MQ

I remember an IBM presentation that showed a flow chart explaining what order CHLAUTH rules, Exits and TLS executed. Does anyone have a link to that?

------------------------------
Peter Potkay
------------------------------

Hi Peter,

Try this: https://community.ibm.com/community/user/communities/community-home/librarydocuments/viewdocument?DocumentKey=faaed31d-0c64-4c91-ae74-d187545546f2

Cheers,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
------------------------------

Original Message:
Sent: Mon October 18, 2021 01:12 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

I remember an IBM presentation that showed a flow chart explaining what order CHLAUTH rules, Exits and TLS executed. Does anyone have a link to that?

------------------------------
Peter Potkay
------------------------------

Thanks Morag!  That's the article I was thinking of.

------------------------------
Peter Potkay
------------------------------

Original Message:
Sent: Mon October 18, 2021 06:22 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute

Hi Peter,

Try this: https://community.ibm.com/community/user/communities/community-home/librarydocuments/viewdocument?DocumentKey=faaed31d-0c64-4c91-ae74-d187545546f2

Cheers,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com

Original Message:
Sent: Mon October 18, 2021 01:12 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

I remember an IBM presentation that showed a flow chart explaining what order CHLAUTH rules, Exits and TLS executed. Does anyone have a link to that?

------------------------------
Peter Potkay
------------------------------

Turns out that they have also incorporated this into Knowledge Centre / IBM Docs.

See https://www.ibm.com/docs/en/ibm-mq/9.2?topic=records-interaction-chlauth-connauth

Cheers,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
------------------------------

Original Message:
Sent: Mon October 18, 2021 07:09 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

Thanks Morag!  That's the article I was thinking of.

------------------------------
Peter Potkay

Original Message:
Sent: Mon October 18, 2021 06:22 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute

Hi Peter,

Try this: https://community.ibm.com/community/user/communities/community-home/librarydocuments/viewdocument?DocumentKey=faaed31d-0c64-4c91-ae74-d187545546f2

Cheers,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com

Original Message:
Sent: Mon October 18, 2021 01:12 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

I remember an IBM presentation that showed a flow chart explaining what order CHLAUTH rules, Exits and TLS executed. Does anyone have a link to that?

------------------------------
Peter Potkay
------------------------------

Thanks again Morag.

If a SVRCONN channel has both TLS and a Security Exit, and the client app has both things misconfigured, which one will the queue manager fail on first - the TLS related problem or the Security Exit related problem?  I know I could test this thru trial and error but I was hoping to find doc on the order for this.

------------------------------
Peter Potkay
------------------------------

Original Message:
Sent: Mon October 18, 2021 09:54 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute

Turns out that they have also incorporated this into Knowledge Centre / IBM Docs.

See https://www.ibm.com/docs/en/ibm-mq/9.2?topic=records-interaction-chlauth-connauth

Cheers,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com

Original Message:
Sent: Mon October 18, 2021 07:09 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

Thanks Morag!  That's the article I was thinking of.

------------------------------
Peter Potkay

Original Message:
Sent: Mon October 18, 2021 06:22 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute

Hi Peter,

Try this: https://community.ibm.com/community/user/communities/community-home/librarydocuments/viewdocument?DocumentKey=faaed31d-0c64-4c91-ae74-d187545546f2

Cheers,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com

Original Message:
Sent: Mon October 18, 2021 01:12 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

I remember an IBM presentation that showed a flow chart explaining what order CHLAUTH rules, Exits and TLS executed. Does anyone have a link to that?

------------------------------
Peter Potkay
------------------------------

Hi Peter,

I believe the TLS/SSL handshake/validation is done in step 1.

For the MQAUSX (security exit), the flow when there is a client-side security exit is:

• MQXR_INIT                 (step 5)
• MQXR_INIT_SEC        (step 5)
• MQXR_SEC_MSG      (step 5)
• MQXR_SEC_PARMS  (step 9)
• MQXR_TERM

Note: When a client-side security exit is used to exchange credentials (encrypted), the MQXR_SEC_PARMS invocation is ignored by MQAUSX server-side security exit.  Authentication is done by the server-side security exit during the MQXR_SEC_MSG invocation.

For the MQAUSX (server-side security exit), the flow when there is a NOT client-side security exit is:

• MQXR_INIT                 (step 5)
• MQXR_INIT_SEC        (step 5)
• MQXR_SEC_PARMS  (step 9)
• MQXR_TERM

Note: When a client-side security exit is NOT used, then the authentication is done by the MQAUSX server-side security exit during the MQXR_SEC_PARMS invocation.

Hence, if user credentials authentication fails then MQAUSX will shut down the channel during step 5 (client-side security exit is used) or step 9 (no client-side security exit).

Hope that helps.

later
Roger

------------------------------
Roger Lacroix
CTO
Capitalware Inc.
London ON
226-980-7307
------------------------------

Original Message:
Sent: Tue October 19, 2021 10:29 AM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

Thanks again Morag.

If a SVRCONN channel has both TLS and a Security Exit, and the client app has both things misconfigured, which one will the queue manager fail on first - the TLS related problem or the Security Exit related problem?  I know I could test this thru trial and error but I was hoping to find doc on the order for this.

------------------------------
Peter Potkay

Original Message:
Sent: Mon October 18, 2021 09:54 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute

Turns out that they have also incorporated this into Knowledge Centre / IBM Docs.

See https://www.ibm.com/docs/en/ibm-mq/9.2?topic=records-interaction-chlauth-connauth

Cheers,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com

Original Message:
Sent: Mon October 18, 2021 07:09 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

Thanks Morag!  That's the article I was thinking of.

------------------------------
Peter Potkay

Original Message:
Sent: Mon October 18, 2021 06:22 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute

Hi Peter,

Try this: https://community.ibm.com/community/user/communities/community-home/librarydocuments/viewdocument?DocumentKey=faaed31d-0c64-4c91-ae74-d187545546f2

Cheers,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com

Original Message:
Sent: Mon October 18, 2021 01:12 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

I remember an IBM presentation that showed a flow chart explaining what order CHLAUTH rules, Exits and TLS executed. Does anyone have a link to that?

------------------------------
Peter Potkay
------------------------------

TLS Handshake takes place before we even know if this is a Channel connection. Evidenced by the fact that you can point an https browser at you MQ listener and complete a TLS handshake before it complains that it isn't a Channel.

Chere's,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
------------------------------

Original Message:
Sent: Tue October 19, 2021 10:29 AM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

Thanks again Morag.

If a SVRCONN channel has both TLS and a Security Exit, and the client app has both things misconfigured, which one will the queue manager fail on first - the TLS related problem or the Security Exit related problem?  I know I could test this thru trial and error but I was hoping to find doc on the order for this.

------------------------------
Peter Potkay

Original Message:
Sent: Mon October 18, 2021 09:54 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute

Turns out that they have also incorporated this into Knowledge Centre / IBM Docs.

See https://www.ibm.com/docs/en/ibm-mq/9.2?topic=records-interaction-chlauth-connauth

Cheers,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com

Original Message:
Sent: Mon October 18, 2021 07:09 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

Thanks Morag!  That's the article I was thinking of.

------------------------------
Peter Potkay

Original Message:
Sent: Mon October 18, 2021 06:22 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute

Hi Peter,

Try this: https://community.ibm.com/community/user/communities/community-home/librarydocuments/viewdocument?DocumentKey=faaed31d-0c64-4c91-ae74-d187545546f2

Cheers,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com

Original Message:
Sent: Mon October 18, 2021 01:12 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

I remember an IBM presentation that showed a flow chart explaining what order CHLAUTH rules, Exits and TLS executed. Does anyone have a link to that?

------------------------------
Peter Potkay
------------------------------

Thank you Roger and Morag.

------------------------------
Peter Potkay
------------------------------

Original Message:
Sent: Tue October 19, 2021 04:49 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute

TLS Handshake takes place before we even know if this is a Channel connection. Evidenced by the fact that you can point an https browser at you MQ listener and complete a TLS handshake before it complains that it isn't a Channel.

Chere's,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com

Original Message:
Sent: Tue October 19, 2021 10:29 AM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

Thanks again Morag.

If a SVRCONN channel has both TLS and a Security Exit, and the client app has both things misconfigured, which one will the queue manager fail on first - the TLS related problem or the Security Exit related problem?  I know I could test this thru trial and error but I was hoping to find doc on the order for this.

------------------------------
Peter Potkay

Original Message:
Sent: Mon October 18, 2021 09:54 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute

Turns out that they have also incorporated this into Knowledge Centre / IBM Docs.

See https://www.ibm.com/docs/en/ibm-mq/9.2?topic=records-interaction-chlauth-connauth

Cheers,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com

Original Message:
Sent: Mon October 18, 2021 07:09 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

Thanks Morag!  That's the article I was thinking of.

------------------------------
Peter Potkay

Original Message:
Sent: Mon October 18, 2021 06:22 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute

Hi Peter,

Try this: https://community.ibm.com/community/user/communities/community-home/librarydocuments/viewdocument?DocumentKey=faaed31d-0c64-4c91-ae74-d187545546f2

Cheers,
Morag

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com

Original Message:
Sent: Mon October 18, 2021 01:12 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute

I remember an IBM presentation that showed a flow chart explaining what order CHLAUTH rules, Exits and TLS executed. Does anyone have a link to that?

------------------------------
Peter Potkay
------------------------------