MQ Authenticate User Security Exit Overview
The MQ Authenticate User Security Exit v1.5.0 is a new solution that allows a company to fully authenticate a user who is accessing a WebSphere MQ resource. It verifies the User's UserID and Password (and possibly Domain Name) against the server's native OS system (or domain controller) or a remote LDAP server.
The security exit will operate with WebSphere MQ v5.3, v6.0 or v7.0 (and MQSeries v5.2) in Windows, iSeries (OS/400), Unix and Linux environments. It works with Server Connection, Client Connection, Sender, Receiver, Server, Requestor, Cluster-Sender and Cluster-Receiver channels of WebSphere MQ queue manager.
The MQ Authenticate User Security Exit solution is comprised of 2 components: client-side security exit and server-side security exit.
Client-Side Security Exit Summary
- The client-side security exit is available in 4 forms:
- Windows DLL
- Windows DLL for managed .NET
- Java JAR
- Non-GUI shared library for AIX, HP-UX, iSeries (OS/400), Linux and Solaris
- The client-side security exit has been tested against the following MQ client programs:
- IBM's MQ Explorer
- SupportPac MO71 (MQMon)
- IBM's WBIMB Eclipse Tool Kit
- Mercury's SiteScope
- Capitalware's MQ Visual Edit, MQ Visual Browse & MQ Batch Toolkit
- Any program that uses Client Channel Tables (i.e. SupportPac MS03, WatchQ, etc.)
- J2EE web server (i.e. WebLogic, WebSphere, etc.)
- Complete programming examples that utilize the client-side security exit:
- 8 examples for the C programming language
- 8 examples for the C++ programming language
- 8 examples for the C# .NET programming language
- 12 examples for the Java and Java/JMS programming language
- 4 examples for the VB programming language
Server-Side Security Exit Summary
- The server-side security exit is available in 2 forms:
- Windows DLL
- Non-GUI shared library for AIX, HP-UX, iSeries (OS/400), Linux and Solaris
- The server-side security exit major features are:
- Authenticate a user against the server's native OS (or against a File) or a remote LDAP server
- Support for Proxy UserIDs
- Allow or restrict the incoming IP address against a regular expression pattern
- Allow or restrict the incoming SSL DN against a regular expression pattern
- Allow or restrict the incoming UserID against a regular expression pattern
- Allows or restricts the incoming AD server name against a regular expression pattern (Windows only)
- Limit the number of incoming channel connections on a SVRCONN channel.
- Allow or restrict the use of 'mqm', 'MUSER_MQADMIN' or 'mqm' UserIDs
- Includes a CHAD exit used to secure cluster channels
- Ability to turn off server-side authentication
- Provides monitoring tool tie-in by using custom MQ event messages
- Provides logging capability for all connecting client applications regardless if they were successful or not.
- Server-Side Security Exit has been tested against and is supported for the following LDAP servers:
- Microsoft's Active Directory for Windows 2000 Server or higher
- Novell's eDirectory v8 or higher
- OpenLDAP v2.1 or higher
- Oracle 9i Internet Directory or higher
- Tivoli Directory Server for iSeries (OS/400)
- z/OS Integrated Security Services LDAP Server v1.6 or higher
Pricing
- The client-side security exits are included for FREE and can be distributed to an unlimited number of remote servers or PCs with MQ client applications (the user only pays for the server-side licenses).
- The server-side security exits are provided in the format of a native DLL / shared library and are currently available for AIX, HP-UX, iSeries (OS/400), Linux, Solaris and Windows. The pricing of Capitalware's MQ Authenticate User Security Exit solution is on a 'per queue manager' basis.
| Operating System | WMQ v5.3 | WMQ v6.0 & v7.0 |
| AIX v5.1, v5.2, v5.3 & v6.1 | 32-bit | 64-bit |
| HP-UX IA64 v11.23 or higher | n/a | 64-bit |
| HP-UX RISC v11.00 & v11.11 | 32-bit | 64-bit |
| IBM i 5.4 & 6.1, i5/OS V5R3 & OS/400 | 64-bit | 64-bit |
| Linux x86 | 32-bit | 32-bit |
| Linux x86_64 | n/a | 64-bit |
| Linux on POWER | n/a | 64-bit |
| Linux on zSeries | 32-bit | 32-bit & 64-bit |
| Solaris SPARC v8, v9 & v10 | 32-bit | 64-bit |
| Solaris x86_64 v10 | n/a | 64-bit |
| Windows NT, 2000, 2003, 2008, XP Pro & 7 | 32-bit | 32-bit |
| Product | Price (USD) * | Ordering |
| MQ Authenticate User Security Exit (per license**) | $499.00 | |
| Yearly maintenance and support fee | 15% | |
| Total | $574.00 | Order Now |
* Volume discounts available for as low as $299.00 USD per license plus 15% yearly maintenance and support fee.
** MQ Authenticate User Security Exit is licensed on a per queue manager basis.
- Each licensed user will receive:
- Full version of MQ Authenticate User Security Exit
- Free updates / upgrades to any version 1.x release.
- Free email/ Help Desk support
| Enterprise License for MQ Authenticate User Security Exit: |
| Enterprise License for MQ Authenticate User Security Exit sells for a MSRP of $90,000 USD plus 15% yearly maintenance and support fee. An enterprise license will allow a company to have unlimited number of queue managers use MQ Authenticate User Security Exit at an unlimited number of locations. |