MFT client is using JMS interface for connection and I am setting the credentials. UM log is showing the user@ under which MFT client is running, it should ideally show the user which is part of credentials entered.
What version of UM are you using?
Version 9.9
Hi Jonathan,
This is regarding clients connections with UM, we have several applications which are connecting with central UM HUB. We would like to authenticate the users connecting from those application in UM. We have set up the Active Directory based authentication and JMS clients are able to connect by passing the security credential and security prinicpal. However, DOTNET clients are unable to connect because we don’t have an option to pass credentials in DOTNET library. I can see the following error in the logs :
SECURITY: Mandatory credentials not supplied
I am not sure the next steps to resolve this.
Can you help me here please.
Thanks.
Vishal.
Hi Vishal,
the DotNet client does not (yet) support client authentication based on username/password. We are currently planning to include this in the October 2017 release of Universal Messaging.
Thanks for the quick reply.
Do we need to setup the exception for DOTNET clients because for the moment we have AD based authentication setup for the JMS clients, how can we bypass that ?
Do we have any other ways to authenticate DOTNET client ?
Vishal,
you could authenticate DotNet clients using client certificates, but that will not work well in combination with basic authentication with your Java clients, so likely not an option.
What you could do is set up a file of authentication-exempt clients, e.g. based on the IP addresses of your DotNet clients. Create a file with the auth-exempt clients, e.g.
*@192.168.0.1
*@192.168.0.2
Then point to that file by adding this line to server_common.conf:
-DNirvana.auth.exempt=/path/to/file
This will allow your DotNet clients to connect, while still enforcing username/password for your Java clients.
Is there any way if they can co-exist ? I mean java client can use basic authentication and DotNet clients can use client certificates ?
May be not possible if using same REALM or if we can use different interface within same REALM?
Otherwise we need to use different REALM for DotNet clients to use client certificates.
Jonathan
Does this mean any user from the host 192.168.0.1 can connect with out credentials when the application is .net.
We also having same problem with .Net app. For me its only working when i provide username@hostname not *@hostname.
*@192.168.0.1
*@192.168.0.2
Then point to that file by adding this line to server_common.conf:
-DNirvana.auth.exempt=/path/to/file
Hi Krishna,
This thread is pretty old. In the meantime plain SASL authentication (with a username and a password) was made available in .Net (depending on the version you are using you may have to install the latest fixes - check the respective fix readme for further information).
To your question, you cannot use wildcards when adding users that are exception to authentication - only explicit user@host is allowed there.
Thanks,
Stefan