Using JAAS Login for Authentication

ActiveMatrix BusinessWorks uses persistent object framework (POF) API to authenticate with TIBCO Administrator in the standalone mode. Alternatively, you can authenticate ActiveMatrix BusinessWorks using JAAS login using the following procedure.

To Authenticate With JAAS Login

Procedure 

  1. Run the TIBCO Domain Utility to create an administration domain and enable HTTPS.

  2. Create a text file named jaas.config and copy the following contents in it.

    AuthenticationService {
    com.tibco.atlas.auth.jaas.AuthenticationServiceLoginModule required
    soap_username="a"
    soap_password="#!1Go16wN7zB+OWxx+eTlB/w=="
    authority="localhost:5443"
    scheme="https";
    };
  3. Edit the bwengine.xml file and recreate the EAR file before deploying the project.

    Where soap_username is the super username of the admin server and soap_ password is the obfuscated password of the above user.

    You can obtain the username and password information from the AdministrationDomain.properties file located in $TIBCO_Home\tra\domain\<domainName>. The username and password information is provided as a name-value pair with names ’UserID’ and ’Credential’ respectively. If you find any \ in the password, you need to remove them as they are escape characters.

  4. authority="localhost:5443" specifies admin servers host and https port.

    Note: You can create the jaas.config file in any folder. However, you need to specify the path of the jaas.config file while setting the Java property com.tibco.bw.security.login.jaas in bwengine.xml.
  5. Add the following Java property in bwengine.xml:
  6. java.property.java.security.auth.login.config=<path>\jaas.conf

    where <path> specifies the path for the jaas.config file.

    • To use non-default location for keystores (that is, the location other than what JRE uses by default, jsr\1.5.0\lib\security\cacerts), add the following properties and set them with appropriate values.

      For example, you can use the keystore from admin as follows:

      java.property.javax.net.ssl.keyStore=C:\Tibco\administrator\domain\<domainName>\SSL\keystore

      java.property.javax.net.ssl.keyStorePassword=password

      java.property.javax.net.ssl.trustStore=C:\Tibco\administrator\domain\<domainName>\SSL\keystore

      java.property.javax.net.ssl.trustStorePassword=password

      where ’password’ specifies the default admin keystore password.

    • To use the\ default keystore, you need to export the certificates from Admin Server's keystore using keytool and import them in to jre's keystore.

  7. Enable the JAAS authentication by adding the following property in the bwengine.xml file:

  8. java.property.com.tibco.bw.security.login.jaas=true

Following are the JAAS login properties that can be set in bwengine.xml. You can refer to these properties while configuring JAAS login:

	<property>
<name>JAAS config</name>
<option>java.property.java.security.auth.login.config</option>
<default>C:\tibco\jaas\jaas.config</default>
<description>Used for setting the jaas configuration file</description>
</property>
<property>
<name>Admin Keystore</name>
<option>java.property.javax.net.ssl.keyStore</option>
<default></default>
<description>Sets the Admin Keystore</description>
</property>
<property>
<name>Keystore Password</name>
<option>java.property.javax.net.ssl.keyStorePassword</option>
<default>none</default>
<description>Sets the keystore password</description>
</property>
<property>
<name>admin truststore</name>
<option>java.property.javax.net.ssl.trustStore</option>
<default>none</default>
<description>Sets the admin truststore</description>
</property>
<property>
<name>truststore password</name>
<option>java.property.javax.net.ssl.trustStorePassword</option>
<default>none</default>
<description>sets the truststore password</description>
</property>
<property>
<name>JAAS Login</name> <option>java.property.com.tibco.bw.security.login.jaas</option>
<default>true</default>
<description>sets the JAAS to true or false</description>
</property>