Capitalware has an MQ solution called MQ Authenticate User Security Exit (MQAUSX).
MQ Authenticate User Security Exit (MQAUSX) is a solution that allows a company to fully authenticate a user who is accessing an IBM MQ resource. It authenticates the user’s UserID and Password against the server’s native OS system, LDAP server, Microsoft’s Active Directory, Quest Authentication Services (QAS), Centrify’s DirectControl or an encrypted MQAUSX FBA file.
Recently, a customer asked for 2 enhancements to MQAUSX:
1. They asked to have the “Remote Product” and “Remote Version” fields from the MQCD structure be included on the log record outputted to the log file.
2. They asked to have the all of the SSL/TLS fields from both the MQCD and MQCXP structures be included on the log record outputted to the log file.
When MQAUSX is running with LogMode set to ‘N’ (Normal), the log record outputted to the log file looks like:
1 | Connection accepted for MCA_UID="tester" UserID="tester" UserSpecifiedServer="" QMgr="MQA1" ChlName="TEST.EXIT" ConName="10.10.10.101" Server="" RemoteUserID="tester" |
Long time ago, when I was first developing MQAUSX, one of the authentication targets included was Microsoft’s Active Directory for when the server-side component was running on a Windows server. Hence, MQAUSX has 2 keywords that control which Active Directory is the target for authentication: UseServerName and ServerName. A customer requested that the end-user be allowed to change the target AD server, so another keyword called AllowUserAlterServerName was added to MQAUSX. These 3 keywords are only used when MQAUSX server-side component is running on a Windows server.
As I was looking at the code add the new requests to MQAUSX, I realized that MQAUSX outputs the log record with UserSpecifiedServer and Server on all distributed platforms (AIX, HP-UX, Linux, IBM i, Solaris and Windows). But really, that information is only applicable on Windows. Hence, I have decided to exclude those fields on all platforms except for Windows. Since, a majority of customers do not use either AllowUserAlterServerName or UseServerName on Windows, if those keywords are set to ‘N’ then those fields will be excluded. Hence, the new the log record outputted to the log file will look like:
1 | Connection accepted for MCA_UID="tester" UserID="tester" QMgr="MQA1" ChlName="TEST.EXIT" ConName="10.10.10.101" RemoteUserID="tester" |
I also noticed that in the code for a rejected connection, sometimes the log record had “Connection failed” and in other instances it had “Connection rejected”. I decided to change all of them to “Connection rejected” for consistency.
MQAUSX will have 2 new keywords to support the customer’s request:
When LogRemoteClientInfo is set to ‘Y’ then RemoteProduct and RemoteVersion fields from MQCD structure will be added to the log record written to the log file.
Note: The RemoteProduct and RemoteVersion fields are available on IBM MQ v8.0 or higher.
i.e.
1 | Connection accepted for MCA_UID="tester" UserID="tester" QMgr="MQA1" ChlName="TEST.EXIT" ConName="10.10.10.101" RemoteUserID="tester" RemoteProduct="MQCC" RemoteVersion="09030100" |
When LogClientSSLInfo is set to ‘Y’ then SSLCertUserid* and SSLRemCertIssName fields (from MQCD structure) and SSLCipherSpec, SSLPeerName, SSLClientAuth and CertificateLabel fields (from MQCXP structure) will be added to the log record written to the log file.
Note #1: The SSLCertUserid, SSLRemCertIssName, SSLCipherSpec, SSLPeerName and SSLClientAuth fields are available on WebSphere MQ (aka IBM MQ) v6.0 or higher. The CertificateLabel field is available on IBM MQ v8.0 or higher.
*Note #2: The SSLCertUserid field is only available when MQAUSX for z/OS is running on a z/OS (mainframe) queue manager.
i.e. Distrbuted platforms:
1 | Connection accepted for MCA_UID="tester" UserID="tester" QMgr="MQA1" ChlName="TEST.EXIT" ConName="10.10.10.101" RemoteUserID="tester" SSLRemCertIssName="" SSLCipherSpec="" SSLPeerName="" SSLClientAuth="Optional" CertificateLabel="" |
i.e. z/OS
1 | Connection accepted for MCA_UID="tester" UserID="tester" QMgr="MQA1" ChlName="TEST.EXIT" ConName="10.10.10.101" RemoteUserID="tester" SSLCertUserid="" SSLRemCertIssName="" SSLCipherSpec="" SSLPeerName="" SSLClientAuth="Optional" CertificateLabel="" |
If anyone would like to test out the latest release then send the email to support@capitalware.com
Regards,
Roger Lacroix
Capitalware Inc.
Capitalware has an MQ solution called MQ Message Replication (MQMR).
MQ Message Replication will clone messages being written (via MQPUT or MQPUT1 API calls) to an application’s output queue and MQMR will write the exact same messages to ‘n’ target queues (‘n’ can be up to 100). When MQMR replicates a message both the message data and the message’s MQMD structure will be cloned. This means that the fields of the MQMD structure (i.e. PutTime, MessageId, CorrelId, UserId, etc..) will be exactly the same as the original message’s MQMD structure.
The other day, Simone Jain posted a tutorial called Streaming messages to topics using alias queues to IBM Developer Tutorials.
The same solution can be applied to MQMR’s “Target Queues”. The first 2 steps are the same, so I’ll copy it using the example and text from the posting. In their example, they used the MQ Console to create the MQ objects, below, I will use MQSC commands for runmqsc program.
Step 1. Creating a topic for MQMR cloned messages to go to
Provide a topic name (i.e. DEV.APP_XYZ.CLONE) and topic string (i.e. dev/app_xyz/clone/).
1 | DEFINE TOPIC(DEV.APP_XYZ.CLONE) TOPICSTR('dev/app_xyz/clone/') |
Step 2. Creating an alias queue to redirect messages to our topic
You can name this queue whatever you’d like. We’ve used the DEV. prefix in this example i.e. DEV.APP_XYZ.CLONE.TO.TOPIC.QA.
Next, set the Base object field to the name of the topic created (i.e. DEV.APP_XYZ.CLONE) and the Base type field as ‘Topic’. Doing this means that the alias queue will resolve to this topic.
1 | DEFINE QALIAS(DEV.APP_XYZ.CLONE.TO.TOPIC.QA) TARGTYPE(TOPIC) TARGET(DEV.APP_XYZ.CLONE) |
Step 3. Configuring MQMR to use alias queue as a MQMR target queue
Let’s say you want to clone messages for queue ‘DEV.XYZ.Q’ and have the cloned messages to go to the topic defined above. You would simply add the following section to your MQMR IniFile.
i.e.
1 2 3 | [Q:DEV.XYZ.Q]AddSourceInfo = YTargetQueues=DEV.APP_XYZ.CLONE.TO.TOPIC.QA |
If you already had a section in your MQMR IniFile cloning messages to a local or remote queue and wanted to add the clone messages going to a topic then you would add the queue alias to the Target Queues keyword.
i.e.
1 2 3 | [Q:DEV.XYZ.Q]AddSourceInfo = YTargetQueues=DEV.XYZ.COPY01.Q;DEV.XYZ.COPY02.Q;DEV.APP_XYZ.CLONE.TO.TOPIC.QA |
Regards,
Roger Lacroix
Capitalware Inc.
I’ve come across an interesting tool for MQAdmins or MQ developers. It’s called C, Just in Time! (aka CJIT). It is available for Windows, macOS and Linux platforms. CJIT is written by Jaromil, Danielinux and Matteo, and inspired by Puria and Alvise.
CJIT is a lightweight C interpreter that lets you run C code instantly, without needing to build it first. Just use the executable interpreter: no extra tools, libs, or headers required. Based on Fabrice Bellard’s TinyCC and inspired by Terry Davis (HolyC), CJIT brings the power of Just-In-Time execution to C programming. 100% Free and open source!
First, I tried CJIT on a couple of “Hello World” type of C programs and it worked like a charm.
Next, I was thinking about how sometimes you want to make a small change to an IBM sample MQ program but you have to have a full-blown compiler/linker installed to rebuild the C source code. Installing MS Visual Studio is a beast and requires a fair bit of knowledge about what components the developer needs. Installing GCC on Windows is easier but still does require some knowledge. Plus what if the PC/laptop you are using is locked down and you cannot install software on it.
CJIT is a single executable that you do not need to install, you simply download it from here. Just create a directory called C:\CJIT and download CJIT into that directory, and now you are ready to go. It’s that simple.
The manpage for CJIT can be found here or you can run CJIT from the command prompt with the ‘-h’ parameter and you will see:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | C:\CJIT>cjit.exe -hCJIT v0.16.2 by Dyne.orgSynopsis: cjit [options] files(*) -- app arguments (*) can be any source (.c) or built object (dll, dylib, .so)Options and values (+) mandatory (-) default (=) optional: -h print this help -v print version information -q stay quiet and only print errors and output -C set interpreter/compiler flags (-) env var CFLAGS -c compile a single source file, do not execute -o exe do not run, compile an executable (+path) -D sym define a macro value (+) symbol or key=value -I dir also search folder (+) dir for header files -l lib link the shared library (+) lib -L dir add folder (+) dir to library search paths -e fun run starting from entry function (-) main -p pid write execution process ID to (+) pid --verb don't go quiet, verbose logs --xass just extract runtime assets (=) to path --xtgz extract all files in a USTAR (+) tar.gz |
FYI: On Windows, the ‘-L’ parameter does not appear to work and I have reported to the author. The work around is to copy the DLL to the same directory as your source code.
Example: lets say you want to use the MQ sample called amqsbcg0.c but you want the BUFFERLENGTH define to be 200,000 rather than 65,536 but to make the change and rebuild the executable, you need a compiler/linker toolset. This is where CJIT can come in super handy and here’s how I tested it out with an IBM MQ sample C program.
I created a directory called C:\temp\MQ_src\ and copied the amqsbcg0.c source to it along with the mqm.dll from the D:\Program Files\IBM\MQ\bin64\ directory.
1 2 3 4 5 6 7 8 9 10 11 12 | C:\temp\MQ_src>dir Volume in drive C is OS Volume Serial Number is 76E7-6850 Directory of C:\temp\MQ_src2025-02-19 05:01 PM <DIR> .2025-02-19 05:00 PM <DIR> ..2022-10-06 01:00 AM 44,727 amqsbcg0.c2022-10-06 01:00 AM 47,592 mqm.dll 2 File(s) 92,319 bytes 2 Dir(s) 293,742,751,744 bytes free |
Next, edit the amqsbcg0.c source and change whatever code in it you want to.
Next, I used MQ Visual Edit to put a simple test message on the queue ‘TEST.Q1’.
Next, it is time to BOTH compile/link AND run amqsbcg0.c sample program. CJIT requires that if your program requires parameters that you place 2 dashes and then the parameters for the program. Here is the command to do compile and run it browsing queue ‘TEST.Q1’ on queue manager ‘MQA1’:
1 | C:\CJIT\cjit.exe -I"D:\Program Files\IBM\MQ\tools\c\include" -lmqm amqsbcg0.c -- TEST.Q1 MQA1 |
Here is the output from amqsbcg0.c:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | CJIT v0.16.2 by Dyne.orgAMQSBCG0 - starts here********************** MQOPEN - 'TEST.Q1' MQGET of message number 1, CompCode:0 Reason:0****Message descriptor**** StrucId : 'MD ' Version : 2 Report : 0 MsgType : 8 Expiry : -1 Feedback : 0 Encoding : 273 CodedCharSetId : 819 Format : 'MQSTR ' Priority : 0 Persistence : 0 MsgId : X'414D51204D5157543120202020202020A0B5B36701620040' CorrelId : X'000000000000000000000000000000000000000000000000' BackoutCount : 0 ReplyToQ : ' ' ReplyToQMgr : 'MQA1 ' ** Identity Context UserIdentifier : 'rlacroix ' AccountingToken : X'160105150000003200057246D646E7D52332D3E903000000000000000000000B' ApplIdentityData : ' ' ** Origin Context PutApplType : '11' PutApplName : 'mqve.exe ' PutDate : '20250219' PutTime : '22203689' ApplOriginData : ' ' GroupId : X'000000000000000000000000000000000000000000000000' MsgSeqNumber : '1' Offset : '0' MsgFlags : '0' OriginalLength : '-1'**** Message **** length - 23 of 23 bytes00000000: 5468 6973 2069 7320 6120 7465 7374 206D 'This is a test m'00000010: 6573 7361 6765 2E 'essage. ' No more messages MQCLOSE MQDISC |
The next test is to actually build an executable using CJIT and then run the executable by itself. To do that, use the following command:
1 | C:\CJIT\cjit.exe -I"D:\Program Files\IBM\MQ\tools\c\include" -lmqm amqsbcg0.c -o amqsbcg.exe |
Now, anytime you want to run amqsbcg.exe with your changes, you just type:
1 | C:\temp\MQ_src>amqsbcg.exe TEST.Q1 MQA1 |
And you get the same output as above.
So now you have a quick and easy way to modify and test any C source code without needing a full blown C compiler/linker.
Regards,
Roger Lacroix
Capitalware Inc.
IBM TechCon 2025 is a 3-day virtual event happening on March 18-20, 2025. It is a free virtual event with 6 tracks:
You can use the following link to register for the event: https://ibm.biz/TechCon2025
Regards,
Roger Lacroix
Capitalware Inc.
In December 2024, Capitalware’s new online shopping cart, managed by FastSpring, went live.
Over the last few weeks, I have received a couple of angry emails regarding the foreign exchange fee being charged to the order when they are not located in the USA.
During the signup process, I was told that it is far better and more customer friendly to have all currencies selected/available in my store front. The sales rep never mentioned anything about adding a foreign exchange fee to the order checkout process. I had actually read FastSpring’s Currencies and Conversions and didn’t see anything about “Foreign Exchange Fee” but I did notice the paragraph labeled “Markup Rates” but didn’t think much about it.
After getting those angry emails, I contacted FastSpring Support and asked what was going on with the price of the products because it was higher than expected. In one particular case, the customer was trying to pay in Swiss Francs (CHF) but the price was 3.6% higher than expected.
Come to find out, FastSpring charges a foreign exchange fee of between 3.5% to 5.5%. A typical credit card will charge a foreign exchange fee of between 1.5% to 3% (and a few don’t charge any foreign exchange fee), so you can see why I received those angry emails.
I have made a couple of suggestion for FastSpring to improve and provide a better customer experience.
(1) On the checkout window, show a box with 2 radio buttons asking the customer to select either:
Hence, the customer can decide if they like the Foreign Exchange Fee or not.
(2) FastSpring should immediately update the documentation and the words “Markup Rates” be changed to “Foreign Exchange Fee”.
Since, I’m not interested in having angry customers (or resellers) email me about why they paid more for their order than expected, I have disabled all currencies except for USD (Capitalware’s base currency).
For fellow merchants who are using FastSpring, to avoid angry customer emails, I would suggest you go to your FastSpring store and select Settings then Localizations and change this:
to this:
Hence, the foreign exchange fee will be handled by the customer’s credit card and not by FastSpring.
Regards,
Roger Lacroix
Capitalware Inc.
After a lot of reviews, meetings and testing, I have decided to use the FastSpring’s All-in-One Payment & Subscription Platform for online orders.
All of the online shopping buttons have been enabled again on Capitalware’s web site. You should be able to purchase a Capitalware product with a few clicks of your mouse.
If you have any issues, please let me know by sending an email to support@capitalware.com
Regards,
Roger Lacroix
Capitalware Inc.
President-elect Trump has said that after he is sworn into office, he will be placing tariffs on a variety of goods:
he would impose a 10% to 20% tariff on all imports, including tariffs as high as 60% to 100% for goods from China.
Capitalware Inc. is a Canadian company but we may get a double whammy of tariffs. There are a lot of USA companies in Canada, who bring all of their goods for both USA and Canada through USA ports. Hence, they will be hit with tariffs. Many Canadian companies find it is cheaper for them to have their shipments go through the USA. Hence, the tariffs will be applied regardless of the final destination!!
If Canada retaliates against Trump’s tariffs, I would be willing to bet that President-elect Trump will up the ante.
So, all of these tariffs will cause prices to raise. How high, I do not know (i.e. 25% or 50% or 100%). Life is about to get expensive for Capitalware.
Therefore, I’m sorry to say, that Capitalware will likely have to raise prices of its products. I haven’t made a decision yet, it will totally depend on President-elect Trump actions. If he follows through on his words then yes, there will be a substantial price hike. This will affect all customers, not just USA and/or Canadian customers.
Regards,
Roger Lacroix
Capitalware Inc.
I would like to wish everyone a Merry Christmas, Happy Hanukkah, Happy Kwanzaa, etc… and a Happy New Year. 
Regards,
Roger Lacroix
Capitalware Inc.
IBM MQ WebSphere MQ IBM Developer Messaging Blog T.Rob’s Store and Forward Mark Taylor’s Blog Lyns Random Thoughts Leif Davidsen’s Blog Colin Paice on MQ StackOverflow MQ Questions StackOverflow MQTT Questions