![[V9.0.1 Nov 2016]](ng901.gif)
Configuring security
You can configure security for the IBM® MQ Console and the REST API by editing the mqwebuser.xml file. You can configure and authenticate users by configuring either a basic user registry, or an LDAP registry, or any of the other registry types that are provided with WebSphere® Application Server Liberty. You can then authorize those users by assigning users and groups a role. At IBM MQ 9.0.1, there is no security for the REST API. From IBM MQ 9.0.2, you can configure security for the REST API.
About this task
To configure security for the IBM MQ Console, and REST API, you must configure users and groups. These users and groups can then be authorized to use the IBM MQ Console, or REST API, or both. For more information about configuring users and groups, and authenticating and authorizing users, see IBM MQ Console and REST API security.
When users authenticate with the IBM MQ Console, an
LTPA token is generated. If you use token based authentication with the
REST API, a different LTPA token is generated when the user logs in using the
/login REST API resource with the HTTP POST method. This token enables the
user to use the IBM MQ Console without re-authenticating
until the token expires. You can configure when the token expires. For more information, see Configuring the LTPA token expiry interval.