WebSphere WebSphere Application Server Network Deployment, Version 6.0.x Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Configuring the SIBWS to work in a secure service integration bus

Set the minimum security configuration that is required to allow the SIBWS to work in a secure service integration bus.

This topic assumes that you have completed all other steps and prerequisites described in SIBWS - Completing the installation.

When you install WebSphere Application Server , then complete the installation of the SIBWS, by default global security is switched on and every installed service integration bus is secured. In this environment, WebSphere Application Server and the service integration bus require authentication (by user ID and password) for the resource adapter and for every endpoint listener that you have installed.
Note: These steps do not impose any security restrictions on the users of your SIBWS configuration. For information on the many additional steps that you can take to secure how your service integration bus Web services configuration is used by your colleagues or customers, see Securing Web services through service integration technologies.

To set the minimum security configuration that is required to allow the SIBWS to work in a secure service integration bus, complete the following steps:

  1. Start the WebSphere Application Server administrative server.
  2. Start the administrative console.
  3. In the navigation pane, click Service integration > Buses > [Content Pane] bus_name > J2EE Connector Architecture (J2C) authentication data entries.
  4. Create a J2C authentication alias.
  5. Configure authentication for the resource adapter by completing the following steps:
    1. In the administrative console navigation pane, click Resources > Resource adapters > SIB_RA > J2C activation specification > SIBWS_OUTBOUND_MDB.
    2. In the Authentication alias selection list, choose the authentication alias that you created.
    3. Click OK.
  6. Create a new endpoint listener configuration for each endpoint listener application that you have installed.
  7. Optional: Configure endpoint listener authentication.
    Note: If you configure the endpoint listener authentication property as detailed in this step, then messages sent to the bus from the endpoint are always sent under the user ID specified in the property value. If you omit this step, then the message sent to the bus is sent under one of the following user IDs (in order of preference.
    Note: If you configure the endpoint listener authentication property as detailed in this step, then messages sent to the bus from the endpoint are always sent under the user ID specified in the property value. If you omit this step, then the message sent to the bus is sent as the ID of the user already authenticated by WebSphere Application Server (for example, if the inbound request contains WS-Security authentication, or if the endpoint is protected). If you omit this step and no authenticated user ID is found, then the message send will fail with the following error:
    CWSIK0018E: Send access to destination <destination> was denied for user with subject <subject>.

    To configure endpoint listener authentication, complete the following steps for every bus that is connected to an endpoint listener:

    1. In the administrative console navigation pane, click one of the paths shown in the table Paths to this panel.
      Paths to this panel

      Servers > Application servers > [Content Pane] server_name > Endpoint listeners
      Servers > Clusters > [Content Pane] cluster_name > Endpoint listeners

      A list of endpoint listeners is displayed in an endpoint listener collection form.
    2. Click the name of an endpoint listener in the list. The current endpoint listener settings for this endpoint listener are displayed.
    3. Under the additional properties heading, click Connection properties. A list of all the service integration buses that are currently connected to this endpoint listener is displayed in a service integration bus connection properties collection form.
    4. Click the name of a bus in the list. A list of custom properties (name and value pairs) for this bus is displayed. These custom properties define the manner in which the endpoint listener connects to this bus:
      Note: Property name com.ibm.websphere.sib.webservices.replyDestination, defines the reply destination name used by the endpoint listener. Do not modify or remove this property, which is set automatically when the service integration bus is associated with the endpoint listener.
    5. Enter a new custom property. For the property name, type com.ibm.websphere.sib.webservices.EPLAuthAlias. For the property value, type the authentication alias that you created.
  8. Save your changes to the master configuration.
  9. Close the administrative console.
For information about how you can further secure the SIBWS, see Securing Web services through service integration technologies.
Related tasks
Configuring secure transmission of SOAP messages using WS-Security
Working with password-protected components
Invoking outbound services over HTTPS

Task topic

Terms of Use | Feedback

Last updated: 5 Oct 2005
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.pmc.nd.doc\tasks\tjw_security_install.html

© Copyright IBM Corporation 2004, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)