Will the JAAS JACI module implemented in older EMS versions still work in EMS 8.1 server?
Article ID: KB0085063
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Description:
Since version 8.1, EMS provides compiled and fully functional JAAS modules that can be used to enable LDAP and host-based authentication in the EMS server. Will the JAAS JACI module implemented in older EMS versions still work in EMS 8.1 server?
Symptoms:
Starting from version 8.1, EMS provides compiled and fully functional JAAS modules that can be used
to enable LDAP and host-based authentication in the EMS server. The following parameters are deprecated in this release.
• This release deprecates the jaas_classpath and jaci_classpath parameters. Users should migrate to the new security_classpath parameter.
Cause:
N/A
Resolution
You can still use the old EMS configuration and JAAS/JACI module implementation with the EMS 8.1 server. EMS 8.1 server can start with the old EMS config files without any issues. However, since the following parameters: jaas_classpath and jaci_classpath are deprecated, moving forward use the new parameter security_classpath to set to the original JAAS and JACI jar file.
For example, if you have following configured:
jaas_classpath = <path to SecurityPlugins.jar>/SecurityPlugins.jar
jaci_classpath = <path to SecurityPlugins.jar>/SecurityPlugins.jar
you can change to the security_classpath parameter as follows:
security_classpath = <path to SecurityPlugins.jar>/SecurityPlugins.jar
You do not need to change anything in the jaas_config_file. You also don't need to change anything for the JACI module setting within the EMS main conf file.
Note:
The old JACI modules with group membership will not function with the new prebuilt JAAS modules. Currently, EMS 8.1 does not ship any prebuilt or sample JACI modules that work alongside the prebuilt JAAS modules. If you are using the perbuilt JAAS modules and want to set the permission on the LDAP group, you need to configure the permission of the LDAP groups using the EMS ACL configuration (acl.conf or in JSON) with the prebuilt LDAP group login module.
For example, if you have following configured:
jaas_classpath = <path to SecurityPlugins.jar>/SecurityPlugins.jar
jaci_classpath = <path to SecurityPlugins.jar>/SecurityPlugins.jar
you can change to the security_classpath parameter as follows:
security_classpath = <path to SecurityPlugins.jar>/SecurityPlugins.jar
You do not need to change anything in the jaas_config_file. You also don't need to change anything for the JACI module setting within the EMS main conf file.
Note:
The old JACI modules with group membership will not function with the new prebuilt JAAS modules. Currently, EMS 8.1 does not ship any prebuilt or sample JACI modules that work alongside the prebuilt JAAS modules. If you are using the perbuilt JAAS modules and want to set the permission on the LDAP group, you need to configure the permission of the LDAP groups using the EMS ACL configuration (acl.conf or in JSON) with the prebuilt LDAP group login module.
Issue/Introduction
Will the JAAS JACI module implemented in older EMS versions still work in EMS 8.1 server?
Feedback
Yes
No
Powered by
