Hi Peter,
I believe the TLS/SSL handshake/validation is done in step 1.
For the MQAUSX (security exit), the flow when there is a client-side security exit is:
- MQXR_INIT (step 5)
- MQXR_INIT_SEC (step 5)
- MQXR_SEC_MSG (step 5)
- MQXR_SEC_PARMS (step 9)
- MQXR_TERM
Note: When a client-side security exit is used to exchange credentials (encrypted), the MQXR_SEC_PARMS invocation is ignored by MQAUSX server-side security exit. Authentication is done by the server-side security exit during the MQXR_SEC_MSG invocation.
For the MQAUSX (server-side security exit), the flow when there is a NOT client-side security exit is:
- MQXR_INIT (step 5)
- MQXR_INIT_SEC (step 5)
- MQXR_SEC_PARMS (step 9)
- MQXR_TERM
Note: When a client-side security exit is NOT used, then the authentication is done by the MQAUSX server-side security exit during the MQXR_SEC_PARMS invocation.
Hence, if user credentials authentication fails then MQAUSX will shut down the channel during step 5 (client-side security exit is used) or step 9 (no client-side security exit).
Hope that helps.
later
Roger
------------------------------
Roger Lacroix
CTO
Capitalware Inc.
London ON
226-980-7307
------------------------------
Original Message:
Sent: Tue October 19, 2021 10:29 AM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute
Thanks again Morag.
If a SVRCONN channel has both TLS and a Security Exit, and the client app has both things misconfigured, which one will the queue manager fail on first - the TLS related problem or the Security Exit related problem? I know I could test this thru trial and error but I was hoping to find doc on the order for this.
------------------------------
Peter Potkay
Original Message:
Sent: Mon October 18, 2021 09:54 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute
Turns out that they have also incorporated this into Knowledge Centre / IBM Docs.
See https://www.ibm.com/docs/en/ibm-mq/9.2?topic=records-interaction-chlauth-connauth
Cheers,
Morag
------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
Original Message:
Sent: Mon October 18, 2021 07:09 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute
Thanks Morag! That's the article I was thinking of.
------------------------------
Peter Potkay
Original Message:
Sent: Mon October 18, 2021 06:22 PM
From: Morag Hughson
Subject: What order do Exists, CHLAUTH and TLS execute
Hi Peter,
Try this: https://community.ibm.com/community/user/communities/community-home/librarydocuments/viewdocument?DocumentKey=faaed31d-0c64-4c91-ae74-d187545546f2
Cheers,
Morag
------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
Original Message:
Sent: Mon October 18, 2021 01:12 PM
From: Peter Potkay
Subject: What order do Exists, CHLAUTH and TLS execute
I remember an IBM presentation that showed a flow chart explaining what order CHLAUTH rules, Exits and TLS executed. Does anyone have a link to that?
------------------------------
Peter Potkay
------------------------------