Configure Web Services Atomic Transaction support in a secure environment
If you are using the Web Services Atomic Transaction (WS-AT) support in a secure environment, you might need to change the default WS-AT configuration. For example, you might want to use an alternative port number for WS-AT protocol messages, or you might be interoperating with a non-WebSphere Application Server product that requires client certificate authentication on the Secure Sockets Layer (SSL) connection that is used for protocol messages.
Overview
If your system involves only servers and clients running WAS, the default configuration is usually sufficient. Perform this task if your environment requires you to use an alternative port for WS-AT protocol messages or if you are interoperating with a server product other than WAS that requires specific SSL settings for WS-AT protocol messages. . This task consists of three subtasks:
- Disable WAS protocol security, which is enabled by default. Disabling this function prevents WAS automatically rejecting secure WS-AT protocol messages from non-WebSphere Application Server products.
- Configure a new Web container transport chain for use by WS-AT. When global security is enabled, the transaction service, by default, uses the default secure Web container transport chain: WCInboundDefaultSecure. By configuring a new transport chain you can specify settings that are different from those in the default transport chain, for example you can specify an alternative SSL repertoire.
- Configure the outbound SSL repertoire that is used by the transport chain. This step is required if you are interoperating with a non-WebSphere Application Server product that requires client certificate authentication for protocol messages.
Procedure
- If you are interoperating with a non-WebSphere Application Server product, disable WAS protocol security by performing the following steps.
- In the console, click Servers > Application Servers > server_name[Container Settings] Container Services > Transaction Service
- Clear the Enable protocol security check box.
- Click OK and save your changes to the master configuration.
- If create a new Web container transport chain, for example, because specify SSL settings other than the default, create the chain by performing the following steps.
- Return to the server page by clicking Servers > Application servers > server.
- Under Container Settings click Web Container Settings > Web container transport chains.
- Click New to create a new transport chain.
- Type a name for the transport chain.
- From the transport chain template list, select the WebContainer-Secure template.
- Click Next to select a new port for the chain
- Type a name, host, and port number for the port. The host should match the common name in the certificate that is used.
- Click Next, confirm the settings then click Finish.
- Save your changes to the configuration.
- Create a new SSL repertoire as appropriate and associate it with the SSL channel that is associated with your new chain. You are now ready to configure the transaction service to use the new transport chain.
- Return to the server page by clicking Servers > Application servers > server.
- Under Container Services, select Transaction Service.
- Under Additional Properties, select Custom Properties.
- Click New to create a new custom property.
- Enter WSTX_SECURE_TRANSPORT_CHAIN as the name of the property, and the name of the secure Web container transport chain that you created earlier as the value.
- Click OK and save your changes to the master configuration.
- If the interoperating server requires client certificate authentication for protocol messages, configure the appropriate SSL repertoire for outbound connections, by performing the following steps.
- Return to the server page by clicking Servers > Application servers > server.
- Under Server Infrastructure click Java and Process Management > Process Definition .
- Under Additional Properties click Java Virtual Machine.
- Under Additional Properties click Custom Properties.
- Click New to create a new custom property.
- Type ssl.configName as the name of the property, and the full name of your SSL repertoire as the value. This SSL repertoire is likely to be the one that you created in the previous subtask. The full name of your SSL repertoire is of the form node_name/repertoire_name.
- Click OK and save your changes to the configuration.
- After you have saved all the configuration changes that you require, restart the server for the changes to take effect.
Results
You configured your system to use WS-AT in a secure environment.
Related tasks
Use the transaction service