IBM BPM, V8.0.1, All platforms > Install IBM BPM > IBM BPM Advanced for z/OS: Process Server > Configure IBM BPM Advanced for z/OS: Process Server > Completing the ND configuration
ConsolidateJAASAuthAliases.py script
ConsolidateJAASAuthAliases.py is a wsadmin script used to consolidate the JAAS authentication aliases, which are used for database access. These aliases are defined by the augmentation process or are defined when a deployment environment is created.
Introduction
When the IBM BPM for z/OS server accesses a secure database subsystem, one of the security mechanisms available to it involves the use of JAAS authentication aliases. A JAAS authentication alias specifies a user identifier and password that are provided when the database subsystem requests authentication credentials. The augmentation process or the generation of a deployment environment defines a set of JAAS authentication aliases that are associated with the various data sources and service integration buses for use when they access the database.
A fully configured IBM BPM system consists of the following resources and JAAS authentication aliases:
| Data source | JAAS authentication alias |
|---|---|
| ESBLoggerMediationDataSource | WPSDB_Auth_Alias, WPSDB_Auth_Alias_XAR |
| WPS data source | WPSDB_Auth_Alias, WPSDB_Auth_Alias_XAR |
| WPS data source_CF | WPSDB_Auth_Alias, WPSDB_Auth_Alias_XAR |
| Process Server data source | processdblogon, processdblogon_XAR |
| Process Server data source_CF | processdblogon, processdblogon_XAR |
| Process Server ME data source | PROCSVRME_Auth_Alias, PROCSVRME_Auth_Alias_XAR |
| Process Server ME data source_CF | PROCSVRME_Auth_Alias, PROCSVRME_Auth_Alias_XAR |
| Performance Data Warehouse data source | performancedblogon, performancedblogon_XAR |
| Performance Data Warehouse data source_CF | performancedblogon, performancedblogon_XAR |
| Performance Data Warehouse ME data source | PERFDWME_Auth_Alias, PERFDWME_Auth_Alias_XAR |
| Performance Data Warehouse ME data source_CF | PERFDWME_Auth_Alias, PERFDWME_Auth_Alias_XAR |
| Business Space data source | BSPACE_Auth_Alias, BSPACE_Auth_Alias_XAR |
| Business Space data source_CF | BSPACE_Auth_Alias, BSPACE_Auth_Alias_XA |
| CEI ME data source | CEIME_<deployment environment>.AppTarget_Auth_Alias, CEIME_<deployment environment>.AppTarget_Auth_Alias_XAR |
| CEI ME data source_CF | CEIME_<deployment environment>.AppTarget_Auth_Alias, CEIME_<deployment environment>.AppTarget_Auth_Alias_XAR |
| SCA System Bus ME data source | SCASYSME00_Auth_Alias, SCASYSME00_Auth_Alias_XAR |
| SCA System Bus ME data source_CF | SCASYSME00_Auth_Alias, SCASYSME00_Auth_Alias_XAR |
| SCA Application Bus ME data source | SCAAPPME00_Auth_Alias, SCAAPPME00_Auth_Alias_XAR |
| SCA Application Bus ME data source_CF | SCAAPPME00_Auth_Alias, SCAAPPME00_Auth_Alias_XAR |
| BPCDataSource | BPCDB_<deployment environment>.AppTarget_Auth_Alias, BPCDB_<deployment environment>.AppTarget_Auth_Alias_XAR |
| BPCDataSource_CF | BPCDB_<deployment environment>.AppTarget_Auth_Alias, BPCDB_<deployment environment>.AppTarget_Auth_Alias_XAR |
| Business Process Choreographer ME data source | BPCME_00_Auth_Alias, BPCME_00_Auth_Alias_XAR |
| Business Process Choreographer ME data source_CF | BPCME_00_Auth_Alias, BPCME_00_Auth_Alias_XAR |
| BPCRFDataSource | OBSVRDB_<deployment environment>.AppTarget_Auth_Alias, OBSVRDB_<deployment environment>.AppTarget_Auth_Alias_XAR |
| BPCRFDataSource_CF | OBSVRDB_<deployment environment>.AppTarget_Auth_Alias, OBSVRDB_<deployment environment>.AppTarget_Auth_Alias_XAR |
| Service integration bus | JAAS authentication alias |
|---|---|
| <qualifier>BPC.<cell>.Bus | BPCME_00_Auth_Alias |
| <qualifier>CEI.<cell>.Bus | CEIME_<deployment environment>.AppTarget_Auth_Alias |
| <qualifier>SCA.APPLICATION.<cell>.Bus | SCAAPPME00_Auth_Alias |
| <qualifier>SCA.SYSTEM.<cell>.Bus | SCASYSME00_Auth_Alias |
| <qualifier>PROCSVR.<cell>.Bus | PROCSVRME_Auth_Alias |
| <qualifier>PERFDW.<cell>.Bus | PERFDWME_Auth_Alias |
On z/OS all the various data repositories are usually defined to access the same z/OS database subsystem; for example, DB2 for z/OS. In addition, authentication to this common database subsystem is carried out using the same user identifier and password. It would not be uncommon for many, if not all, of the JAAS authentication aliases to be defined with the same user identifier and password.
Having a number of JAAS authentication aliases defined with the same user identifier and password parameters presents a number of concerns:
- The password for database access will not normally expire, but if it needs to be changed for some reason, it needs to be changed in all the JAAS authentication aliases.
- The administrative console panel for working with JAAS authentication aliases is more cluttered, which reduces usability.
- The names of the JAAS authentication aliases might not conform to local naming conventions.
Purpose
Optionally, you can run the ConsolidateJAASAuthAliases.py script to address these issues. The script is invoked by the WebSphere wsadmin utility to perform the following actions:
- Consolidate the various JAAS authentication aliases listed in Table 1 and Table 2 into a single entry.
- Reassign all the resources that referenced the original aliases so that they use the new alias.
- Delete the original aliases.
The result is a single JAAS authentication alias used to authenticate database access for all the resources created by the IBM BPM for z/OS configuration process.
ConsolidateJAASAuthAliases script
The wsadmin Jython script can be used to consolidate the various JAAS authentication aliases created by IBM BPM configuration into a single entry.
By default, the location of the script is /usr/lpp/zWebSphere/V8R0/zOS-config/samples.
Invocation of the script
The script is provided as an argument to the WebSphere wsadmin tool. You can provide six mandatory parameters and one optional parameter to the script. The following code shows the syntax for the wsadmin Jython script (split over several lines to improve clarity):
/AppServerRoot/bin/wsadmin.sh -host host_name -port host_port -f ConsolidateJAASAuthAliases.py JAAS_authentication_alias_name user_ID password [scan mode]
Parameters
- -host host_name
- The host address of the target server, or of the dmgr for an ND cell.
- -port host_port
- The SOAP port number of the target server.
- -f ConsolidateJAASAuthAliases.py
- If the script is not located in the current directory, you must include the path in which the script is stored.
- JAAS_authentication_alias_name
- The name of the new JAAS authentication alias to be created. This can be any name, but it is good practice to choose a descriptive name; for example, BPMDBAccess.
- user_ID
- The user identifier to be provided for authentication to the database subsystem.
- password
- The password to be provided for authentication to the database subsystem.
If WebSphere security is enabled (the default), the user_ID and password parameters are required to run the wsadmin script in connected mode. Alternatively, you can shut down the server and then run wsadmin -conntype none (without any host, port, user, or password settings).
- [scan mode]
- An optional parameter. If this parameter is missing (that is, only two parameters are provided to the script) any changes made by the script are committed when the script completes processing. If any string is provided as a seventh parameter, the script reports all the changes that it would make, but they are rolled back when the script completes processing. Scan mode can be useful for assessing the scope of the changes that the script will effect.
The script provides a report of all the actions it has taken.
Script processing
Processing of the script consists of the following steps:
- A new JAAS authentication alias is created, based on the parameters provided to the script.
- All the JAAS authentication aliases of interest are identified.
The script searches through the list of all aliases looking for alias
names that match the following patterns:
- Starts with "BPCDB_"
- Starts with "BPCME_"
- Is equal to "BSPACE_Auth_Alias"
- Starts with "CEIME_"
- Starts with "OBSVRDB_"
- Starts with "PERFDWME_"
- Starts with "PROCSVRME_"
- Starts with "SCAAPPME"
- Starts with "SCASYSME"
- Is equal to "WPSDB_Auth_Alias"
- Starts with "performancedblogon"
- Starts with "processdblogon"
- For each identified alias, all occurrences of it are replaced with the new alias in JDBC data source definitions.
- For each identified alias, all occurrences of it are replaced with the new alias in SIBus messaging engine data store definitions.
- All of the identified aliases are removed from the WebSphere configuration.
If no third parameter is supplied to the script, the changes are committed. If any string is provided as a third parameter, the changes are backed out, although the script still reports the changes that it would have made.
Sample output
The following output shows a sample execution of the script:
/WebSphere/V8T5DM/DeploymentManager/bin/wsadmin.sh -user wsadmin -password admn4was -host winabcd0.company.ibm.com -port 20502 -f ConsolidateJAASAuthAliases.py DB2zOSAlias wsadmin admn4was >sysout.txt
WASX7209I: Connected to process "dmgr" on node T5NodeDmgrMVP0 using SOAP connector; The type of process is: DeploymentManager
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[DB2zOSAlias, wsadmin, gadzooks]"
ConsolidateJAASAuthAliases: Starting
Created JAAS alias: DB2zOSAlias
Replacing alias reference in data source: ESBLoggerMediationDataSource
WPSDB_Auth_Alias => DB2zOSAlias
Replacing alias reference in data source: WPS data source
WPSDB_Auth_Alias => DB2zOSAlias
Replacing alias reference in CMP connection factory: WPS data source_CF
Component-managed WPSDB_Auth_Alias
Removing alias: WPSDB_Auth_Alias
Replacing XA recovery alias reference in data source: ESBLoggerMediationDataSource
WPSDB_Auth_Alias_XAR => DB2zOSAlias
Replacing XA recovery alias reference in data source: WPS data source
WPSDB_Auth_Alias_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: WPS data source_CF
WPSDB_Auth_Alias_XAR => DB2zOSAlias
Removing alias: WPSDB_Auth_Alias_XAR
Replacing alias reference in data source: Process Server data source
processdblogon => DB2zOSAlias
Replacing alias reference in data source: Process Server data source
processdblogon => DB2zOSAlias
Replacing alias reference in CMP connection factory: Process Server data source_CF
Component-managed processdblogon
Replacing alias reference in CMP connection factory: Process Server data source_CF
Component-managed processdblogon
Removing alias: processdblogon
Replacing XA recovery alias reference in data source: Process Server data source
processdblogon_XAR => DB2zOSAlias
Replacing XA recovery alias reference in data source: Process Server data source
processdblogon_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: Process Server data source_CF
processdblogon_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: Process Server data source_CF
processdblogon_XAR => DB2zOSAlias
Removing alias: processdblogon_XAR
Replacing alias reference in data source: Process Server ME data source
PROCSVRME_Auth_Alias => DB2zOSAlias
Replacing alias reference in SIBus data store of ME: T5DepEnv.AppTarget.000-PROCSVR.T5Cell.Bus
PROCSVRME_Auth_Alias => DB2zOSAlias
Replacing alias reference in CMP connection factory: Process Server ME data source_CF
Component-managed PROCSVRME_Auth_Alias
Removing alias: PROCSVRME_Auth_Alias
Replacing XA recovery alias reference in data source: Process Server ME data source
PROCSVRME_Auth_Alias_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: Process Server ME data source_CF
PROCSVRME_Auth_Alias_XAR => DB2zOSAlias
Removing alias: PROCSVRME_Auth_Alias_XAR
Replacing alias reference in data source: Performance Data Warehouse data source
performancedblogon => DB2zOSAlias
Replacing alias reference in data source: Performance Data Warehouse data source
performancedblogon => DB2zOSAlias
Replacing alias reference in data source: Performance Data Warehouse data source
performancedblogon => DB2zOSAlias
Replacing alias reference in CMP connection factory: Performance Data Warehouse data source_CF
Component-managed performancedblogon
Replacing alias reference in CMP connection factory: Performance Data Warehouse data source_CF
Component-managed performancedblogon
Replacing alias reference in CMP connection factory: Performance Data Warehouse data source_CF
Component-managed performancedblogon
Removing alias: performancedblogon
Replacing XA recovery alias reference in data source: Performance Data Warehouse data source
performancedblogon_XAR => DB2zOSAlias
Replacing XA recovery alias reference in data source: Performance Data Warehouse data source
performancedblogon_XAR => DB2zOSAlias
Replacing XA recovery alias reference in data source: Performance Data Warehouse data source
performancedblogon_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: Performance Data Warehouse data source_CF
performancedblogon_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: Performance Data Warehouse data source_CF
performancedblogon_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: Performance Data Warehouse data source_CF
performancedblogon_XAR => DB2zOSAlias
Removing alias: performancedblogon_XAR
Replacing alias reference in data source: Performance Data Warehouse ME data source
PERFDWME_Auth_Alias => DB2zOSAlias
Replacing alias reference in SIBus data store of ME: T5DepEnv.AppTarget.000-PERFDW.T5Cell.Bus
PERFDWME_Auth_Alias => DB2zOSAlias
Replacing alias reference in CMP connection factory: Performance Data Warehouse ME data source_CF
Component-managed PERFDWME_Auth_Alias
Removing alias: PERFDWME_Auth_Alias
Replacing XA recovery alias reference in data source: Performance Data Warehouse ME data source
PERFDWME_Auth_Alias_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: Performance Data Warehouse ME data source_CF
PERFDWME_Auth_Alias_XAR => DB2zOSAlias
Removing alias: PERFDWME_Auth_Alias_XAR
Replacing alias reference in data source: Business Space data source
BSPACE_Auth_Alias => DB2zOSAlias
Replacing alias reference in CMP connection factory: Business Space data source_CF
Component-managed BSPACE_Auth_Alias
Removing alias: BSPACE_Auth_Alias
Replacing XA recovery alias reference in data source: Business Space data source
BSPACE_Auth_Alias_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: Business Space data source_CF
BSPACE_Auth_Alias_XAR => DB2zOSAlias
Removing alias: BSPACE_Auth_Alias_XAR
Replacing alias reference in data source: CEI ME data source
CEIME_T5DepEnv.AppTarget_Auth_Alias => DB2zOSAlias
Replacing alias reference in SIBus data store of ME: T5DepEnv.AppTarget.000-CEI.T5Cell.Bus
CEIME_T5DepEnv.AppTarget_Auth_Alias => DB2zOSAlias
Replacing alias reference in CMP connection factory: CEI ME data source_CF
Component-managed CEIME_T5DepEnv.AppTarget_Auth_Alias
Removing alias: CEIME_T5DepEnv.AppTarget_Auth_Alias
Replacing XA recovery alias reference in data source: CEI ME data source
CEIME_T5DepEnv.AppTarget_Auth_Alias_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: CEI ME data source_CF
CEIME_T5DepEnv.AppTarget_Auth_Alias_XAR => DB2zOSAlias
Removing alias: CEIME_T5DepEnv.AppTarget_Auth_Alias_XAR
Replacing alias reference in data source: SCA System Bus ME data source
SCASYSME00_Auth_Alias => DB2zOSAlias
Replacing alias reference in SIBus data store of ME: T5DepEnv.AppTarget.000-SCA.SYSTEM.T5Cell.Bus
SCASYSME00_Auth_Alias => DB2zOSAlias
Replacing alias reference in CMP connection factory: SCA System Bus ME data source_CF
Component-managed SCASYSME00_Auth_Alias
Removing alias: SCASYSME00_Auth_Alias
Replacing XA recovery alias reference in data source: SCA System Bus ME data source
SCASYSME00_Auth_Alias_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: SCA System Bus ME data source_CF
SCASYSME00_Auth_Alias_XAR => DB2zOSAlias
Removing alias: SCASYSME00_Auth_Alias_XAR
Replacing alias reference in data source: SCA Application Bus ME data source
SCAAPPME00_Auth_Alias => DB2zOSAlias
Replacing alias reference in SIBus data store of ME: T5DepEnv.AppTarget.000-SCA.APPLICATION.T5Cell.Bus
SCAAPPME00_Auth_Alias => DB2zOSAlias
Replacing alias reference in CMP connection factory: SCA Application Bus ME data source_CF
Component-managed SCAAPPME00_Auth_Alias
Removing alias: SCAAPPME00_Auth_Alias
Replacing XA recovery alias reference in data source: SCA Application Bus ME data source
SCAAPPME00_Auth_Alias_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: SCA Application Bus ME data source_CF
SCAAPPME00_Auth_Alias_XAR => DB2zOSAlias
Removing alias: SCAAPPME00_Auth_Alias_XAR
Replacing alias reference in data source: BPCDataSource
BPCDB_T5DepEnv.AppTarget_Auth_Alias => DB2zOSAlias
Replacing alias reference in CMP connection factory: BPCDataSource_CF
Component-managed BPCDB_T5DepEnv.AppTarget_Auth_Alias
Removing alias: BPCDB_T5DepEnv.AppTarget_Auth_Alias
Replacing XA recovery alias reference in data source: BPCDataSource
BPCDB_T5DepEnv.AppTarget_Auth_Alias_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: BPCDataSource_CF
BPCDB_T5DepEnv.AppTarget_Auth_Alias_XAR => DB2zOSAlias
Removing alias: BPCDB_T5DepEnv.AppTarget_Auth_Alias_XAR
Replacing alias reference in data source: Business Process Choreographer ME data source
BPCME_00_Auth_Alias => DB2zOSAlias
Replacing alias reference in SIBus data store of ME: T5DepEnv.AppTarget.000-BPC.T5Cell.Bus
BPCME_00_Auth_Alias => DB2zOSAlias
Replacing alias reference in CMP connection factory: Business Process Choreographer ME data source_CF
Component-managed BPCME_00_Auth_Alias
Removing alias: BPCME_00_Auth_Alias
Replacing XA recovery alias reference in data source: Business Process Choreographer ME data source
BPCME_00_Auth_Alias_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: Business Process Choreographer ME data source_CF
BPCME_00_Auth_Alias_XAR => DB2zOSAlias
Removing alias: BPCME_00_Auth_Alias_XAR
Replacing alias reference in data source: BPCRFDataSource
OBSVRDB_T5DepEnv.AppTarget_Auth_Alias => DB2zOSAlias
Replacing alias reference in CMP connection factory: BPCRFDataSource_CF
Component-managed OBSVRDB_T5DepEnv.AppTarget_Auth_Alias
Removing alias: OBSVRDB_T5DepEnv.AppTarget_Auth_Alias
Replacing XA recovery alias reference in data source: BPCRFDataSource
OBSVRDB_T5DepEnv.AppTarget_Auth_Alias_XAR => DB2zOSAlias
Replacing XA recovery alias reference in CMP connection factory: BPCRFDataSource_CF
OBSVRDB_T5DepEnv.AppTarget_Auth_Alias_XAR => DB2zOSAlias
Removing alias: OBSVRDB_T5DepEnv.AppTarget_Auth_Alias_XAR
Saving configuration
ConsolidateJAASAuthAliases: Completed
If the third scan mode parameter is provided, the Saving configuration message is replaced by the Running in scan mode, no updates committed message.
For example:
./wsadmin.sh -host winmvsp1 -port 20502
-f /u/healdr/Jython/ConsolidateJAASAuthAliases.py DB2Alias wsadmin admn4was y
/WebSphere/V8T5DM/DeploymentManager/bin:>./wsadmin.sh -host winmvsp 1 -port 20502
-f /u/healdr/Jython/ConsolidateJAASAuthAliases.py DB2Alias wsadmin gadzooks y
WASX7209I: Connected to process "dmgr" on node T5NodeDmgrMVP1 using SOAP connector;
The type of process is: DeploymentManager
WASX7303I: The following options are passed to the scripting environment and are available as
arguments that are stored in the argv variable: "[DB2Alias, wsadmin, gadzooks, y]"
ConsolidateJAASAuthAliases: Starting
Created JAAS alias: DB2Alias
...
Removing alias: BSPACE_Auth_Alias
Running in scan mode, no updates committed
ConsolidateJAASAuthAliases: Completed
References
The following references provide more information about wsadmin and Jython scripting:
-
WebSphere Application Server Information Center
- WebSphere z/OS – WSADMIN Scripting Primer
(with Jython)
- Use Jython Scripting Language With WSADMIN
- Introduction to Jython Part 1: Java™ programming made easier
- Introduction to Jython Part 2: Programming essentials