Secure links between messaging engines
For a mixed-version bus, when security is enabled, we must define an inter-engine authentication alias so that the messaging engines can establish trust.
Ensure that the user ID that we intend to use for the inter-engine authentication alias meets the following conditions:
- It exists in the user registry.
- It is used only for messaging engine to messaging engine authentication.
- It has not been added to the bus connector access role.
If we have a secure bus where all bus members are at v7.0 or later, trust between v7.0 or later messaging engines is established using a LTPA token, and we do not need to perform this task.
If we have a secure, mixed-version bus, define an inter-engine authentication alias to prevent unauthorized messaging engines from establishing a connection. Messaging engines use the inter-engine authentication alias to establish trust in the following scenarios:
- A WebSphere Application Server v6 messaging engine initiates a link with a v7.0 or later messaging engine.
- A v7.0 or later messaging engine initiates a link with a v6 messaging engine.
If we add a server or cluster as a bus member, if that action creates a mixed-version bus, we define an inter-engine authentication alias during that task, and we do not need to perform this task.
Tasks
- In the navigation pane, click Service integration -> Buses -> security_value. The bus security configuration panel for the corresponding bus is displayed.
- In the Inter-engine authentication alias field, select an authentication alias.
- Click OK.
- Save changes to the master configuration.
We have selected an inter-engine authentication alias for the bus to use in establishing trust between mixed-version messaging engines.
What to do next
If we require additional security, we can configure the SSL certificate stores to restrict objects that can make an SSL connection, and thereby connect to the bus. See Create a Secure Sockets Layer configuration.
Related:
Temporary bus destinations Destination routing paths Interconnected buses Common issues with all bus configurations Disable bus security Enable client SSL authentication Administer authorization permissions Secure messages between messaging buses Secure access to a foreign bus Controlling which foreign buses can link to your bus Secure database access Secure mediations Administer the bus connector role Add a server as a new bus member Add a cluster as a member of a bus Secure buses Add unique names to the bus authorization policy Administer permitted transports for a bus