This section provides a brief overview to authentication in TIBCO BusinessEvents and in add-on products that use authentication.To enable authentication for MM you must also set JMX properties in the be-engine.tra files.User authentication is performed using a JAAS login module. Java Authentication and Authorization Service (JAAS) is a pluggable part of the Java security framework.With advanced configuration (not documented), you can substitute a different implementation of the JAAS login module than the one provided, or you can add the provided login module to your existing JAAS login configuration file (thus providing multi-stage authentication).
For the TIBCO BusinessEvents Monitoring and Management component, the provided JAAS login module is required.File Based Authentication This method authenticates a user against user data stored in a file based repository. This method is not recommended for production purposes. In file-based authentication, you define a list of user names, passwords, and roles in a the file called (by default) users.pwd file. This file is commonly referred to as the password file.LDAP Authentication This method authenticates users against a directory server using LDAP as a protocol. TIBCO BusinessEvents applications can leverage this information to authenticate users. The role information is configured through an LDAP attribute like the nsroledn attribute in Oracle Directory Server. The LDAP attribute differs in different directory server products. The details of configuring LDAP authentication are beyond the scope of this documentation. Consult your LDAP product documentation.This section explains how authentication is used in components of various TIBCO BusinessEvents products.JMX MBeans authentication is available but not enabled by default. You enable it using a JMX property in the be-engine.tra file. See Configure JMX Properties in To-Be-Monitored Engine TRA Files for instructions.File based authentication is enabled by default. LDAP authentication is also supported. To configure the MM authentication mechanism, you set the be.mm.auth.* properties in the MM.cdd file. SeeTo Enable Authentication and Select File or LDAP Authentication Type and Authentication Property Reference.This component also uses two predefined authorization roles. See Configure User Authorization for Administrator and User Roles.File-based authentication is enabled by default for the TIBCO BusinessEvents Decision Manager RMS component and LDAP authentication is supported.This component also uses authorization. Authorization details are provided in Chapter 14, Configuring Access Control for a Project.Authentication is available but not enabled by default. The following TIBCO BusinessEvents Views example project is configured for authentication: BE_HOME/examples/views/TickerTracker.
Copyright © TIBCO Software Inc. All Rights Reserved.