Using JAAS Login for Authentication
ActiveMatrix BusinessWorks uses persistent object framework (POF) API to authenticate with TIBCO Administrator in the standalone mode. Alternatively, you can authenticate ActiveMatrix BusinessWorks using JAAS login using the following procedure.
To Authenticate With JAAS Login
Procedure
-
Run the TIBCO Domain Utility to create an administration domain and enable HTTPS.
-
Create a text file named
jaas.config
and copy the following contents in it.AuthenticationService {
com.tibco.atlas.auth.jaas.AuthenticationServiceLoginModule required
soap_username="a
"
soap_password="#!1Go16wN7zB+OWxx+eTlB/w==
"
authority="localhost:5443
"
scheme="https";
}; -
Edit the
bwengine.xml
file and recreate the EAR file before deploying the project.Where
soap_username
is the super username of the admin server andsoap_ password
is the obfuscated password of the above user.You can obtain the username and password information from the
AdministrationDomain.properties
file located in $TIBCO_Home\tra\domain\<
domainName
>.
The username and password information is provided as a name-value pair with names ’UserID’ and ’Credential’ respectively. If you find any \ in the password, you need to remove them as they are escape characters. - Add the following Java property in
bwengine.xml
: -
To use non-default location for keystores (that is, the location other than what JRE uses by default,
jsr\1.5.0\lib\security\cacerts
), add the following properties and set them with appropriate values.For example, you can use the keystore from admin as follows:
java.property.javax.net.ssl.keyStore=
C:\Tibco\administrator\domain\<domainName>\SSL\keystore
java.property.javax.net.ssl.keyStorePassword=password
java.property.javax.net.ssl.trustStore=
C:\Tibco\administrator\domain\<domainName>\SSL\keystore
java.property.javax.net.ssl.trustStorePassword=password
where
’password’
specifies the default admin keystore password. -
To use the\ default keystore, you need to export the certificates from Admin Server's keystore using keytool and import them in to jre's keystore.
-
Enable the JAAS authentication by adding the following property in the
bwengine.xml
file:
authority="localhost:5443"
specifies admin servers host and https port.
jaas.config
file in any folder. However, you need to specify the path of the jaas.config
file while setting the Java property com.tibco.bw.security.login.jaas
in bwengine.xml
.java.property.java.security.auth.login.config=<
path
>\jaas.conf
where <path
> specifies the path for the jaas.config
file.
java.property.com.tibco.bw.security.login.jaas=true
Following are the JAAS login properties that can be set in bwengine.xml.
You can refer to these properties while configuring JAAS login:
<property>
<name>JAAS config</name>
<option>java.property.java.security.auth.login.config</option>
<default>C:\tibco\jaas\jaas.config</default>
<description>Used for setting the jaas configuration file</description>
</property>
<property>
<name>Admin Keystore</name>
<option>java.property.javax.net.ssl.keyStore</option>
<default></default>
<description>Sets the Admin Keystore</description>
</property>
<property>
<name>Keystore Password</name>
<option>java.property.javax.net.ssl.keyStorePassword</option>
<default>none</default>
<description>Sets the keystore password</description>
</property>
<property>
<name>admin truststore</name>
<option>java.property.javax.net.ssl.trustStore</option>
<default>none</default>
<description>Sets the admin truststore</description>
</property>
<property>
<name>truststore password</name>
<option>java.property.javax.net.ssl.trustStorePassword</option>
<default>none</default>
<description>sets the truststore password</description>
</property>
<property>
<name>JAAS Login</name> <option>java.property.com.tibco.bw.security.login.jaas</option>
<default>true</default>
<description>sets the JAAS to true or false</description>
</property>