SlideShare a Scribd company logo

IBM MQ Token Authentication.pdf

R
Robert Parker

Presented at the IBM MQ User Group hosted in France. A short presentation on the new Token Based Authentication feature

Software
1 of 21
Download to read offline
TechCon 2022 IBM MQ Token Based Authentication Rob Parker Security Architect, MQ Distributed parrobe@uk.ibm.com © 2022 IBM Corporation IBM MQ | 30 Years of Innovation
Important Disclaimers IBM’s statements regarding its plans, directions and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. © Copyright IBM Corporation 2023. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM and the IBM logo are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on ibm.com/trademark. 2 © 2023 IBM Corporation IBM MQ | 30 Years of Innovation
IBM Automation / June, 2023 / © 2023 IBM Corporation 3 What is JWT? IBM MQ | 30 Years of Innovation
IBM MQ 9.3.4 – Token-based authentication What is a token? • A token is a simple structure that contains information about a user and can easily be transferred between parties over the internet. • A JWT can be cryptographically signed to form a JWS. This allows for the cryptographic verification of the information inside the JWT. • Authentication tokens that are used with IBM MQ must • Be a valid JWT, as defined by internet standard RFC7519 • Be signed according to JSON Web Signature (JWS) internet standard RFC7515, with an algorithm that IBM MQ supports • Contain the required header parameters and payload claims. • The token can contain a “user claim” that specifies the user ID to be adopted. { "alg": "HS256", "typ": "JWT" } { "user": "user_id", "exp": 1716239022, "nbf": 1516239022 } HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret ) Header Payload Signature eyJhbGciOiJIUzI1NiIsInR5cCI6I kpXVCJ9.eyJzdWIiOiIxMjM0NT Y3ODkwIiwibmFtZSI6IkpvaG4 gRG9lIiwiZXhwIjoxNTE2MjM5 MDIyfQ.E9bQ6QAil4HpH825Q C5PtjNGEDQTtMpcj0SO2W8v mag © 2023 IBM Corporation IBM MQ | 30 Years of Innovation
IBM MQ | 30 Years of Innovation https://jwt.io/ © 2023 IBM Corporation
Full spec IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
IBM Confidential Auth Server IBM MQ | 30 Years of Innovation © 2023 IBM Corporation Benefits
IBM Confidential Auth Server IBM MQ | 30 Years of Innovation Centralized Authentication © 2023 IBM Corporation
IBM Confidential Auth Server Credentials only go to authentication server Token © 2023 IBM Corporation
IBM Confidential Auth Server IBM MQ | 30 Years of Innovation Authenticate how you choose Token © 2023 IBM Corporation
IBM Confidential Auth Server Tokens contain information Token © 2023 IBM Corporation • User • Groups • Authorizations • Expiry • Who issed • etc IBM MQ | 30 Years of Innovation
IBM Automation / June, 2023 / © 2023 IBM Corporation 12 How does JWT work in MQ? IBM MQ | 30 Years of Innovation
IBM MQ 9.3.4 – Token-based authentication From IBM MQ 9.3.4, client applications can provide tokens to authenticate with a queue manager. The queue manager must be configured to accept authentication tokens. • Token-based authentication is supported by queue managers that run on AIX®, Linux®, and OpenShift® Container Platforms. • IBM MQ MQI clients written in C present tokens on connection and can be authenticated. • The client application can run on any platform. • Both IBM MQ MQI clients and Java clients can remain unchanged and use security exits to send authentication tokens to the queue manager. © 2023 IBM Corporation IBM MQ | 30 Years of Innovation
Auth Server MQ Config Keystore Queue Manager IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
Must be 12 characters or less Identity adoption IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
MQCNO cno = {MQCNO_DEFAULT}; MQCSP csp = {MQCSP_DEFAULT}; Char * Token; ... cno.SecurityParmsPtr = &csp; cno.Version = MQCNO_VERSION_5; Token = myOAUthLogin(User,Pass); csp.Version = MQCSP_VERSION_3; csp.AuthenticationType = MQCSP_AUTH_ID_TOKEN; csp.TokenPtr = Token; csp.TokenLength = (MQLONG)strlen(Token); MQCONNX(QMName, &cno, &Hcon, &CompCode, &Creason); Application Changes • C Clients • Network bound © 2023 IBM Corporation
Security exits Auth Server C client App SCYEXIT SCYEXIT IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
Security exits Auth Server Java/JMS client App SCYEXIT IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
Demo?
© 2022 IBM Corporation
Notices and disclaimers © 2023 International Business Machines Corporation. All rights reserved. This document is distributed “as is” without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. Not all offerings are available in every country in which IBM operates. Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at: www.ibm.com/legal/copytrade.shtml. Certain comments made in this presentation may be characterized as forward looking under the Private Securities Litigation Reform Act of 1995. Forward-looking statements are based on the company’s current assumptions regarding future business and financial performance. Those statements by their nature address matters that are uncertain to different degrees and involve a number of factors that could cause actual results to differ materially. Additional information concerning these factors is contained in the Company’s filings with the SEC. Copies are available from the SEC, from the IBM website, or from IBM Investor Relations. Any forward-looking statement made during this presentation speaks only as of the date on which it is made. The company assumes no obligation to update or revise any forward-looking statements except as required by law; these charts and the associated remarks and comments are integrally related and are intended to be presented and understood together. 21 © 2023 IBM Corporation

Recommended

SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOpsSHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOpsRob Convery
 
What's new in IBM MQ
What's new in IBM MQWhat's new in IBM MQ
What's new in IBM MQRobert Parker
 
2829 liberty
2829 liberty2829 liberty
2829 libertynick_garrod
 
IBM MQ on cloud and containers
IBM MQ on cloud and containersIBM MQ on cloud and containers
IBM MQ on cloud and containersRobert Parker
 
Enterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualEnterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualsflynn073
 
Enterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualEnterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualsflynn073
 
The Bluemix Quadruple Threat
The Bluemix Quadruple ThreatThe Bluemix Quadruple Threat
The Bluemix Quadruple ThreatRam Vennam
 
World of Watson HandsOnLab
World of Watson HandsOnLabWorld of Watson HandsOnLab
World of Watson HandsOnLabMarkus Van Kempen
 

Recommended

SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOpsSHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOpsRob Convery
 
What's new in IBM MQ
What's new in IBM MQWhat's new in IBM MQ
What's new in IBM MQRobert Parker
 
2829 liberty
2829 liberty2829 liberty
2829 libertynick_garrod
 
IBM MQ on cloud and containers
IBM MQ on cloud and containersIBM MQ on cloud and containers
IBM MQ on cloud and containersRobert Parker
 
Enterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualEnterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualsflynn073
 
Enterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualEnterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualsflynn073
 
The Bluemix Quadruple Threat
The Bluemix Quadruple ThreatThe Bluemix Quadruple Threat
The Bluemix Quadruple ThreatRam Vennam
 
World of Watson HandsOnLab
World of Watson HandsOnLabWorld of Watson HandsOnLab
World of Watson HandsOnLabMarkus Van Kempen
 
IBM i and digital transformation
IBM i and digital transformationIBM i and digital transformation
IBM i and digital transformationGerard Suren
 
IBM UrbanCode Deploy and VMware Integrated OpenStack
IBM UrbanCode Deploy and VMware Integrated OpenStackIBM UrbanCode Deploy and VMware Integrated OpenStack
IBM UrbanCode Deploy and VMware Integrated OpenStackBradDesAulniers2
 
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182Robert Nicholson
 
WebSphere Liberty HTML5 Real-Time Features Lab
WebSphere Liberty HTML5 Real-Time Features LabWebSphere Liberty HTML5 Real-Time Features Lab
WebSphere Liberty HTML5 Real-Time Features LabBrian Pulito
 
Software Defined WebSphere Messaging Infrastructure with Puppet
Software Defined WebSphere Messaging Infrastructure with PuppetSoftware Defined WebSphere Messaging Infrastructure with Puppet
Software Defined WebSphere Messaging Infrastructure with PuppetRahul Gupta
 
Developing Integrations for IBM Integration Bus on Cloud
Developing Integrations for IBM Integration Bus on CloudDeveloping Integrations for IBM Integration Bus on Cloud
Developing Integrations for IBM Integration Bus on CloudGeza Geleji
 
Codemotion Rome 2015 Bluemix Lab Tutorial
Codemotion Rome 2015 Bluemix Lab TutorialCodemotion Rome 2015 Bluemix Lab Tutorial
Codemotion Rome 2015 Bluemix Lab Tutorialgjuljo
 
Exposing auto-generated Swagger 2.0 documents from Liberty!
Exposing auto-generated Swagger 2.0 documents from Liberty!Exposing auto-generated Swagger 2.0 documents from Liberty!
Exposing auto-generated Swagger 2.0 documents from Liberty!Arthur De Magalhaes
 
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...nick_garrod
 
IBM Message Hub: Cloud-Native Messaging
IBM Message Hub: Cloud-Native MessagingIBM Message Hub: Cloud-Native Messaging
IBM Message Hub: Cloud-Native MessagingAndrew Schofield
 
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...Scott Simmons
 
Simplifying IBM MQ Security in your MQ estate
Simplifying IBM MQ Security in your MQ estateSimplifying IBM MQ Security in your MQ estate
Simplifying IBM MQ Security in your MQ estateRobert Parker
 
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion
 
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...Arthur De Magalhaes
 
OpenWhisk Introduction
OpenWhisk IntroductionOpenWhisk Introduction
OpenWhisk IntroductionIoana Baldini
 
Managing integration in a multi cluster world
Managing integration in a multi cluster worldManaging integration in a multi cluster world
Managing integration in a multi cluster worldShikha Srivastava
 
Introduction to IBM Cloud Private - April 2018
Introduction to IBM Cloud Private - April 2018Introduction to IBM Cloud Private - April 2018
Introduction to IBM Cloud Private - April 2018Michael Elder
 
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...Michael Elder
 
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom ComponentsComplete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom ComponentsPyramid Solutions, Inc.
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authoritywebhostingguy
 
IBM MQ Whats new - up to 9.3.4.pdf
IBM MQ Whats new - up to 9.3.4.pdfIBM MQ Whats new - up to 9.3.4.pdf
IBM MQ Whats new - up to 9.3.4.pdfRobert Parker
 
IBM MQ Whats new - including 9.3 and 9.3.1
IBM MQ Whats new - including 9.3 and 9.3.1IBM MQ Whats new - including 9.3 and 9.3.1
IBM MQ Whats new - including 9.3 and 9.3.1Robert Parker
 

More Related Content

Similar to IBM MQ Token Authentication.pdf

IBM i and digital transformation
IBM i and digital transformationIBM i and digital transformation
IBM i and digital transformationGerard Suren
 
IBM UrbanCode Deploy and VMware Integrated OpenStack
IBM UrbanCode Deploy and VMware Integrated OpenStackIBM UrbanCode Deploy and VMware Integrated OpenStack
IBM UrbanCode Deploy and VMware Integrated OpenStackBradDesAulniers2
 
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182Robert Nicholson
 
WebSphere Liberty HTML5 Real-Time Features Lab
WebSphere Liberty HTML5 Real-Time Features LabWebSphere Liberty HTML5 Real-Time Features Lab
WebSphere Liberty HTML5 Real-Time Features LabBrian Pulito
 
Software Defined WebSphere Messaging Infrastructure with Puppet
Software Defined WebSphere Messaging Infrastructure with PuppetSoftware Defined WebSphere Messaging Infrastructure with Puppet
Software Defined WebSphere Messaging Infrastructure with PuppetRahul Gupta
 
Developing Integrations for IBM Integration Bus on Cloud
Developing Integrations for IBM Integration Bus on CloudDeveloping Integrations for IBM Integration Bus on Cloud
Developing Integrations for IBM Integration Bus on CloudGeza Geleji
 
Codemotion Rome 2015 Bluemix Lab Tutorial
Codemotion Rome 2015 Bluemix Lab TutorialCodemotion Rome 2015 Bluemix Lab Tutorial
Codemotion Rome 2015 Bluemix Lab Tutorialgjuljo
 
Exposing auto-generated Swagger 2.0 documents from Liberty!
Exposing auto-generated Swagger 2.0 documents from Liberty!Exposing auto-generated Swagger 2.0 documents from Liberty!
Exposing auto-generated Swagger 2.0 documents from Liberty!Arthur De Magalhaes
 
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...nick_garrod
 
IBM Message Hub: Cloud-Native Messaging
IBM Message Hub: Cloud-Native MessagingIBM Message Hub: Cloud-Native Messaging
IBM Message Hub: Cloud-Native MessagingAndrew Schofield
 
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...Scott Simmons
 
Simplifying IBM MQ Security in your MQ estate
Simplifying IBM MQ Security in your MQ estateSimplifying IBM MQ Security in your MQ estate
Simplifying IBM MQ Security in your MQ estateRobert Parker
 
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion
 
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...Arthur De Magalhaes
 
OpenWhisk Introduction
OpenWhisk IntroductionOpenWhisk Introduction
OpenWhisk IntroductionIoana Baldini
 
Managing integration in a multi cluster world
Managing integration in a multi cluster worldManaging integration in a multi cluster world
Managing integration in a multi cluster worldShikha Srivastava
 
Introduction to IBM Cloud Private - April 2018
Introduction to IBM Cloud Private - April 2018Introduction to IBM Cloud Private - April 2018
Introduction to IBM Cloud Private - April 2018Michael Elder
 
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...Michael Elder
 
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom ComponentsComplete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom ComponentsPyramid Solutions, Inc.
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authoritywebhostingguy
 

Similar to IBM MQ Token Authentication.pdf (20)

IBM i and digital transformation
IBM i and digital transformationIBM i and digital transformation
IBM i and digital transformation
 
IBM UrbanCode Deploy and VMware Integrated OpenStack
IBM UrbanCode Deploy and VMware Integrated OpenStackIBM UrbanCode Deploy and VMware Integrated OpenStack
IBM UrbanCode Deploy and VMware Integrated OpenStack
 
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
MQ Light in IBM MQ: IBM Interconnect 2015 session AME4182
 
WebSphere Liberty HTML5 Real-Time Features Lab
WebSphere Liberty HTML5 Real-Time Features LabWebSphere Liberty HTML5 Real-Time Features Lab
WebSphere Liberty HTML5 Real-Time Features Lab
 
Software Defined WebSphere Messaging Infrastructure with Puppet
Software Defined WebSphere Messaging Infrastructure with PuppetSoftware Defined WebSphere Messaging Infrastructure with Puppet
Software Defined WebSphere Messaging Infrastructure with Puppet
 
Developing Integrations for IBM Integration Bus on Cloud
Developing Integrations for IBM Integration Bus on CloudDeveloping Integrations for IBM Integration Bus on Cloud
Developing Integrations for IBM Integration Bus on Cloud
 
Codemotion Rome 2015 Bluemix Lab Tutorial
Codemotion Rome 2015 Bluemix Lab TutorialCodemotion Rome 2015 Bluemix Lab Tutorial
Codemotion Rome 2015 Bluemix Lab Tutorial
 
Exposing auto-generated Swagger 2.0 documents from Liberty!
Exposing auto-generated Swagger 2.0 documents from Liberty!Exposing auto-generated Swagger 2.0 documents from Liberty!
Exposing auto-generated Swagger 2.0 documents from Liberty!
 
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
 
IBM Message Hub: Cloud-Native Messaging
IBM Message Hub: Cloud-Native MessagingIBM Message Hub: Cloud-Native Messaging
IBM Message Hub: Cloud-Native Messaging
 
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
Using bpm, mdm and odm to implement on boarding solutions for banking - sessi...
 
Simplifying IBM MQ Security in your MQ estate
Simplifying IBM MQ Security in your MQ estateSimplifying IBM MQ Security in your MQ estate
Simplifying IBM MQ Security in your MQ estate
 
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
 
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
Design, Auto-Generate and Expose RESTful Microservices Using Open Source and ...
 
OpenWhisk Introduction
OpenWhisk IntroductionOpenWhisk Introduction
OpenWhisk Introduction
 
Managing integration in a multi cluster world
Managing integration in a multi cluster worldManaging integration in a multi cluster world
Managing integration in a multi cluster world
 
Introduction to IBM Cloud Private - April 2018
Introduction to IBM Cloud Private - April 2018Introduction to IBM Cloud Private - April 2018
Introduction to IBM Cloud Private - April 2018
 
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
Creating Production-Ready, Secure and Scalable Applications in IBM Cloud Priv...
 
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom ComponentsComplete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authority
 

More from Robert Parker

IBM MQ Whats new - up to 9.3.4.pdf
IBM MQ Whats new - up to 9.3.4.pdfIBM MQ Whats new - up to 9.3.4.pdf
IBM MQ Whats new - up to 9.3.4.pdfRobert Parker
 
IBM MQ Whats new - including 9.3 and 9.3.1
IBM MQ Whats new - including 9.3 and 9.3.1IBM MQ Whats new - including 9.3 and 9.3.1
IBM MQ Whats new - including 9.3 and 9.3.1Robert Parker
 
Controlling access to your IBM MQ System
Controlling access to your IBM MQ SystemControlling access to your IBM MQ System
Controlling access to your IBM MQ SystemRobert Parker
 
531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ systemRobert Parker
 
M08 protecting your message data in IBM MQ with encryption
M08 protecting your message data in IBM MQ with encryptionM08 protecting your message data in IBM MQ with encryption
M08 protecting your message data in IBM MQ with encryptionRobert Parker
 
MQ Guide France - IBM MQ and Containers
MQ Guide France - IBM MQ and ContainersMQ Guide France - IBM MQ and Containers
MQ Guide France - IBM MQ and ContainersRobert Parker
 
MQ Guide France - What's new in ibm mq 9.1.4
MQ Guide France - What's new in ibm mq 9.1.4MQ Guide France - What's new in ibm mq 9.1.4
MQ Guide France - What's new in ibm mq 9.1.4Robert Parker
 
M14: MQ security deep dive ITC 2019
M14: MQ security deep dive ITC 2019M14: MQ security deep dive ITC 2019
M14: MQ security deep dive ITC 2019Robert Parker
 
M10: How to implement mq in a containerized architecture ITC 2019
M10: How to implement mq in a containerized architecture ITC 2019M10: How to implement mq in a containerized architecture ITC 2019
M10: How to implement mq in a containerized architecture ITC 2019Robert Parker
 
M11 - Securing your MQ environment. Integration technical conference 2019
M11 - Securing your MQ environment. Integration technical conference 2019M11 - Securing your MQ environment. Integration technical conference 2019
M11 - Securing your MQ environment. Integration technical conference 2019Robert Parker
 
Running IBM MQ in the Cloud
Running IBM MQ in the CloudRunning IBM MQ in the Cloud
Running IBM MQ in the CloudRobert Parker
 
Running IBM MQ in Containers
Running IBM MQ in ContainersRunning IBM MQ in Containers
Running IBM MQ in ContainersRobert Parker
 
Securing your IBM MQ environment.
Securing your IBM MQ environment.Securing your IBM MQ environment.
Securing your IBM MQ environment.Robert Parker
 
IBM MQ in Containers - Think 2018
IBM MQ in Containers - Think 2018IBM MQ in Containers - Think 2018
IBM MQ in Containers - Think 2018Robert Parker
 
IBM MQ Security Overview MQTC 2017
IBM MQ Security Overview MQTC 2017IBM MQ Security Overview MQTC 2017
IBM MQ Security Overview MQTC 2017Robert Parker
 
IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017Robert Parker
 
Planning for MQ in the cloud MQTC 2017
Planning for MQ in the cloud MQTC 2017Planning for MQ in the cloud MQTC 2017
Planning for MQ in the cloud MQTC 2017Robert Parker
 
IBM MQ security deep dive including AMS MQTC 2017
IBM MQ security deep dive including AMS MQTC 2017IBM MQ security deep dive including AMS MQTC 2017
IBM MQ security deep dive including AMS MQTC 2017Robert Parker
 
Deploying and managing IBM MQ in the Cloud
Deploying and managing IBM MQ in the CloudDeploying and managing IBM MQ in the Cloud
Deploying and managing IBM MQ in the CloudRobert Parker
 
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Robert Parker
 

More from Robert Parker (20)

IBM MQ Whats new - up to 9.3.4.pdf
IBM MQ Whats new - up to 9.3.4.pdfIBM MQ Whats new - up to 9.3.4.pdf
IBM MQ Whats new - up to 9.3.4.pdf
 
IBM MQ Whats new - including 9.3 and 9.3.1
IBM MQ Whats new - including 9.3 and 9.3.1IBM MQ Whats new - including 9.3 and 9.3.1
IBM MQ Whats new - including 9.3 and 9.3.1
 
Controlling access to your IBM MQ System
Controlling access to your IBM MQ SystemControlling access to your IBM MQ System
Controlling access to your IBM MQ System
 
531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system
 
M08 protecting your message data in IBM MQ with encryption
M08 protecting your message data in IBM MQ with encryptionM08 protecting your message data in IBM MQ with encryption
M08 protecting your message data in IBM MQ with encryption
 
MQ Guide France - IBM MQ and Containers
MQ Guide France - IBM MQ and ContainersMQ Guide France - IBM MQ and Containers
MQ Guide France - IBM MQ and Containers
 
MQ Guide France - What's new in ibm mq 9.1.4
MQ Guide France - What's new in ibm mq 9.1.4MQ Guide France - What's new in ibm mq 9.1.4
MQ Guide France - What's new in ibm mq 9.1.4
 
M14: MQ security deep dive ITC 2019
M14: MQ security deep dive ITC 2019M14: MQ security deep dive ITC 2019
M14: MQ security deep dive ITC 2019
 
M10: How to implement mq in a containerized architecture ITC 2019
M10: How to implement mq in a containerized architecture ITC 2019M10: How to implement mq in a containerized architecture ITC 2019
M10: How to implement mq in a containerized architecture ITC 2019
 
M11 - Securing your MQ environment. Integration technical conference 2019
M11 - Securing your MQ environment. Integration technical conference 2019M11 - Securing your MQ environment. Integration technical conference 2019
M11 - Securing your MQ environment. Integration technical conference 2019
 
Running IBM MQ in the Cloud
Running IBM MQ in the CloudRunning IBM MQ in the Cloud
Running IBM MQ in the Cloud
 
Running IBM MQ in Containers
Running IBM MQ in ContainersRunning IBM MQ in Containers
Running IBM MQ in Containers
 
Securing your IBM MQ environment.
Securing your IBM MQ environment.Securing your IBM MQ environment.
Securing your IBM MQ environment.
 
IBM MQ in Containers - Think 2018
IBM MQ in Containers - Think 2018IBM MQ in Containers - Think 2018
IBM MQ in Containers - Think 2018
 
IBM MQ Security Overview MQTC 2017
IBM MQ Security Overview MQTC 2017IBM MQ Security Overview MQTC 2017
IBM MQ Security Overview MQTC 2017
 
IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017
 
Planning for MQ in the cloud MQTC 2017
Planning for MQ in the cloud MQTC 2017Planning for MQ in the cloud MQTC 2017
Planning for MQ in the cloud MQTC 2017
 
IBM MQ security deep dive including AMS MQTC 2017
IBM MQ security deep dive including AMS MQTC 2017IBM MQ security deep dive including AMS MQTC 2017
IBM MQ security deep dive including AMS MQTC 2017
 
Deploying and managing IBM MQ in the Cloud
Deploying and managing IBM MQ in the CloudDeploying and managing IBM MQ in the Cloud
Deploying and managing IBM MQ in the Cloud
 
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
 

Recently uploaded

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 

Recently uploaded (20)

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 

IBM MQ Token Authentication.pdf

  • 1. TechCon 2022 IBM MQ Token Based Authentication Rob Parker Security Architect, MQ Distributed parrobe@uk.ibm.com © 2022 IBM Corporation IBM MQ | 30 Years of Innovation
  • 2. Important Disclaimers IBM’s statements regarding its plans, directions and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. © Copyright IBM Corporation 2023. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM and the IBM logo are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on ibm.com/trademark. 2 © 2023 IBM Corporation IBM MQ | 30 Years of Innovation
  • 3. IBM Automation / June, 2023 / © 2023 IBM Corporation 3 What is JWT? IBM MQ | 30 Years of Innovation
  • 4. IBM MQ 9.3.4 – Token-based authentication What is a token? • A token is a simple structure that contains information about a user and can easily be transferred between parties over the internet. • A JWT can be cryptographically signed to form a JWS. This allows for the cryptographic verification of the information inside the JWT. • Authentication tokens that are used with IBM MQ must • Be a valid JWT, as defined by internet standard RFC7519 • Be signed according to JSON Web Signature (JWS) internet standard RFC7515, with an algorithm that IBM MQ supports • Contain the required header parameters and payload claims. • The token can contain a “user claim” that specifies the user ID to be adopted. { "alg": "HS256", "typ": "JWT" } { "user": "user_id", "exp": 1716239022, "nbf": 1516239022 } HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret ) Header Payload Signature eyJhbGciOiJIUzI1NiIsInR5cCI6I kpXVCJ9.eyJzdWIiOiIxMjM0NT Y3ODkwIiwibmFtZSI6IkpvaG4 gRG9lIiwiZXhwIjoxNTE2MjM5 MDIyfQ.E9bQ6QAil4HpH825Q C5PtjNGEDQTtMpcj0SO2W8v mag © 2023 IBM Corporation IBM MQ | 30 Years of Innovation
  • 5. IBM MQ | 30 Years of Innovation https://jwt.io/ © 2023 IBM Corporation
  • 6. Full spec IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
  • 7. IBM Confidential Auth Server IBM MQ | 30 Years of Innovation © 2023 IBM Corporation Benefits
  • 8. IBM Confidential Auth Server IBM MQ | 30 Years of Innovation Centralized Authentication © 2023 IBM Corporation
  • 9. IBM Confidential Auth Server Credentials only go to authentication server Token © 2023 IBM Corporation
  • 10. IBM Confidential Auth Server IBM MQ | 30 Years of Innovation Authenticate how you choose Token © 2023 IBM Corporation
  • 11. IBM Confidential Auth Server Tokens contain information Token © 2023 IBM Corporation • User • Groups • Authorizations • Expiry • Who issed • etc IBM MQ | 30 Years of Innovation
  • 12. IBM Automation / June, 2023 / © 2023 IBM Corporation 12 How does JWT work in MQ? IBM MQ | 30 Years of Innovation
  • 13. IBM MQ 9.3.4 – Token-based authentication From IBM MQ 9.3.4, client applications can provide tokens to authenticate with a queue manager. The queue manager must be configured to accept authentication tokens. • Token-based authentication is supported by queue managers that run on AIX®, Linux®, and OpenShift® Container Platforms. • IBM MQ MQI clients written in C present tokens on connection and can be authenticated. • The client application can run on any platform. • Both IBM MQ MQI clients and Java clients can remain unchanged and use security exits to send authentication tokens to the queue manager. © 2023 IBM Corporation IBM MQ | 30 Years of Innovation
  • 14. Auth Server MQ Config Keystore Queue Manager IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
  • 15. Must be 12 characters or less Identity adoption IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
  • 16. MQCNO cno = {MQCNO_DEFAULT}; MQCSP csp = {MQCSP_DEFAULT}; Char * Token; ... cno.SecurityParmsPtr = &csp; cno.Version = MQCNO_VERSION_5; Token = myOAUthLogin(User,Pass); csp.Version = MQCSP_VERSION_3; csp.AuthenticationType = MQCSP_AUTH_ID_TOKEN; csp.TokenPtr = Token; csp.TokenLength = (MQLONG)strlen(Token); MQCONNX(QMName, &cno, &Hcon, &CompCode, &Creason); Application Changes • C Clients • Network bound © 2023 IBM Corporation
  • 17. Security exits Auth Server C client App SCYEXIT SCYEXIT IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
  • 18. Security exits Auth Server Java/JMS client App SCYEXIT IBM MQ | 30 Years of Innovation © 2023 IBM Corporation
  • 19. Demo?
  • 20. © 2022 IBM Corporation
  • 21. Notices and disclaimers © 2023 International Business Machines Corporation. All rights reserved. This document is distributed “as is” without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. Not all offerings are available in every country in which IBM operates. Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at: www.ibm.com/legal/copytrade.shtml. Certain comments made in this presentation may be characterized as forward looking under the Private Securities Litigation Reform Act of 1995. Forward-looking statements are based on the company’s current assumptions regarding future business and financial performance. Those statements by their nature address matters that are uncertain to different degrees and involve a number of factors that could cause actual results to differ materially. Additional information concerning these factors is contained in the Company’s filings with the SEC. Copies are available from the SEC, from the IBM website, or from IBM Investor Relations. Any forward-looking statement made during this presentation speaks only as of the date on which it is made. The company assumes no obligation to update or revise any forward-looking statements except as required by law; these charts and the associated remarks and comments are integrally related and are intended to be presented and understood together. 21 © 2023 IBM Corporation