Required No Data type drop-down list
Permitted transports
Select the type of allowed permitted transports.
- Allow the use of all defined transport channel chains
- Restrict the use of defined transport channel chains to those protected by SSL
- Restrict the use of defined transport channel chains to the list of permitted transports
To ensure that all ports used by the bus are secure, select Restrict the use of defined transport channel chains to those protected by SSL, or if your permitted transport chains are secure, select Restrict the use of defined transport channel chains to the list of permitted transports. This prevents the InboundBasicMessaging port being opened. Changes to this setting are effective when the server is restarted.
Information Value Required No Data type Radio button
Use the Server ID when running mediations
Check this option to run mediations using the server identity, instead of using a mediation authentication alias.
Select this option to run mediations on multiple servers in different domains. Using the server identity enables us to run mediations successfully across multiple security domains without having to specify a mediation authentication alias for each domain. We can also use this option when multiple domains are not in use.
Information Value Required No Data type Boolean
Mediations authentication alias
The name of the authentication alias used to authorize mediations to access the bus.
Specify a mediation authentication alias if the bus contains a WAS v6 bus member. The mediations authentication alias ensures that the bus operates securely. If a mediation authentication alias is specified for a bus containing no v6 bus members, it is ignored.
Information Value Required No Data type drop-down list
Bus security domain
Select one of the following options to assign the bus to a security domain:
- Use the global security domain
- Select this option to assign the bus to the global security domain. If we have a mixed-version bus, we must assign it to the global security domain.
Information Value Required No Data type Radio button
- Inherit the cell level security domain
- Select this option to let the bus inherit the cell level security domain. If no cell level domain is specified then the global security domain will be used.
Information Value Required No Data type Radio button
- Use the selected domain
- Select a custom security domain for this bus. This domain will be used for authentication and determining other security information.
Information Value Required No Data type Radio button
- Configure Security Domain...
- Select this link to configure security settings for a custom security domain. This link becomes active only after we have applied or saved the option to use a non-global domain.
Performance
Group cache timeout
The length of time, in minutes, that a security group will be cached for.
Increasing the timeout decreases the load on the user registry and improves performance but makes the system less responsive to changes in a user's group membership. To tune the user's group cache to the optimum setting, we have to balance the need for responsiveness with the registry load. The default is 120 minutes. If the system must respond quickly to changes in a user's group membership, specify a timeout of approximately 15 minutes. If it is acceptable to update a user's group membership only once a day, for example, as an overnight process, specify a timeout of 1440 minutes (24 hours). With a setting of 0, entries in the cache do not timeout, and so remain until the server is next restarted.
A change to this value is effective immediately and only affects the group cache of the bus for which the configuration was changed.
Information Value Required No Data type Long Range 0 through 99999
Audit
Enable the auditing service for this bus
Information Value Required No Data type Boolean
Authorization Policy
- Users and groups in the bus connector role
- The list of users and groups in the bus connector role.
- Manage default access roles
- Manage the assignment of default role types to users and groups
- Manage destination access roles
- Manage the assignment of destination role types to users and groups
- Manage foreign bus access roles
- Manage the assignment of foreign bus role types to users and groups
- Manage temporary destination prefix access roles
- Manage the assignment of temporary destination prefix role types to users and groups
- Manage topic access roles
- Manage the assignment of topic role types to users and groups
- Manage users and groups not known to the user repository
- Manage users and groups not known to the user repository
Additional Properties
- Permitted transports
- The list of permitted transports.
Related Items
- JAAS - J2C authentication data
- List of user identities and passwords for Java 2 connector security to use.
- Secure Administration and Applications
- Link to configure WebSphere global security settings.
- Security domains
- Security domain configuration.
- Audit Service
- Configure the global audit settings
Secure service integration Auditing the service integration security infrastructure Administer permitted transports for a bus