Free Queuemetrix Active Directory & LDAP MQ Channel Security Exit
Queuemetrix Gatekeeper is an Open Source LDAP security authentication plugin for IBM MQ that provides a secure way for MQ TCP clients to connect to MQ. It uses a client authentication exit module to extend the functionality of MQ to provide a method for JMS and other types of client connections to be authenticated using standard LDAP Simple bind authentication.
The Exit allows Queuemetrix Lamaxu to use AD username/password authentication on MQ versions prior to version 8.
The module itself is called a ‘security channel exit’ and is named libMQGatekeeper. The module is deployed to an MQ server and is used to protect client MQ connections by providing username and password authentication against an enterprises single sign-on (SSO) such as LDAPS or Microsoft’s Active Directory. Authenticated users can also be restricted to those that are members of specific AD/LDAP groups.
Client passwords are protected during channel authentication by using standard MQ one way SSL/TLS encryption.
The module provides a number of key security features such as,
- Username/password authentication performed using LDAP/S simple authentication.
- Every channel can employ a different security profile
- Auto fail-over to alternate LDAP/S server when one is not available
- Supports Microsoft Active Directory (AD) LDAP
- One, or two way SSL on the connecting MQ client channel to protect the password on the wire.
- Supports LDAP group memberships such as an AD group
- IP address filtering (backward compatible with BlockIP2 rules file)
- Client user id translation/pass-through for object level authorisation (OAM)
- Multiple client API support
Recent Comments