WebSphere Process Server Change The User Registry From Standalone LDAP To Virtual Member Manager. A step by step guide

Similar documents
IBM WebSphere Developer Technical Journal: Expand your user registry options with a federated repository in WebSphere Application Server V6.

Troubleshooting WebSphere Process Server: Integration with LDAP systems for authentication and authorization

User Registry Configuration in WebSphere Application Server(WAS)

Using WebSphere Dynamic Process Edition with DB2 High Availability and Disaster Recovery (DB2 HADR) A Step-by-Step Guide

Implementing Single-Sign-On(SSO) for APM UI

Using an LDAP With ActiveWorkflow

WebSphere Application Server 6.1 Virtual member manager

Installing ITDS WebAdmin Tool into WebSphere Application Server Network Deployment V7.0

IBM Tivoli Identity Manager V5.1 Fundamentals

Bonita Workflow. Process Console User's Guide BONITA WORKFLOW

WebSphere Portal Security Configuration

IBM Tivoli Directory Server

IBM C Exam. Volume: 65 Questions

Configuring ILMT/TAD4d security to use Active Directory.

Process Choreographer: High-level architecture

IBM A Assessment- IBM WebSphere Appl Server ND V8.0, Core Admin.

Configuration Guide - Single-Sign On for OneDesk

Architecture & Deployment

As you learned in Chapter 1, the architectural variations you can construct using

Lotus Connections 2.5 Install

Identity with Windows Server 2016 (742)

IBM Exam A IBM WebSphere Process Server V7.0, Deployment Version: 6.0 [ Total Questions: 65 ]

WP710 Language: English Additional languages: None specified Product: WebSphere Portal Release: 6.0

Entrust GetAccess 7.0 Technical Integration Brief for IBM WebSphere Portal 5.0

Integrating IBM Content Navigator with IBM Enterprise Records using plugin

Contents Overview... 5 Downloading Primavera Gateway... 5 Primavera Gateway On-Premises Installation Prerequisites... 6

C examcollection.premium.58q

Exam Name: IBM Certified System Administrator - WebSphere Application Server Network Deployment V7.0

Shared Session Management Administration Guide

IBM Security Access Manager Version December Release information

Deployment Scenario: WebSphere Portal Mashup integration and page builder

FileNet P8 Version 5.2.1

IBM Exam IBM FileNet P8 V5.1 Version: 6.0 [ Total Questions: 126 ]

Vendor: IBM. Exam Code: Exam Name: IBM FileNet P8 V5.1. Version: Demo

C IBM. IBM WebSphere App Server Network Deployment V8.0- Core Admin

International Journal of Advance Research in Engineering, Science & Technology. Study & Analysis of SOA based E-Learning Academic System

WebSphere Virtual Member Manager (VMM) and its integration with Custom User Registry

Realms and Identity Policies

IBM Exam IBM Tivoli Identity Manager V5.1 Implementation Version: 5.0 [ Total Questions: 158 ]

ActiveVOS Technologies

Unified Task List Developer Pack

Realms and Identity Policies

WebSphere Process Server Version Configuring The Process Choreographer And Other BPM Components In A Clustered Environment

KillTest *KIJGT 3WCNKV[ $GVVGT 5GTXKEG Q&A NZZV ]]] QORRZKYZ IUS =K ULLKX LXKK [VJGZK YKX\OIK LUX UTK _KGX

IBM IBM Tivoli Access Manager for e-business V6.1 Implementation. Download Full Version :

IBM InfoSphere Information Server Single Sign-On (SSO) by using SAML 2.0 and Tivoli Federated Identity Manager (TFIM)

Security Permissions in TCR 2.x

Configuring a basic authentication in WebSEAL to access SmartCloud Control Desk

Administrator Accounts

Integration Guide. SafeNet Authentication Service. NetDocuments

C

LDAP Configuration Guide

Red Hat Decision Manager 7.0

WEBSPHERE APPLICATION SERVER

IBM WebSphere Message Broker for z/os V6.1 delivers the enterprise service bus built for connectivity and transformation

Team TimeSheet for Outlook & SharePoint Client Installation and Configuration ( Per User Installation and Per Machine Installation )

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

IBM Cloud Orchestrator Version Content Development Guide

Cloud Secure Integration with ADFS. Deployment Guide

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Laserfiche Rio 10.3: Deployment Guide. White Paper

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Host Access Management and Security Server Administrative Console Users Guide. August 2016

Oracle Identity and Access Management

IBM Security Identity Manager Version 6.0. IBM Security Access Manager Adapter Installation and Configuration Guide IBM

Nova Bonita Workflow. Quick Start Guide. Nova BONITA WORKFLOW

Oracle Fusion Middleware

SAP NetWeaver Identity Management Virtual Directory Server. Tutorial. Version 7.0 Rev 4. - Joining data sources

CounterACT User Directory Plugin

IBM Tivoli Directory Server for z/os. Saheem Granados, CISSP IBM Monday, August 6,

Comprehensive Spam Quarantine Setup Guide on Security Appliance (ESA) and Security Management Appliance (SMA)

V7.0. cover. Front cover. IBM Connections 4.5 Deployment Scenarios. Deployment Scenarios ERC 1.0

Mercury WinRunner. Installation Guide Version 9.2. Document Release Date: February 26, 2007

Contents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29

Porting Google App Engine Applications to IBM Middleware

Configure FileNet Image Services to Work with P8 Content Manager

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

IBM Cloud Orchestrator Version 2.5. Content Development Guide IBM

Interaction JSR-168 Container

IBM Security Access Manager Version 9.0 October Product overview IBM

Naming in WebSphere Application Server V5: Impact on Migration and Interoperability

Oracle Access Manager Configuration Guide

050-v71x-CSESECURID RSA. RSA SecurID Certified Systems Engineer 7.1x

ServiceNow Deployment Guide

RSA Authentication Manager Adapter User Guide

Using the Process Center & Process Designer

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

What's new in IBM Rational Build Forge Version 7.1

Lotus Learning Management System R1

Open Mic: Quickr Portal 8.5 Clustering Best Practices. Tiffany H. Amos Jeffrey K. Johnson IBM Corporation

D9.2.2 AD FS via SAML2

B. Assets are shared-by-copy by default; convert the library into *.jar and configure it as a shared library on the server runtime.

[MS20414]: Implementing an Advanced Server Infrastructure


Evaluation Guide Host Access Management and Security Server 12.4 SP1 ( )

Testpassport.

WebSphere Application Server V7: Administration Consoles and Commands

Oracle Fusion Middleware

Oracle Revenue Management and Billing Analytics. Version Security Guide. Revision 1.1

C exam IBM C IBM Digital Experience 8.5 Fundamentals

Transcription:

WebSphere Process Server 6.1.2 Change The User Registry From Standalone LDAP To Virtual Member Manager A step by step guide May 2009 IBM Corporation, 2009 1

Disclaimer This document is subject to change without notification and will not comprehensively cover the issues encountered in all customer situations. The information contained in this document has not been submitted to any formal IBM test and is distributed AS IS. For updates or newer releases please contact the service team. The Author This document is produced by the Business Process Choreographer team in Böblingen Germany. Torsten Wilms IBM Software Group, Application and Integration Middleware Software BPM Suite Integration Quality Assurance Bernd Breier IBM Software Group, Application and Integration Middleware Software BPM Suite Integration Quality Assurance 2

Introduction This document describes how to move the WebSphere Process Server User Registry from standalone LDAP (in this case Tivoli Directory Server) to Virtual Member Manager (VMM). Following scenario is described in this document: As-Is situation: standalone WebSphere Process Server 6.0.2 is configured with a standalone LDAP (Tivoli Directory Server) as User Registry Staff Plugin Provider (People Resolution) is configured for standalone LDAP long-running process instances and participating human tasks are in state running The standalone WebSphere Process Server 6.0.2 will be migrated to WebSphere Process Server 6.1.2 The WebSphere Process Server 6.1.2 User Registry will be moved from standalone LDAP to Virtual Member Manager People Resolution for running Human Task instances will stay on standalone LDAP Detailed information for WebSphere Process Server Version 6.1.2 migration can be found in the Information Center: http://publib.boulder.ibm.com/infocenter/dmndhelp/v6r1mx/index.jsp? topic=/com.ibm.websphere.wps.612.doc/doc/welcome_wps_mig.html 3

Users and groups used in this scenario The LDAP contains the following groups, users and object classes: Group Users Object class cn=approvers,ou=groups,dc=ib m,dc=com uid=approver1,ou=people,dc=ibm,dc=com groupofuniquenames uid=approver2,ou=people,dc=ibm,dc=com groupofuniquenames cn=users,ou=groups,dc=ibm,dc =com uid=user1,ou=people,dc=ibm,dc=com uid=user2,ou=people,dc=ibm,dc=com inetorgperson inetorgperson cn=wpsadmin,ou=groups,dc=ib m,dc=com uid=wpsadmin,ou=people,dc=ibm,dc=com inetorgperson Sample application As a sample application a simple SCA Module with a long-running BPEL process and two Human Tasks (one invocation task and one participating task) is used. This application is deployed on the server and process instances and Human Tasks are running. 4

Settings for the invocation task: Potential Starter Staff Group: Group Potential Starter Parameters: GroupID: cn=users,ou=groups,dc=ibm,dc=com JNDI name of staff plugin configuration: bpe/staff/sampleldapconfiguration 5

Settings for the participating task: Potential Starter Staff Group: Group Potential Starter Parameters: GroupID: cn=approvers,ou=groups,dc=ibm,dc=com JNDI name of staff plugin configuration: bpe/staff/sampleldapconfiguration 6

WebSphere Process Server 6.0.2 server configuration Before moving from standalone LDAP to Virtual Member Manager, this chapter describes the as-is configuration of the WebSphere Process Server 6.0.2 server in a high-level manner. Following relevant configuration parameters are set: Global Security is enabled Active user registry: LDAP user registry 7

The LDAP User Registry settings are displayed in the figure below: 8

The LDAP User Registry Advanced settings are displayed in the figure below: 9

The Staff Plugin Provider is configured as shown below: 10

WebSphere Process Server 6.0.2 System Status Following Human Tasks are is state Ready or Claimed: 11

Migrate to WebSphere Process Server Version 6.1.2 Follow the Information Center to migrate to WebSphere Process Server 6.1.2. http://publib.boulder.ibm.com/infocenter/dmndhelp/v6r1mx/index.jsp? topic=/com.ibm.websphere.wps.612.doc/doc/welcome_wps_mig.html Configure Virtual Member Manager after migration (WebSphere Process Server 6.1.2) In the Integrated Solution Console click Security->Secure administration, applications, and infrastructure The Available realm definitions is set to Standalone LDAP registry 12

Change the Available realm definitions to Federated repositories and click Configure Enter the Realm name, the Primary administrative user name and select as the Server user identy Automatically. Automatically is the recommended setting since Websphere Application Server Version 6.1. 13

Click Add Base entry to Realm to add the LDAP as repository. Click Add Repository 14

1. Enter a Repository identifier. 2. Select IBM Directory Server Version 6 as the Directory type 3. Enter the Primary host name 4. Verfiy the login property is set to the correct value (in this case uid) 5. Click Apply 15

Under Additional Properties click Group attribute definition 1. For performance reasons it is recommended to set the Name of the group membership attribute (to ibm-allgroups, if you use Tivoli Directory Server) 2. Select All - Contains all direct, nested, and dynamic members 3. Click Apply 4. Click Member attributes 16

1. Verify that the LDAP member attributes match the LDAP configuration and optional add a new entry (e.g uniquemember with the object class groupofuniquenames, which is the object class we used in our LDAP. Refer to chapter Users and groups used in this scenario). 2. Click OK. 1. Navigate to Secure administration, applications, and infrastructure > Federated repositories > <yourrepository> 2. Click Group attribute definition 17

1. Navigate back to Secure administration, applications, and infrastructure > Federated repositories > Repository reference 2. Enter the DN for the base entry. Click Apply and save. 18

1. Navigate back to Secure administration, applications, and infrastructure > Federated repositories > Repository reference 2. Enter the Distinguished name of a base entry that uniquely identifies this set of entries in the realm 3. Enter the Distinguished name of a base entry in this repository 4. Click Apply and save. What you have actually done here is define a mapping between a LDAP subtree root and a virtual realm root (base) entry, so that all objects from the LDAP under that subtree appear to be in the logical realm under the defined base entry. 19

Navigate to Secure administration, applications, and infrastructure > Federated repositories and click Supported entity types 20

Review the settings to verify that they match your ldap configuration On the Secure administration, applications, and infrastructure page make sure the Available realm definitions is set to Federated repositories and click Set as current. 21

Post Migration Note: If you have written a client that uses Business Process Choreographer APIs without first authenticating the user, you should modify the client to perform a login before using the APIs. After migration, the J2EE roles BPEAPIUser and TaskAPIUser are set to the value Everyone, which maintains backward compatibility by maintaining the 6.0.x behavior of not requiring a login when application security is enabled. After you have fixed your client, you must change these roles to the value AllAuthenticated to prevent unauthenticated users accessing the APIs. For new installations these roles default to the value AllAuthenticated. Refer to http://publib.boulder.ibm.com/infocenter/dmndhelp/v6r1mx/index.jsp? topic=/com.ibm.websphere.wps.612.doc/doc/cmig_vtv_bpc_cons.html 22

Conclusion The running Human Tasks in this scenario still use the LDAP people directory provider, even if Virtual Member Manager has been set as WebSphere Application Server security provider. Note that the specification of a people directory provider is a Business Process Container level setting which is defined as part of the task template. If you want to use Virtual Member Manager as the people directory provider for a task, you have to define Virtual Member Manager as people directory provider on the task template at design time in WebSphere Integration Developer. In addition, Virtual Member Manager (Federated Repositories)has to be set as WebSphere Application Server security provider using the WebSphere Application Server Integrated Solution Console. To verfiy the settings click on People directory provider > LDAP People Directory Provider > People directory configuration > LDAP People Directory Configuration sample > Custom properties 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback