+

Search Tips   |   Advanced Search

Configure Web Services Transaction support in a secure environment

If we use Web Services Atomic Transaction (WS-AT) or Web Services Business Activity (WS-BA) support when administrative security is enabled, we might have to change the default transaction service configuration. We can disable the transaction coordination authorization setting, create a new web container transport chain, or do both.

(dist)(zos) We might disable transaction coordination authorization to interoperate with other servers, but we do not want to use the transaction manager in the Common Criteria EAL4 evaluated configuration (the default when administrative security is set). When transaction coordination authorization is disabled, WAS does not automatically reject secure WS-Transactions protocol messages.

(iseries) We might disable transaction coordination authorization to interoperate with other servers and we do not want to set up security for the transaction manager to support the Common Criteria EAL4 evaluated configuration. When transaction coordination authorization is disabled, WAS does not automatically reject secure WS-Transactions protocol messages.

We might configure a new web container transport chain for use by WS-Transactions in the following situations:

The transaction service, by default, selects a suitable web container transport chain from the list of those configured and uses it for protocol messages. We can configure a new transport chain and specify our own settings. For example, we can specify an alternative SSL configuration that requires client certificate authentication, which is then used specifically for WS-Transactions protocol messages.

  1. Optionally, use the following steps to disable transaction coordination authorization.

    1. In the console, click Servers > Server Types > WebSphere application servers > server_name > [Container Settings] Container Services > Transaction Service.

    2. Clear the Enable transaction coordination authorization check box.

    3. Click Apply or OK.

    4. Save the changes to the master configuration.

  2. Optionally, use the following steps to create a new web container transport chain.

    1. In the console, click Servers > Application servers > server_name > [Container Settings] Web Container Settings > Web container transport chains.

    2. Click New to create a new transport chain.

    3. Type a name for the transport chain.

    4. From the Transport chain template list, select an appropriate template.

    5. Click Next to select a new port for the chain.

    6. Type a name, host, and port number for the port. For a secure chain, the host must match the common name in the certificate used.

    7. Click Next, confirm the settings, then click Finish.

    8. Save your changes to the master configuration.

    9. If necessary, create a new SSL configuration and associate it with the SSL channel associated with the new chain. For more information, see Create a Secure Sockets Layer configuration. We are now ready to configure the transaction service to use the new transport chain.

    10. Click Servers > Application servers > server_name > [Container Settings] Container Services > Transaction Service.

    11. In the External WS-Transaction HTTP(S) URL prefix section, click Select prefix, then select the web container transport chain that we have just created from the list.

      For an intermediary, such an HTTP proxy, in front of the application server, click Specify custom prefix, then type the external endpoint URL information for the intermediary node in the field. For more information, see Enable WebSphere Application Server to use an intermediary node for web services transactions.

    12. Click Apply or OK, then save the changes to the master configuration.

  3. After you save all the configuration changes, restart the server for the changes to take effect.


Results

You configured your system to use WS-AT or WS-BA in a secure environment.


Related tasks

  • Use the transaction service
  • Create a Secure Sockets Layer configuration
  • Enable WebSphere Application Server to use an intermediary node for web services transactions

  • Example: Configure IBM HTTP server as an intermediary node for web services transactions

    (dist)(zos) Common Criteria (EAL4) support


    Related information:

    (iseries) Common Criteria portal