Integration


This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Add a new idea Subscribe
Status Needs more information
Workspace MQ, MQ Advanced & MQ Appliance
Created by Guest
Created on Dec 5, 2024

RELATED IDEAS

IBM MQ add JWKS private_key_jwt support

In IBM MQ 9.4 we got the JWK support, but not the private_key_jwt with client assertation, it would be a great feature

https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication check the 9. Client Authentication - private_key_jwt

Idea priority Medium
  • Guest
    Reply
    |     Dec 10, 2024

    Thanks for this suggestion - it would be useful to get a bit more information about your requirement so we can better understand the change you are looking for in the product.

    The IBM MQ support for token authentication is by design ‘agnostic’ about the source of those tokens, and it is the responsibility of the client application to retrieve an appropriately formed JWT provided at MQ ‘connect’ time. Sample exit code is provided which can retrieve a token (access token) from an OIDC compliant endpoint using a very basic ‘password’ authentication, but this is definitely not the only option (or recommended in production use as username/password is generally considered deprecated). OAUTH private_key_jwt is one perfectly valid alternative which can already be implemented by client application code to retrieve the access token from the authorisation server before connecting to MQ.

    *Potential* enhancements to the IBM MQ product in this area would be for the MQ Client libraries to implement more of the OAUTH/OIDC specifications and provide built in facilities for certain methods of retrieving the access token from the server. Alternatively, additional samples and/or exit code could be provided showing these approaches. It would be good to understand the specific environments (e.g. application runtime - C? JMS? .Net) in which you would like to see support for the private_key_jwt approach and what form this would take to be most useful to your (existing or future) applications.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.