Beginning with EMS 8.1, does a user need to define EMSCA JAAS users within one of the JAAS groups, such as emsca-admin and emsca-guest?

Beginning with EMS 8.1, does a user need to define EMSCA JAAS users within one of the JAAS groups, such as emsca-admin and emsca-guest?

book

Article ID: KB0093108

calendar_today

Updated On:

Products Versions
TIBCO Enterprise Message Service -
Not Applicable -

Description

Description:
Beginning with EMS 8.1, does a user need to define EMSCA JAAS users within one of the JAAS groups, such as  emsca-admin and emsca-guest?
Symptoms:
N/A
Cause:
N/A

Issue/Introduction

Beginning with EMS 8.1, does a user need to define EMSCA JAAS users within one of the JAAS groups, such as emsca-admin and emsca-guest?

Resolution

In EMSCA 7.x, 8.0,  EMSCA JAAS users must be defined within one of the JAAS groups: emsca-admin or emsca-guest. They are hard coded and can not be changed. EMS 8.1, EMSCA has added new flags:  --jaas-admins and --jaas-guests. The argument value can be a comma separated list of admin role names and guest role names. You can use those flags to replace the default JAAS group names: "emsca-admin" and "emsca-guest" to your own standard names. For example, if you use LDAP JAAS authentication, you do not need to create two LDAP groups: emsca-admin and emsca-guest in the LDAP server. You can use the existing groups or create two new LDAP groups with your own standard names for admin role groups and guest role groups.
For example, you can start emsca with the following:
tibemsca.bat -c emsca_ldap.properties --jaas-admins {EMSCA LDAP group name for admin role}
These settings can also be provided via the configuration file with the following properties: 
'com.tibco.emsca.jaas.admin.roles'
'com.tibco.emsca.jaas.guest.roles'

Additional Information

KB: 37186
How to enable authentication in EMSCA 7.0 .

KB: 37380
How to enable EMSCA 7.0 LDAP JAAS authentication.
Powered by Wolken Software