Configure Web Services Atomic Transaction support in a secure environment

 

Configure Web Services Atomic Transaction support in a secure environment

 

+

Search Tips   |   Advanced Search

 

If you are using the Web Services Atomic Transaction (WS-AT) support in a secure environment, you might need to change the default WS-AT configuration. For example, you might want to use an alternative port number for WS-AT protocol messages, or you might be interoperating with a non-WebSphere Application Server product that requires client certificate authentication on the Secure Sockets Layer (SSL) connection that is used for protocol messages.

 

About this task

If your system involves only servers and clients that are running WebSphere Application Server, the default configuration is usually sufficient. Perform this task if your environment requires you to use an alternative port for WS-AT protocol messages or if you are interoperating with a server product other than WAS that requires specific SSL settings for WS-AT protocol messages. .

This task consists of three subtasks:

  1. Disable WAS protocol security, which is enabled by default. Disabling this function prevents WebSphere Application Server automatically rejecting secure WS-AT protocol messages from non-WebSphere Application Server products.

  2. Configure a new Web container transport chain for use by WS-AT. When global security is enabled, the transaction service, by default, uses the default secure Web container transport chain: WCInboundDefaultSecure. By configuring a new transport chain we can specify settings that are different from those in the default transport chain, for example we can specify an alternative SSL repertoire.

  3. Configure the outbound SSL repertoire that is used by the transport chain. This step is required if you are interoperating with a non-WebSphere Application Server product that requires client certificate authentication for protocol messages.

 

Procedure

  1. If you are interoperating with a non-WebSphere Application Server product, disable WAS protocol security by performing the following steps.

    1. In the administrative console, click...

      Servers | Application servers | server_name | [Additional Properties] Custom Properties | New

    2. On the settings page, type DISABLE_PROTOCOL_SECURITY in the Name field and TRUE in the Value field.

    3. Click OK and save your changes to the master configuration.

  2. If we need to create a new Web container transport chain, for example, because we need to specify SSL settings other than the default, create the chain by performing the following steps.

    1. Return to the server page by clicking...

      Servers | Application servers | server_name | [Container Settings] Web Container Settings | Web container transport chains | New

    2. Type a name for the transport chain.

    3. From the transport chain template list, select the WebContainer-Secure template.

    4. Click Next to select a new port for the chain

    5. Type a name, host, and port number for the port. The host should match the common name in the certificate that is used.

    6. Click Next, confirm the settings then click Finish.

    7. Save your changes to the configuration.

    8. Create a new SSL repertoire as appropriate and associate it with the SSL channel that is associated with your new chain. You are now ready to configure the transaction service to use the new transport chain.

    9. Return to the server page by clicking...

      Servers | Application servers | server_name

    10. Under Container Services, select...

      Transaction Service | [Additional Properties] Custom Properties | New

    11. Enter WSTX_SECURE_TRANSPORT_CHAIN as the name of the property, and the name of the secure Web container transport chain that you created earlier as the value.

    12. Click OK and save your changes to the master configuration.

  3. If the interoperating server requires client certificate authentication for protocol messages, configure the appropriate SSL repertoire for outbound connections, by performing the following steps.

    1. Return to the server page by clicking...

      Servers | Application servers | server_name

    2. Under Server Infrastructure click...

      Java and Process Management | Process Definition | [Additional Properties] Java Virtual Machine | [Additional Properties] Custom Properties | New

    3. Type ssl.configName as the name of the property, and the full name of your SSL repertoire as the value. This SSL repertoire is likely to be the one that you created in the previous subtask. The full name of your SSL repertoire is of the form node_name/repertoire_name.

    4. Click OK and save your changes to the configuration.

  4. After you have saved all the configuration changes that you require, restart the server for the changes to take effect.

 

Results

You configured your system to use WS-AT in a secure environment.

Related tasks

Using the transaction service