Enabling Authentication Using JAAS Modules

The JAAS modules are designed to be simple to use.

A default EMS server configuration file, tibemsd-jaas.conf, is located with the other sample configuration files in the EMS_HOME/samples/config directory.

This file provides a default JAAS configuration that includes the security-related parameters required to use any of the TIBCO EMS JAAS modules. However, some additional steps are required to complete the configuration.

Procedure

  1. Configure the JAAS Module

    Create a JAAS module configuration file with parameter values appropriate to your environment.

    If you are using one of the provided default modules, locate the configuration file for the desired module in the EMS_HOME/samples/config/jaas directory, and configure the module parameters for your environment. It is a good practice to copy this file along side your other EMS configuration files.

    The prebuilt JAAS modules and their parameters are described in Prebuilt JAAS Modules.

  2. Configure the EMS Server Parameters

    The default EMS_HOME/samples/config/tibemsd-jaas.conf file is configured for JAAS. This file can be copied as tibemsd.conf, or the server can be started with the -config parameter to specify this file. See Starting the EMS Server Using Options for details.

    If you prefer to manually configure JAAS, then take the following steps to modify the main EMS server configuration file, tibemsd.conf:

    1. Set the jre_library parameter to enable the JVM. For more information, see The JVM in the EMS Server.
    2. Set the security_classpath parameter to include the following JAR files:
      EMS_HOME/bin/tibemsd_jaas.jar
      EMS_HOME/lib/tibjmsadmin.jar
      EMS_HOME/lib/tibjms.jar
      EMS_HOME/lib/jms-2.0.jar

      For example:

      security_classpath = c:\tibco\ems\8.5\bin\tibemsd_jaas.jar;c:\tibco\ems\8.5\lib\tibjmsadmin.jar;c:\tibco\ems\8.5\lib\tibjms.jar;c:\tibco\ems\8.5\lib\jms-2.0.jar
    3. Set the jaas_config_file to reference the JAAS module configuration file created in Step 1.
      For example:
      jaas_config_file = jaas_configuration.txt
    4. Set the user_auth parameter to enable JAAS for LDAP authentication. The parameter should specify jaas, and should not include ldap.
      For example:
      user_auth=jaas