Enabling Authentication Using JAAS Modules
The JAAS modules are designed to be simple to use.
A default EMS server configuration file, tibemsd-jaas.conf, is located with the other sample configuration files in the EMS_HOME/samples/config directory.
This file provides a default JAAS configuration that includes the security-related parameters required to use any of the TIBCO EMS JAAS modules. However, some additional steps are required to complete the configuration.
- Procedure
- Configure the JAAS Module
Create a JAAS module configuration file with parameter values appropriate to your environment.
If you are using one of the provided default modules, locate the configuration file for the desired module in the EMS_HOME/samples/config/jaas directory, and configure the module parameters for your environment. It is a good practice to copy this file along side your other EMS configuration files.
The prebuilt JAAS modules and their parameters are described in Prebuilt JAAS Modules.
- Configure the EMS Server Parameters
The default EMS_HOME/samples/config/tibemsd-jaas.conf file is configured for JAAS. This file can be copied as
tibemsd.conf
, or the server can be started with the-config
parameter to specify this file. See Starting the EMS Server Using Options for details.If you prefer to manually configure JAAS, then take the following steps to modify the main EMS server configuration file,
tibemsd.conf
:- Set the
jre_library
parameter to enable the JVM. For more information, see The JVM in the EMS Server. - Set the
security_classpath
parameter to include the following JAR files:EMS_HOME/bin/tibemsd_jaas.jar
EMS_HOME/lib/tibjmsadmin.jar
EMS_HOME/lib/tibjms.jar
EMS_HOME/lib/jakarta.jms-api-2.0.3.jarFor example:
security_classpath = c:\tibco\ems\10.3\bin\tibemsd_jaas.jar;c:\tibco\ems\10.3\lib\tibjmsadmin.jar;c:\tibco\ems\10.3\lib\tibjms.jar;c:\tibco\ems\10.3\lib\jakarta.jms-api-2.0.3.jar
- Set the
jaas_config_file
to reference the JAAS module configuration file created in Step 1.For example:jaas_config_file = jaas_configuration.txt
- Set the
user_auth
parameter to enable JAAS for LDAP authentication.For example:user_auth=jaas
- Set the