We plan to use MQ Messaging REST API authenticating using Client Auth Cert. Not userid/password.
Client -> MQ WebServer -> Queue Manager -> Queue ( PUT and GET).
The client presents a client auth cert; which the webserver has to accept. Example: Cert CN is CN:myid.mq.example.com
This CN name is not a valid AD/Unix group.
The webserver should accept the Client auth cert and authenticate; and then using Channel rules; convert the CN value to a valid AD/Unix group which will allow MQ queue manager to authenticate and allow the GET and PUT.
Which Channel will the MQ Web use and then which is the next channel MQ Web using to communicate with Queue manager.
Has anybody implemented this pattern?
Any other solution/idea?
------------------------------
om prakash
------------------------------