MQ

MQ

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  IBM MQ Web Console SSO option

    Posted 6 days ago

    Does IBM MQ Web Console Explorer allows Single Sign On ( sso). Has anybody tried this?

    https://www.ibm.com/docs/en/ibm-mq/9.4.x?topic=dcqmumo-configuring-mq-console-basic-registry-using-mq-operator



    ------------------------------
    om prakash
    Architect
    NorthwesternMutual
    Milwaukee
    ------------------------------


  • 2.  RE: IBM MQ Web Console SSO option

    Posted yesterday

    Yes, we configured our IBM MQ Web Console with SSO against an IdP (dex) in the mqwebuser.xml like this:

        <server>
      <featureManager>
          <feature>openidConnectClient-1.0</feature>
      </featureManager>
      <variable name="httpHost" value="*" />
      <variable name="httpPort" value="9080" />
      <logging consoleLogLevel="INFO"/>
      <enterpriseApplication id="com.ibm.mq.console">
        <application-bnd>
          <security-role name="MQWebAdminRO">
             <group access-id="OurMqWebActiveDirectoryRoleName"/>
          </security-role>
        </application-bnd>
      </enterpriseApplication>
      <openidConnectClient id="mqwebClient"
        clientId="mq-web"
        clientSecret="ourMqWebSecret"
        authorizationEndpointUrl="https://dex.our.domain/dex/auth"
        tokenEndpointUrl="http://dex.our.domain:5556/dex/token"
        issuerIdentifier="https://dex.our.domain/dex"
        jwkEndpointUrl="http://dex.our.domain:5556/dex/keys"
        userInfoEndpointUrl="http://dex.our.domain:5556/dex/userinfo"
        signatureAlgorithm="RS256"
        groupIdentifier="groups"
        scope="openid profile email groups"
        httpsRequired="false">
      </openidConnectClient>
    </server>


    ------------------------------
    Daniel Steinmann
    ------------------------------

    Original Message


  • 3.  RE: IBM MQ Web Console SSO option

    Posted yesterday
    Edited by om prakash yesterday

    Thanks @Daniel Steinmann 

    I also found a blog - https://community.ibm.com/community/user/blogs/robert-parker1/2022/08/24/authenticating-to-the-ibm-mq-console-with-the-open

    Openliberty remove preview
    Open Liberty Docs
    Open Liberty documentation and reference materials for developers to build applications and for administrators and operation teams to manage DevOps and deploy workloads to clouds by using open cloud-native Java. This content covers Open Liberty basics, development, security, deployment, and operations topics.
    View this on Openliberty >

     



    ------------------------------
    om prakash
    Architect
    NorthwesternMutual
    Milwaukee
    ------------------------------

    Original Message


  • 4.  RE: IBM MQ Web Console SSO option

    Posted 19 hours ago

    Yes, this excellent blog series (part 1 and 2) was also our inspiration.



    ------------------------------
    Daniel Steinmann
    ------------------------------

    Original Message


  • 5.  RE: IBM MQ Web Console SSO option

    Posted 17 hours ago
    Edited by Suresh U 17 hours ago

    does this works with OKTA as well ?



    ------------------------------
    Suresh U
    ------------------------------

    Original Message


  • 6.  RE: IBM MQ Web Console SSO option

    Posted 16 hours ago

    I have not tried against Okta, but I am pretty sure that Okta implements OpenIDConnect correctly as well.



    ------------------------------
    Daniel Steinmann
    ------------------------------

    Original Message


Related Content