WAS v8.5 > Secure applications > Secure Service integration > Secure service integration > Secure buses

Secure an existing bus using the global security domain

Use this task to secure an existing service integration bus using the global security domain.

• Review the information in Service integration security planning.
• The bus to secure must exist in the dmgr console. To create a new bus, see Add a secured bus.

• If administrative security is not enabled for the cell that hosts the bus, the wizard prompts you to enable it. You need to know the type of user repository, and the administrative security username and password.

• If the service bus contains a bus member at WebSphere Application Server v6, the wizard prompts you to select an existing authentication alias, or specify a new one. To specify a new authentication alias, you must provide a username and password.
• Ensure there are no indoubt transactions on the messaging engine because incomplete transactions cannot be recovered after the bus is secured. For more information, see Resolve indoubt transactions.
• Stop all servers on which the SIB Service enabled. This ensures the bus security configuration is applied consistently when the servers are restarted. For more information, see Stop an application server.

Use this task to secure a bus that exists already in the dmgr console, and to use the default global security domain. For example, a bus that has a bus member at WAS v6. A mixed-version bus cannot use non-global security domains.

This task uses an dmgr console wizard to guide you through the steps to secure a bus. The following steps are conditional, depending on the bus environment:

• If administrative security is not enabled for the cell that hosts the bus, the wizard prompts you to enable administrative security.

• If the bus has a bus member at WAS v6, the wizard prompts you for an authentication alias to establish trust between bus members, and to enable the bus to operate securely.

Use the dmgr console to secure a selected bus using the global security domain as follows:

1. In the navigation pane, click Service integration -> Buses -> security_value. The general properties for the selected bus are displayed.

2. Click Configure Bus Security to start the Bus Security Configuration wizard.
3. Read the Introduction panel, and click Next. The next step is conditional, depending on whether administrative security is enabled or disabled:

   • If administrative security is disabled, complete all the following steps.

   • If administrative security is already enabled, continue from step 7.

4. Select the appropriate user repository, and click Next.
5. Depending on the type of user registry you selected, do one of the following:

   • For a federated repository, specify a username and password for administrative security, and click Next.

   • For all other types of repository, follow the wizard prompts, and click Next.

6. Review the summary of your choices:

   1. Optional: To make changes, click Previous to return to an earlier panel, and make the changes you require.

   2. Click Finish when we are ready to confirm your choices.

   Administrative security for the cell is now enabled.

7. If we do not want clients to use SSL protected transports, clear the check box Require clients use SSL protected transports . By default, clients are required to use SSL protected transports to ensure data confidentiality and integrity.

8. Select the global security domain option, and click Next.

9. If at least one bus member is at v6, specify an authentication alias. Specify either an existing authentication alias, or create a new one:

   • Select Specify existing authentication alias, and select the alias name from the drop-down list.

   • Select Create a new authentication alias, type a unique alias name and password.

10. Review the summary of your choices:

    1. Optional: To make changes, click Previous to return to an earlier panel, and make the changes you require.

    2. Click Finish to confirm your choices.

11. Save your changes to the master configuration.
    

Results

You have secured the bus using the global security domain. The new security settings for the bus are displayed in the updated Bus Security Settings panel. The bus is secured after you restart all the servers that are members of the bus, or (for a bus that has bootstrap members) servers for which the SIB service is enabled.

• Restart the servers. Start an application server provides more information.
• Groups of users in the user repository require explicit authority to access the bus. For more information, see Administer authorization permissions.

Related concepts:

Messaging security and multiple security domains

Related

Secure an existing bus using multiple security domains
Configure bus security using an dmgr console panel
Configure the bus to access secured mediations
Configure a bus to run mediations in a multiple security domain environment

Related information:

Add a secured bus
Migrating an existing secure bus to multiple domain security

+

Search Tips   |   Advanced Search