+

Search Tips   |   Advanced Search


Change the the WSRP WS-Security profiles

To change the set of security profiles, for example, add new profiles, delete existing profiles, or modify the descriptor files of existing profiles, first extract the current configuration to a working directory. Later you synchronize your updates with the run time configuration. To do this, you use configuration tasks. Proceed by the following steps.Note for cluster configurations: If you modify the URI in a clustered environment, complete the steps described here only on the primary node. You do not need to perform the steps on secondary nodes in the cluster.

  1. To extract the security profiles...

    1. Open a command prompt.

    2. Change to the directory PROFILE_HOME/ConfigEngine.

    3. Run the following command and pass in the path of your working directory as a value for the WSRPSecurityProfilesSourceDir parameter:

        UNIX: ./ConfigEngine.sh extract-WSRP-Security-Profiles -DWasPassword=password –DWSRPSecurityProfilesSourceDir=working directory

      • i5/OS: ConfigEngine extract-WSRP-Security-Profiles -DWasPassword=password –DWSRPSecurityProfilesSourceDir=working directory

        Windows: ConfigEngine.bat extract-WSRP-Security-Profiles -DWasPassword=password –DWSRPSecurityProfilesSourceDir=working directory

    After you complete these steps, your working directory contains a subfolder for each security profile, and each of these subfolders contains the two files ibm-webservicesclient-bnd.xmi and ibm-webservicesclient-ext.xmi.

  2. Change the security profiles as required:

    • To add a new security profile, add a new folder to the working directory with the files that you generated by using the assembly tool in the previous step.

    • To modify a security profile, edit or replace the necessary binding or extension file.

    • To remove a security profile, delete the respective folder.

  3. After you completed your changes in the working directory, proceed as follows to synchronize the security profiles with the run time configuration:

    1. Open a command prompt.

    2. Change to the directory PROFILE_HOME/ConfigEngine.

    3. Run the following command, and pass in the path of the directory from which you want to copy the sample files as the value for the WSRPSecurityProfilesSourceDir parameter:

        UNIX: ./ConfigEngine.sh sync-WSRP-Security-Profiles -DWasPassword=password –DWSRPSecurityProfilesSourceDir=working directory

      • i5/OS: ConfigEngine sync-WSRP-Security-Profiles -DWasPassword=password –DWSRPSecurityProfilesSourceDir=working directory

        Windows: ConfigEngine.bat sync-WSRP-Security-Profiles -DWasPassword=password –DWSRPSecurityProfilesSourceDir=working directory

    4. Optional: For cluster environments only: Resynchronize the nodes as follows:

      1. Open the Deployment Manager administrative console.

      2. Click System Administration > Nodes.

      3. Select the primary node from the list.

      4. Click Full Resynchronize.

    You do not need to restart the server for the changes to become active; however, due to configuration caching, it can take some minutes until the new configuration takes effect.


Parent topic:

Creating and deploying custom WS-Security profiles


Previous topic:

Creating the client security binding and extension files using an assembly tool