SlideShare uma empresa Scribd logo

IBM MQ Token Authentication.pdf

R
Robert Parker

Presented at the IBM MQ User Group hosted in France. A short presentation on the new Token Based Authentication feature

Software
1 de 21
Baixar para ler offline
TechCon 2022 IBM MQ Token Based Authentication Rob Parker Security Architect, MQ Distributed parrobe@uk.ibm.com © 2022 IBM Corporation IBM MQ | 30 Years of Innovation
Important Disclaimers IBM’s statements regarding its plans, directions and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. © Copyright IBM Corporation 2023. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM and the IBM logo are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on ibm.com/trademark. 2 © 2023 IBM Corporation IBM MQ | 30 Years of Innovation
IBM Automation / June, 2023 / © 2023 IBM Corporation 3 What is JWT? IBM MQ | 30 Years of Innovation
IBM MQ 9.3.4 – Token-based authentication What is a token? • A token is a simple structure that contains information about a user and can easily be transferred between parties over the internet. • A JWT can be cryptographically signed to form a JWS. This allows for the cryptographic verification of the information inside the JWT. • Authentication tokens that are used with IBM MQ must • Be a valid JWT, as defined by internet standard RFC7519 • Be signed according to JSON Web Signature (JWS) internet standard RFC7515, with an algorithm that IBM MQ supports • Contain the required header parameters and payload claims. • The token can contain a “user claim” that specifies the user ID to be adopted. { "alg": "HS256", "typ": "JWT" } { "user": "user_id", "exp": 1716239022, "nbf": 1516239022 } HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret ) Header Payload Signature eyJhbGciOiJIUzI1NiIsInR5cCI6I kpXVCJ9.eyJzdWIiOiIxMjM0NT Y3ODkwIiwibmFtZSI6IkpvaG4 gRG9lIiwiZXhwIjoxNTE2MjM5 MDIyfQ.E9bQ6QAil4HpH825Q C5PtjNGEDQTtMpcj0SO2W8v mag © 2023 IBM Corporation IBM MQ | 30 Years of Innovation
IBM MQ | 30 Years of Innovation https://jwt.io/ © 2023 IBM Corporation
Full spec IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
IBM Confidential Auth Server IBM MQ | 30 Years of Innovation © 2023 IBM Corporation Benefits
IBM Confidential Auth Server IBM MQ | 30 Years of Innovation Centralized Authentication © 2023 IBM Corporation
IBM Confidential Auth Server Credentials only go to authentication server Token © 2023 IBM Corporation
IBM Confidential Auth Server IBM MQ | 30 Years of Innovation Authenticate how you choose Token © 2023 IBM Corporation
IBM Confidential Auth Server Tokens contain information Token © 2023 IBM Corporation • User • Groups • Authorizations • Expiry • Who issed • etc IBM MQ | 30 Years of Innovation
IBM Automation / June, 2023 / © 2023 IBM Corporation 12 How does JWT work in MQ? IBM MQ | 30 Years of Innovation
IBM MQ 9.3.4 – Token-based authentication From IBM MQ 9.3.4, client applications can provide tokens to authenticate with a queue manager. The queue manager must be configured to accept authentication tokens. • Token-based authentication is supported by queue managers that run on AIX®, Linux®, and OpenShift® Container Platforms. • IBM MQ MQI clients written in C present tokens on connection and can be authenticated. • The client application can run on any platform. • Both IBM MQ MQI clients and Java clients can remain unchanged and use security exits to send authentication tokens to the queue manager. © 2023 IBM Corporation IBM MQ | 30 Years of Innovation
Auth Server MQ Config Keystore Queue Manager IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
Must be 12 characters or less Identity adoption IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
MQCNO cno = {MQCNO_DEFAULT}; MQCSP csp = {MQCSP_DEFAULT}; Char * Token; ... cno.SecurityParmsPtr = &csp; cno.Version = MQCNO_VERSION_5; Token = myOAUthLogin(User,Pass); csp.Version = MQCSP_VERSION_3; csp.AuthenticationType = MQCSP_AUTH_ID_TOKEN; csp.TokenPtr = Token; csp.TokenLength = (MQLONG)strlen(Token); MQCONNX(QMName, &cno, &Hcon, &CompCode, &Creason); Application Changes • C Clients • Network bound © 2023 IBM Corporation
Security exits Auth Server C client App SCYEXIT SCYEXIT IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
Security exits Auth Server Java/JMS client App SCYEXIT IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
Demo?
© 2022 IBM Corporation
Notices and disclaimers © 2023 International Business Machines Corporation. All rights reserved. This document is distributed “as is” without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. Not all offerings are available in every country in which IBM operates. Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at: www.ibm.com/legal/copytrade.shtml. Certain comments made in this presentation may be characterized as forward looking under the Private Securities Litigation Reform Act of 1995. Forward-looking statements are based on the company’s current assumptions regarding future business and financial performance. Those statements by their nature address matters that are uncertain to different degrees and involve a number of factors that could cause actual results to differ materially. Additional information concerning these factors is contained in the Company’s filings with the SEC. Copies are available from the SEC, from the IBM website, or from IBM Investor Relations. Any forward-looking statement made during this presentation speaks only as of the date on which it is made. The company assumes no obligation to update or revise any forward-looking statements except as required by law; these charts and the associated remarks and comments are integrally related and are intended to be presented and understood together. 21 © 2023 IBM Corporation

Recomendados

SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOpsSHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
Rob Convery
 
What's new in IBM MQ
What's new in IBM MQWhat's new in IBM MQ
What's new in IBM MQ
Robert Parker
 
2829 liberty
2829 liberty2829 liberty
2829 liberty
nick_garrod
 
IBM MQ on cloud and containers
IBM MQ on cloud and containersIBM MQ on cloud and containers
IBM MQ on cloud and containers
Robert Parker
 
Enterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualEnterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtual
sflynn073
 
Enterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualEnterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtual
sflynn073
 
The Bluemix Quadruple Threat
The Bluemix Quadruple ThreatThe Bluemix Quadruple Threat
The Bluemix Quadruple Threat
Ram Vennam
 
World of Watson HandsOnLab
World of Watson HandsOnLabWorld of Watson HandsOnLab
World of Watson HandsOnLab
Markus Van Kempen
 

Recomendados

SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOpsSHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
Rob Convery
 
What's new in IBM MQ
What's new in IBM MQWhat's new in IBM MQ
What's new in IBM MQ
Robert Parker
 
2829 liberty
2829 liberty2829 liberty
2829 liberty
nick_garrod
 
IBM MQ on cloud and containers
IBM MQ on cloud and containersIBM MQ on cloud and containers
IBM MQ on cloud and containers
Robert Parker
 
Enterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualEnterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtual
sflynn073
 
Enterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualEnterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtual
sflynn073
 
The Bluemix Quadruple Threat
The Bluemix Quadruple ThreatThe Bluemix Quadruple Threat
The Bluemix Quadruple Threat
Ram Vennam
 
World of Watson HandsOnLab
World of Watson HandsOnLabWorld of Watson HandsOnLab
World of Watson HandsOnLab
Markus Van Kempen
 
IBM i and digital transformation
IBM i and digital transformationIBM i and digital transformation
IBM i and digital transformation
Gerard Suren
 
IBM UrbanCode Deploy and VMware Integrated OpenStack
IBM UrbanCode Deploy and VMware Integrated OpenStackIBM UrbanCode Deploy and VMware Integrated OpenStack
IBM UrbanCode Deploy and VMware Integrated OpenStack
BradDesAulniers2
 
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
Robert Nicholson
 
WebSphere Liberty HTML5 Real-Time Features Lab
WebSphere Liberty HTML5 Real-Time Features LabWebSphere Liberty HTML5 Real-Time Features Lab
WebSphere Liberty HTML5 Real-Time Features Lab
Brian Pulito
 
Software Defined WebSphere Messaging Infrastructure with Puppet
Software Defined WebSphere Messaging Infrastructure with PuppetSoftware Defined WebSphere Messaging Infrastructure with Puppet
Software Defined WebSphere Messaging Infrastructure with Puppet
Rahul Gupta
 
Developing Integrations for IBM Integration Bus on Cloud
Developing Integrations for IBM Integration Bus on CloudDeveloping Integrations for IBM Integration Bus on Cloud
Developing Integrations for IBM Integration Bus on Cloud
Geza Geleji
 
Codemotion Rome 2015 Bluemix Lab Tutorial
Codemotion Rome 2015 Bluemix Lab TutorialCodemotion Rome 2015 Bluemix Lab Tutorial
Codemotion Rome 2015 Bluemix Lab Tutorial
gjuljo
 
Exposing auto-generated Swagger 2.0 documents from Liberty!
Exposing auto-generated Swagger 2.0 documents from Liberty!Exposing auto-generated Swagger 2.0 documents from Liberty!
Exposing auto-generated Swagger 2.0 documents from Liberty!
Arthur De Magalhaes
 
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
nick_garrod
 
IBM Message Hub: Cloud-Native Messaging
IBM Message Hub: Cloud-Native MessagingIBM Message Hub: Cloud-Native Messaging
IBM Message Hub: Cloud-Native Messaging
Andrew Schofield
 
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Scott Simmons
 
Simplifying IBM MQ Security in your MQ estate
Simplifying IBM MQ Security in your MQ estateSimplifying IBM MQ Security in your MQ estate
Simplifying IBM MQ Security in your MQ estate
Robert Parker
 
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion
 
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
Arthur De Magalhaes
 
OpenWhisk Introduction
OpenWhisk IntroductionOpenWhisk Introduction
OpenWhisk Introduction
Ioana Baldini
 
Managing integration in a multi cluster world
Managing integration in a multi cluster worldManaging integration in a multi cluster world
Managing integration in a multi cluster world
Shikha Srivastava
 
Introduction to IBM Cloud Private - April 2018
Introduction to IBM Cloud Private - April 2018Introduction to IBM Cloud Private - April 2018
Introduction to IBM Cloud Private - April 2018
Michael Elder
 
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Michael Elder
 
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom ComponentsComplete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Pyramid Solutions, Inc.
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authority
webhostingguy
 
IBM MQ Whats new - up to 9.3.4.pdf
IBM MQ Whats new - up to 9.3.4.pdfIBM MQ Whats new - up to 9.3.4.pdf
IBM MQ Whats new - up to 9.3.4.pdf
Robert Parker
 
IBM MQ Whats new - including 9.3 and 9.3.1
IBM MQ Whats new - including 9.3 and 9.3.1IBM MQ Whats new - including 9.3 and 9.3.1
IBM MQ Whats new - including 9.3 and 9.3.1
Robert Parker
 

Mais conteúdo relacionado

Semelhante a IBM MQ Token Authentication.pdf

Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Scott Simmons
 
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion
 
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Michael Elder
 
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom ComponentsComplete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Pyramid Solutions, Inc.
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authority
webhostingguy
 

Semelhante a IBM MQ Token Authentication.pdf (20)

IBM i and digital transformation
IBM i and digital transformationIBM i and digital transformation
IBM i and digital transformation
 
IBM UrbanCode Deploy and VMware Integrated OpenStack
IBM UrbanCode Deploy and VMware Integrated OpenStackIBM UrbanCode Deploy and VMware Integrated OpenStack
IBM UrbanCode Deploy and VMware Integrated OpenStack
 
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
 
WebSphere Liberty HTML5 Real-Time Features Lab
WebSphere Liberty HTML5 Real-Time Features LabWebSphere Liberty HTML5 Real-Time Features Lab
WebSphere Liberty HTML5 Real-Time Features Lab
 
Software Defined WebSphere Messaging Infrastructure with Puppet
Software Defined WebSphere Messaging Infrastructure with PuppetSoftware Defined WebSphere Messaging Infrastructure with Puppet
Software Defined WebSphere Messaging Infrastructure with Puppet
 
Developing Integrations for IBM Integration Bus on Cloud
Developing Integrations for IBM Integration Bus on CloudDeveloping Integrations for IBM Integration Bus on Cloud
Developing Integrations for IBM Integration Bus on Cloud
 
Codemotion Rome 2015 Bluemix Lab Tutorial
Codemotion Rome 2015 Bluemix Lab TutorialCodemotion Rome 2015 Bluemix Lab Tutorial
Codemotion Rome 2015 Bluemix Lab Tutorial
 
Exposing auto-generated Swagger 2.0 documents from Liberty!
Exposing auto-generated Swagger 2.0 documents from Liberty!Exposing auto-generated Swagger 2.0 documents from Liberty!
Exposing auto-generated Swagger 2.0 documents from Liberty!
 
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
 
IBM Message Hub: Cloud-Native Messaging
IBM Message Hub: Cloud-Native MessagingIBM Message Hub: Cloud-Native Messaging
IBM Message Hub: Cloud-Native Messaging
 
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
 
Simplifying IBM MQ Security in your MQ estate
Simplifying IBM MQ Security in your MQ estateSimplifying IBM MQ Security in your MQ estate
Simplifying IBM MQ Security in your MQ estate
 
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
 
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
 
OpenWhisk Introduction
OpenWhisk IntroductionOpenWhisk Introduction
OpenWhisk Introduction
 
Managing integration in a multi cluster world
Managing integration in a multi cluster worldManaging integration in a multi cluster world
Managing integration in a multi cluster world
 
Introduction to IBM Cloud Private - April 2018
Introduction to IBM Cloud Private - April 2018Introduction to IBM Cloud Private - April 2018
Introduction to IBM Cloud Private - April 2018
 
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
 
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom ComponentsComplete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authority
 

Mais de Robert Parker

Mais de Robert Parker (20)

IBM MQ Whats new - up to 9.3.4.pdf
IBM MQ Whats new - up to 9.3.4.pdfIBM MQ Whats new - up to 9.3.4.pdf
IBM MQ Whats new - up to 9.3.4.pdf
 
IBM MQ Whats new - including 9.3 and 9.3.1
IBM MQ Whats new - including 9.3 and 9.3.1IBM MQ Whats new - including 9.3 and 9.3.1
IBM MQ Whats new - including 9.3 and 9.3.1
 
Controlling access to your IBM MQ System
Controlling access to your IBM MQ SystemControlling access to your IBM MQ System
Controlling access to your IBM MQ System
 
531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system
 
M08 protecting your message data in IBM MQ with encryption
M08 protecting your message data in IBM MQ with encryptionM08 protecting your message data in IBM MQ with encryption
M08 protecting your message data in IBM MQ with encryption
 
MQ Guide France - IBM MQ and Containers
MQ Guide France - IBM MQ and ContainersMQ Guide France - IBM MQ and Containers
MQ Guide France - IBM MQ and Containers
 
MQ Guide France - What's new in ibm mq 9.1.4
MQ Guide France - What's new in ibm mq 9.1.4MQ Guide France - What's new in ibm mq 9.1.4
MQ Guide France - What's new in ibm mq 9.1.4
 
M14: MQ security deep dive ITC 2019
M14: MQ security deep dive ITC 2019M14: MQ security deep dive ITC 2019
M14: MQ security deep dive ITC 2019
 
M10: How to implement mq in a containerized architecture ITC 2019
M10: How to implement mq in a containerized architecture ITC 2019M10: How to implement mq in a containerized architecture ITC 2019
M10: How to implement mq in a containerized architecture ITC 2019
 
M11 - Securing your MQ environment. Integration technical conference 2019
M11 - Securing your MQ environment. Integration technical conference 2019M11 - Securing your MQ environment. Integration technical conference 2019
M11 - Securing your MQ environment. Integration technical conference 2019
 
Running IBM MQ in the Cloud
Running IBM MQ in the CloudRunning IBM MQ in the Cloud
Running IBM MQ in the Cloud
 
Running IBM MQ in Containers
Running IBM MQ in ContainersRunning IBM MQ in Containers
Running IBM MQ in Containers
 
Securing your IBM MQ environment.
Securing your IBM MQ environment.Securing your IBM MQ environment.
Securing your IBM MQ environment.
 
IBM MQ in Containers - Think 2018
IBM MQ in Containers - Think 2018IBM MQ in Containers - Think 2018
IBM MQ in Containers - Think 2018
 
IBM MQ Security Overview MQTC 2017
IBM MQ Security Overview MQTC 2017IBM MQ Security Overview MQTC 2017
IBM MQ Security Overview MQTC 2017
 
IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017
 
Planning for MQ in the cloud MQTC 2017
Planning for MQ in the cloud MQTC 2017Planning for MQ in the cloud MQTC 2017
Planning for MQ in the cloud MQTC 2017
 
IBM MQ security deep dive including AMS MQTC 2017
IBM MQ security deep dive including AMS MQTC 2017IBM MQ security deep dive including AMS MQTC 2017
IBM MQ security deep dive including AMS MQTC 2017
 
Deploying and managing IBM MQ in the Cloud
Deploying and managing IBM MQ in the CloudDeploying and managing IBM MQ in the Cloud
Deploying and managing IBM MQ in the Cloud
 
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
 

Último

Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
Natan Silnitsky
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 

Último (20)

WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
WSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration ToolingWSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration Tooling
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
WSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid EnvironmentsWSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid Environments
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
 
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in UgandaWSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in Uganda
 
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
 
WSO2Con2024 - Unleashing the Financial Potential of 13 Million People
WSO2Con2024 - Unleashing the Financial Potential of 13 Million PeopleWSO2Con2024 - Unleashing the Financial Potential of 13 Million People
WSO2Con2024 - Unleashing the Financial Potential of 13 Million People
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
Novo Nordisk: When Knowledge Graphs meet LLMs
Novo Nordisk: When Knowledge Graphs meet LLMsNovo Nordisk: When Knowledge Graphs meet LLMs
Novo Nordisk: When Knowledge Graphs meet LLMs
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
 
WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...
WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...
WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...
 
WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - Kanchana
 

IBM MQ Token Authentication.pdf

  • 1. TechCon 2022 IBM MQ Token Based Authentication Rob Parker Security Architect, MQ Distributed parrobe@uk.ibm.com © 2022 IBM Corporation IBM MQ | 30 Years of Innovation
  • 2. Important Disclaimers IBM’s statements regarding its plans, directions and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. © Copyright IBM Corporation 2023. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM and the IBM logo are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on ibm.com/trademark. 2 © 2023 IBM Corporation IBM MQ | 30 Years of Innovation
  • 3. IBM Automation / June, 2023 / © 2023 IBM Corporation 3 What is JWT? IBM MQ | 30 Years of Innovation
  • 4. IBM MQ 9.3.4 – Token-based authentication What is a token? • A token is a simple structure that contains information about a user and can easily be transferred between parties over the internet. • A JWT can be cryptographically signed to form a JWS. This allows for the cryptographic verification of the information inside the JWT. • Authentication tokens that are used with IBM MQ must • Be a valid JWT, as defined by internet standard RFC7519 • Be signed according to JSON Web Signature (JWS) internet standard RFC7515, with an algorithm that IBM MQ supports • Contain the required header parameters and payload claims. • The token can contain a “user claim” that specifies the user ID to be adopted. { "alg": "HS256", "typ": "JWT" } { "user": "user_id", "exp": 1716239022, "nbf": 1516239022 } HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret ) Header Payload Signature eyJhbGciOiJIUzI1NiIsInR5cCI6I kpXVCJ9.eyJzdWIiOiIxMjM0NT Y3ODkwIiwibmFtZSI6IkpvaG4 gRG9lIiwiZXhwIjoxNTE2MjM5 MDIyfQ.E9bQ6QAil4HpH825Q C5PtjNGEDQTtMpcj0SO2W8v mag © 2023 IBM Corporation IBM MQ | 30 Years of Innovation
  • 5. IBM MQ | 30 Years of Innovation https://jwt.io/ © 2023 IBM Corporation
  • 6. Full spec IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
  • 7. IBM Confidential Auth Server IBM MQ | 30 Years of Innovation © 2023 IBM Corporation Benefits
  • 8. IBM Confidential Auth Server IBM MQ | 30 Years of Innovation Centralized Authentication © 2023 IBM Corporation
  • 9. IBM Confidential Auth Server Credentials only go to authentication server Token © 2023 IBM Corporation
  • 10. IBM Confidential Auth Server IBM MQ | 30 Years of Innovation Authenticate how you choose Token © 2023 IBM Corporation
  • 11. IBM Confidential Auth Server Tokens contain information Token © 2023 IBM Corporation • User • Groups • Authorizations • Expiry • Who issed • etc IBM MQ | 30 Years of Innovation
  • 12. IBM Automation / June, 2023 / © 2023 IBM Corporation 12 How does JWT work in MQ? IBM MQ | 30 Years of Innovation
  • 13. IBM MQ 9.3.4 – Token-based authentication From IBM MQ 9.3.4, client applications can provide tokens to authenticate with a queue manager. The queue manager must be configured to accept authentication tokens. • Token-based authentication is supported by queue managers that run on AIX®, Linux®, and OpenShift® Container Platforms. • IBM MQ MQI clients written in C present tokens on connection and can be authenticated. • The client application can run on any platform. • Both IBM MQ MQI clients and Java clients can remain unchanged and use security exits to send authentication tokens to the queue manager. © 2023 IBM Corporation IBM MQ | 30 Years of Innovation
  • 14. Auth Server MQ Config Keystore Queue Manager IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
  • 15. Must be 12 characters or less Identity adoption IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
  • 16. MQCNO cno = {MQCNO_DEFAULT}; MQCSP csp = {MQCSP_DEFAULT}; Char * Token; ... cno.SecurityParmsPtr = &csp; cno.Version = MQCNO_VERSION_5; Token = myOAUthLogin(User,Pass); csp.Version = MQCSP_VERSION_3; csp.AuthenticationType = MQCSP_AUTH_ID_TOKEN; csp.TokenPtr = Token; csp.TokenLength = (MQLONG)strlen(Token); MQCONNX(QMName, &cno, &Hcon, &CompCode, &Creason); Application Changes • C Clients • Network bound © 2023 IBM Corporation
  • 17. Security exits Auth Server C client App SCYEXIT SCYEXIT IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
  • 18. Security exits Auth Server Java/JMS client App SCYEXIT IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
  • 19. Demo?
  • 20. © 2022 IBM Corporation
  • 21. Notices and disclaimers © 2023 International Business Machines Corporation. All rights reserved. This document is distributed “as is” without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. Not all offerings are available in every country in which IBM operates. Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at: www.ibm.com/legal/copytrade.shtml. Certain comments made in this presentation may be characterized as forward looking under the Private Securities Litigation Reform Act of 1995. Forward-looking statements are based on the company’s current assumptions regarding future business and financial performance. Those statements by their nature address matters that are uncertain to different degrees and involve a number of factors that could cause actual results to differ materially. Additional information concerning these factors is contained in the Company’s filings with the SEC. Copies are available from the SEC, from the IBM website, or from IBM Investor Relations. Any forward-looking statement made during this presentation speaks only as of the date on which it is made. The company assumes no obligation to update or revise any forward-looking statements except as required by law; these charts and the associated remarks and comments are integrally related and are intended to be presented and understood together. 21 © 2023 IBM Corporation