Change the the WSRP WS-Security profiles

To change the set of security profiles, for example, add new profiles, delete existing profiles, or modify the descriptor files of existing profiles, you need to first extract the current configuration to a working directory. Later you synchronize updates with the run time configuration. To do this, you use configuration tasks.

Proceed by the following steps.
Note for cluster configurations: If you modify the URI in a clustered environment, complete the steps described here only on the primary node. You do not need to perform the steps on secondary nodes in the cluster.

  1. To extract the security profiles, proceed as follows:

    1. Open a command prompt.

    2. Change to the directory was_profile_root/ConfigEngine.

    3. Run the following command and pass in the path of working directory as a value for the WSRPSecurityProfilesSourceDir parameter:

      • UNIX™: ./ConfigEngine.sh extract-WSRP-Security-Profiles -DWasPassword=foo –DWSRPSecurityProfilesSourceDir=working directory

      • i: ConfigEngine extract-WSRP-Security-Profiles -DWasPassword=foo –DWSRPSecurityProfilesSourceDir=working directory

      After you complete these steps, working directory contains a subfolder for each security profile, and each of these subfolders contains the two files ibm-webservicesclient-bnd.xmi and ibm-webservicesclient-ext.xmi.

  2. Change the security profiles as required:

    • To add a new security profile, add a new folder to the working directory with the files that you generated by using the assembly tool in the previous step.

    • To modify a security profile, edit or replace the necessary binding or extension file.

    • To remove a security profile, delete the respective folder.

  3. After you completed changes in the working directory, proceed as follows to synchronize the security profiles with the run time configuration:

    1. Open a command prompt.

    2. Change to the directory was_profile_root/ConfigEngine.

    3. Run the following command, and pass in the path of the directory from which you want to copy the sample files as the value for the WSRPSecurityProfilesSourceDir parameter:

      • UNIX: ./ConfigEngine.sh sync-WSRP-Security-Profiles -DWasPassword=foo –DWSRPSecurityProfilesSourceDir=working directory

      • i: ConfigEngine sync-WSRP-Security-Profiles -DWasPassword=foo –DWSRPSecurityProfilesSourceDir=working directory

    4. Optional. For cluster environments only: Resynchronize the nodes as follows:

      1. Open the Deployment Manager administrative console.

      2. Click System Administration -> Nodes.

      3. Select the primary node from the list.

      4. Click Full Resynchronize.

      You do not need to restart the server for the changes to become active; however, due to configuration caching, it can take some minutes until the new configuration takes effect.


Parent

Create and deploy custom WS-Security profiles


Previous

Create the client security binding and extension files using an assembly tool

 


+

Search Tips   |   Advanced Search