Friday, July 11, 2014

Webmethods Command Central 9.5 User configuration



Introduction:
Command central is one of the new components from WebMethods 9.0
It helps you monitor and manage your environment in one visual tool.
This compononent is growing with each version.

The way the user management works is a bit different from the other components.
A big part of this is being done using commands or by manually copie files to other location.

USER ARCHITECTURE

1.       Local Administrator user in users.txt  will have same password on all environments
2.       This user is used to connect to SPM and its components !
3.       To connect to IS, MWS and other user protected CI, local administrator of that component will be used.
4.       LDAP is used to authorize CCE access trough roles4
 

Configure local Users when Administrator password changes: 

The configuration is done using Command Central(cce) commands:
Set the CC_CLI_HOME environment variable to the following directory:
Software AG_directory\CommandCentral\client

1. Change the command central password by running.

C:\SoftwareAG\common\bin>internaluserrepo.bat -f ../conf/users.txt -p manage1 Administrator

2. Update configuration data for all nodes

When this is done, the node will become green on “Installations Tab”
cc update configuration data {destination nodeAlias} OSGI-SPM-ENGINE SIN-INTERNAL-USERS-users.txt -i D:\CCE_95\common\conf\users.txt

Password to be used is password in users.txt at that moment on the Node_ALIAS
this will copy users.txt to the destination alias
OR You can also copy 3 files from CCE_95 to node =
Users.txt
Roles.txt
Groups.txt
When you don’t define a specific node, it will try to apply it to all nodes.
RESTART OF SPM ON DESTINATION SERVER IS NEEDED

3. Create creds.xml

cc get security credentials --format xml --server http://localhost:8090/cce --output d:\creds.xml
Change password credentials to current CCE password.
save creds.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- <userCredentials>
<userName>Administrator</userName>
<authenticationType>BASIC</authenticationType>
<password>passwordincleartext</password>
</userCredentials>

3.1 Execute the below to fix the communication between CCE and all SPM

When this is done SPM will be green on Instances Tab only

cc add security credentials runtimeComponentId=OSGI-SPM -i D:/creds.xml -f xml
D:\CCE_95\CommandCentral\client\bin>cc add security credentials runtimeComponent
Id=OSGI-SPM -i ./creds.xml -f xml
Password:
POST
http://localhost:8090/cce/security/credentials?runtimeComponentId=OSGI-SPM
returned a response status of 200 OK

4. Execute next command to fix the communication between SPM and all other OSGI platform products

When this is done all components using Adminstrator PWS combination will be green (NerV , Web server…)
Other Components like IS and MWS there you need to set the password manually trough WebInterface of CCE

cc add security credentials runtimeComponentId=OSGI-* -i D:/creds.xml -f xml
D:\CCE_95\CommandCentral\client\bin>cc add security credentials runtimeComponent
Id=OSGI-* -i ./creds.xml -f xml
Password:
POST http://localhost:8090/cce/security/credentials?runtimeComponentId=OSGI-* re
turned a response status of 200 OK


NOTE:
In 9.5 ALL SPM's must have the same Administrator password otherwise CCE cannot connect to them.

LDAP Configuration

Copy file from DEV / SYS :
Jaas.conf
Or adjust it:
com.softwareag.security.jaas.login.internal.InternalLoginModule optional
// LDAP config started
                                    com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule optional
                                    url="ldap://ldapserver:ldapPort"
                                    prin="cn={ldap info},o={ ldap info }"
                                    cred="********"
                                    gidprop="cn"
                                    uidprop="cn"
                                    usecaching="false"
                                    userrootdn="ou=={ ldap info },o=={ ldap info }"
                                    mattr="uniquemember"
                                    memberinfoingroups=true
                                    grouprootdn="ou=={ ldap info },o=={ ldap info }"
                                    groupobjclass="groupofnames"
                                    creategroups=true
                                    personobjclass="person";
            // LDAP config ended
Copy this file to SPM to keep in mind to change path to local files!
Or you will have some strange effects.


+ Adapt roles.txt to LDAP:

[groups]
group:"Administrators"=superadmin
group:"DEVAdministrator"=superadmin
group:"DEVDeveloper"=readonlyadmin
group:"DEVMonitorAdministrator"=readonlyadmin

No comments:

Post a Comment