Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 13 Configuring User Authentication : User Authentication Overview

User Authentication Overview
This section provides a brief overview to authentication in TIBCO BusinessEvents and in add-on products that use authentication.
To set up authentication, you add and configure the appropriate properties in the project CDD.
To enable authentication for MM you must also set JMX properties in the be-engine.tra files.
Pluggable JAAS Login Module
User authentication is performed using a JAAS login module. Java Authentication and Authorization Service (JAAS) is a pluggable part of the Java security framework.
With advanced configuration (not documented), you can substitute a different implementation of the JAAS login module than the one provided, or you can add the provided login module to your existing JAAS login configuration file (thus providing multi-stage authentication).
Authentication Options
You can choose between the following options for user authentication.
File Based Authentication This method authenticates a user against user data stored in a file based repository. This method is not recommended for production purposes. In file-based authentication, you define a list of user names, passwords, and roles in a the file called (by default) users.pwd file. This file is commonly referred to as the password file.
LDAP Authentication This method authenticates users against a directory server using LDAP as a protocol. TIBCO BusinessEvents applications can leverage this information to authenticate users. The role information is configured through an LDAP attribute like the nsroledn attribute in Oracle Directory Server. The LDAP attribute differs in different directory server products. The details of configuring LDAP authentication are beyond the scope of this documentation. Consult your LDAP product documentation.
Authentication In Various Components
This section explains how authentication is used in components of various TIBCO BusinessEvents products.
TIBCO BusinessEvents Monitoring and Management
JMX MBeans authentication is available but not enabled by default. You enable it using a JMX property in the be-engine.tra file. See Configure JMX Properties in To-Be-Monitored Engine TRA Files for instructions.
File based authentication is enabled by default. LDAP authentication is also supported. To configure the MM authentication mechanism, you set the be.mm.auth.* properties in the MM.cdd file. SeeTo Enable Authentication and Select File or LDAP Authentication Type and Authentication Property Reference.
This component also uses two predefined authorization roles. See Configure User Authorization for Administrator and User Roles.
TIBCO BusinessEvents Decision Manager RMS Component
File-based authentication is enabled by default for the TIBCO BusinessEvents Decision Manager RMS component and LDAP authentication is supported.
This component also uses authorization. Authorization details are provided in Chapter 14, Configuring Access Control for a Project.
TIBCO BusinessEvents Views
Authentication is available but not enabled by default. The following TIBCO BusinessEvents Views example project is configured for authentication: BE_HOME/examples/views/TickerTracker.
This component does not use authorization.

Copyright © TIBCO Software Inc. All Rights Reserved