+

Search Tips   |   Advanced Search

Mediations security

When bus security is enabled, authorization permissions are required to ensure that mediations can run, and undertake messaging operations securely on a service integration bus. There are mechanisms for mediations security, and implications for running mediations on a bus that spans multiple security domains.

When bus security is enabled, the messaging engine must be authorized to access the mediation. Authorization is granted using a mediations authentication alias or an LTPA token, depending on the version of the bus member:

When an application sends a message to the bus, the identity of the sender application is associated with the message. The message is sent to the next destination in the forward routing path providing the message originator has Sender authority for that destination. If a mediation processes the message in some way at the target destination, the identity associated with the message is preserved by default. We can program the mediation to reset the message identity to the identity under which the mediation code runs. For example, if the mediated destination represents the boundary between two security domains, the sender application is not authorized to access the mediated destination. By translating different identities into a single user identity, we can control access between security domains. For more information about programming mediations, see Mediation programming. For more information about using the resetIdentity() method, see SIMediationSession.

When we install a mediation for use when bus security is enabled, ensure that the identity used by the bus to call the mediation can access the mediation. By default, a mediation is unauthenticated. We can configure it to use the mediations authentication alias by specifying a RunAs role using the assembly tools. See Configure an alternative mediation identity for a mediation handler.

If bus security is enabled, and a mediation is sending messages to a destination, the mediation identity requires authority to access the destination. See Administer authorization permissions. Any new messages sent by the mediation are sent using the mediation identity.

If administrative security is disabled, an identity is not configured for the mediation. If bus security is enabled, and administrative security is disabled, the mediation is not authenticated to access bus destinations.


Use mediations in multiple security domains

We can run mediations successfully in a bus topology where the members of a bus span multiple security domains. The bus security configuration provides an option, called addUserServerIdForMediations, to allow mediations to run under a server identity. In this case, a mediation authentication alias is not required.

Mediations are deployed as applications, and run in the domain used by the application server, not the bus domain. Because the mediation authentication alias applies to the whole bus, if we run a mediation on multiple servers in different domains, ensure that the user identity in the mediation authentication alias exists in the configuration for each domain. Alternatively, we can choose to use the server identity option. Use this option even if multiple domains are not in use.


Related:

  • Mediations
  • Service integration security planning
  • Secure mediations
  • Configure the bus to access secured mediations
  • Configure a bus to run mediations in a multiple security domain environment
  • Configure an alternative mediation identity for a mediation handler