MQ

MQ

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  IBM MQ Web Console SSO option

    Posted Fri October 17, 2025 01:19 PM

    Does IBM MQ Web Console Explorer allows Single Sign On ( sso). Has anybody tried this?

    https://www.ibm.com/docs/en/ibm-mq/9.4.x?topic=dcqmumo-configuring-mq-console-basic-registry-using-mq-operator



    ------------------------------
    om prakash
    Architect
    NorthwesternMutual
    Milwaukee
    ------------------------------


  • 2.  RE: IBM MQ Web Console SSO option

    Posted Wed October 22, 2025 08:30 AM

    Yes, we configured our IBM MQ Web Console with SSO against an IdP (dex) in the mqwebuser.xml like this:

        <server>
      <featureManager>
          <feature>openidConnectClient-1.0</feature>
      </featureManager>
      <variable name="httpHost" value="*" />
      <variable name="httpPort" value="9080" />
      <logging consoleLogLevel="INFO"/>
      <enterpriseApplication id="com.ibm.mq.console">
        <application-bnd>
          <security-role name="MQWebAdminRO">
             <group access-id="OurMqWebActiveDirectoryRoleName"/>
          </security-role>
        </application-bnd>
      </enterpriseApplication>
      <openidConnectClient id="mqwebClient"
        clientId="mq-web"
        clientSecret="ourMqWebSecret"
        authorizationEndpointUrl="https://dex.our.domain/dex/auth"
        tokenEndpointUrl="http://dex.our.domain:5556/dex/token"
        issuerIdentifier="https://dex.our.domain/dex"
        jwkEndpointUrl="http://dex.our.domain:5556/dex/keys"
        userInfoEndpointUrl="http://dex.our.domain:5556/dex/userinfo"
        signatureAlgorithm="RS256"
        groupIdentifier="groups"
        scope="openid profile email groups"
        httpsRequired="false">
      </openidConnectClient>
    </server>


    ------------------------------
    Daniel Steinmann
    ------------------------------

    Original Message


  • 3.  RE: IBM MQ Web Console SSO option

    Posted Wed October 22, 2025 11:53 AM
    Edited by om prakash Wed October 22, 2025 04:05 PM

    Thanks @Daniel Steinmann 

    I also found a blog - https://community.ibm.com/community/user/blogs/robert-parker1/2022/08/24/authenticating-to-the-ibm-mq-console-with-the-open

    Openliberty remove preview
    Open Liberty Docs
    Open Liberty documentation and reference materials for developers to build applications and for administrators and operation teams to manage DevOps and deploy workloads to clouds by using open cloud-native Java. This content covers Open Liberty basics, development, security, deployment, and operations topics.
    View this on Openliberty >

     



    ------------------------------
    om prakash
    Architect
    NorthwesternMutual
    Milwaukee
    ------------------------------

    Original Message


  • 4.  RE: IBM MQ Web Console SSO option

    Posted Thu October 23, 2025 03:50 AM

    Yes, this excellent blog series (part 1 and 2) was also our inspiration.



    ------------------------------
    Daniel Steinmann
    ------------------------------

    Original Message


  • 5.  RE: IBM MQ Web Console SSO option

    Posted Thu October 23, 2025 06:09 AM
    Edited by Suresh U Thu October 23, 2025 06:09 AM

    does this works with OKTA as well ?



    ------------------------------
    Suresh U
    ------------------------------

    Original Message


  • 6.  RE: IBM MQ Web Console SSO option

    Posted Thu October 23, 2025 06:34 AM

    I have not tried against Okta, but I am pretty sure that Okta implements OpenIDConnect correctly as well.



    ------------------------------
    Daniel Steinmann
    ------------------------------

    Original Message


Related Content