+

Search Tips   |   Advanced Search

Changing the the WSRP WS-Security profiles


To change the set of security profiles, for example, add new profiles, delete existing profiles, or modify the descriptor files of existing profiles, you need to first extract the current configuration to a working directory. Later you synchronize your updates with the run time configuration. To do this, we use configuration tasks. Note for cluster configurations: If you modify the URI in a clustered environment, complete these steps only on the primary node. You do not need to perform the steps on secondary nodes in the cluster.

  1. To extract the security profiles:

    1. Open a command prompt. Under z/OS, open a UNIX System Services (USS) command prompt.

    2. Change to the directory PROFILE_ROOT/ConfigEngine.

    3. Run the following command and pass in the path of your working directory as a value for the WSRPSecurityProfilesSourceDir parameter:

        ./ConfigEngine.sh extract-WSRP-Security-Profiles -DWasPassword=foo–DWSRPSecurityProfilesSourceDir=working directory
      • IBM i: ConfigEngine extract-WSRP-Security-Profiles -DWasPassword=foo–DWSRPSecurityProfilesSourceDir=working directory
      • z/OS: ./ConfigEngine.sh extract-WSRP-Security-Profiles -DWasPassword=foo–DWSRPSecurityProfilesSourceDir=working directory extract-WSRP-Security-Profiles -DWasPassword=foo–DWSRPSecurityProfilesSourceDir=working directory

    After completing these steps, the working directory contains a subfolder for each security profile, and each of these subfolders contains the two files ibm-webservicesclient-bnd.xmi and ibm-webservicesclient-ext.xmi.

  2. Change the security profiles as required:

    • To add a new security profile, add a new folder to the working directory with the file that you generated using the assembly tool in the previous step.

    • To modify a security profile, edit or replace the necessary binding or extension file.

    • To remove a security profile, delete the respective folder.

  3. After completingd the changes in the working directory to synchronize the security profiles with the run time configuration:

    1. Open a command prompt. Under z/OS, open a UNIX System Services (USS) command prompt.

    2. Change to the directory PROFILE_ROOT/ConfigEngine.

    3. Run the following command, and pass in the path of the directory from which to copy the sample files as the value for the WSRPSecurityProfilesSourceDir parameter:

        ./ConfigEngine.sh sync-WSRP-Security-Profiles -DWasPassword=foo–DWSRPSecurityProfilesSourceDir=working directory
      • IBM i: ConfigEngine sync-WSRP-Security-Profiles -DWasPassword=foo–DWSRPSecurityProfilesSourceDir=working directory
      • z/OS: ./ConfigEngine.sh sync-WSRP-Security-Profiles -DWasPassword=foo–DWSRPSecurityProfilesSourceDir=working directory sync-WSRP-Security-Profiles -DWasPassword=foo–DWSRPSecurityProfilesSourceDir=working directory

    4. Optional: For cluster environments only: Resynchronize the nodes as follows:

      1. Open the dmgr console.

      2. Click System Administration > Nodes.

      3. Select the primary node from the list.

      4. Click Full Resynchronize.
    You do not need to restart the server for the changes to become active; however, due to configuration caching, it can take some minutes until the new configuration takes effect.


Parent: Create and deploy custom WS-Security profiles
Previous: Create the client security binding and extension files using an assembly tool