Introduction:
Command
central is one of the new components from WebMethods 9.0
It helps you monitor and manage your environment in one visual tool.
This compononent is growing with each version.
This compononent is growing with each version.
The way the user management works is a bit different from the other components.
A big part of this is being done using commands or by manually copie files to other location.
USER ARCHITECTURE
1.
Local Administrator user in users.txt will
have same password on all environments
2.
This user is used to connect to SPM and its
components !
3.
To connect to IS, MWS and other user protected CI,
local administrator of that component will be used.
4.
LDAP is used to authorize CCE access trough roles4
Configure local Users when Administrator password changes:
The configuration is
done using Command Central(cce) commands:
Set the CC_CLI_HOME environment variable to the following directory:
Set the CC_CLI_HOME environment variable to the following directory:
Software
AG_directory\CommandCentral\client
1. Change the command central password by running.
C:\SoftwareAG\common\bin>internaluserrepo.bat
-f ../conf/users.txt -p manage1 Administrator
2. Update configuration data for all nodes
When this is done, the node will become green on “Installations
Tab”
cc update
configuration data {destination nodeAlias} OSGI-SPM-ENGINE
SIN-INTERNAL-USERS-users.txt -i D:\CCE_95\common\conf\users.txt
Password to be used is password in users.txt at
that moment on the Node_ALIAS
this will copy users.txt to the destination alias
OR You can also copy 3 files from CCE_95 to
node =
Users.txt
Roles.txt
Groups.txt
When you don’t define a specific node, it will try
to apply it to all nodes.
RESTART OF SPM ON DESTINATION SERVER IS
NEEDED
3. Create creds.xml
Change password credentials to current CCE
password.
save creds.xml
<?xml version="1.0"
encoding="UTF-8" standalone="yes" ?>
-
<userCredentials>
<userName>Administrator</userName>
<authenticationType>BASIC</authenticationType>
<password>passwordincleartext</password>
</userCredentials>
3.1 Execute the below to fix the communication between CCE and all SPM
When this is done SPM will be green on Instances
Tab only
cc add security credentials runtimeComponentId=OSGI-SPM
-i D:/creds.xml -f xml
D:\CCE_95\CommandCentral\client\bin>cc add
security credentials runtimeComponent
Id=OSGI-SPM -i ./creds.xml -f xml
Password:
POST http://localhost:8090/cce/security/credentials?runtimeComponentId=OSGI-SPM
returned a response status of 200 OK
Id=OSGI-SPM -i ./creds.xml -f xml
Password:
POST http://localhost:8090/cce/security/credentials?runtimeComponentId=OSGI-SPM
returned a response status of 200 OK
4. Execute next command to fix the communication between SPM and all other OSGI platform products
When this is done all components using Adminstrator
PWS combination will be green (NerV , Web server…)
Other Components like IS and MWS there you need to
set the password manually trough WebInterface of CCE
cc add security credentials
runtimeComponentId=OSGI-* -i D:/creds.xml -f xml
D:\CCE_95\CommandCentral\client\bin>cc add
security credentials runtimeComponent
Id=OSGI-* -i ./creds.xml -f xml
Password:
POST http://localhost:8090/cce/security/credentials?runtimeComponentId=OSGI-* re
turned a response status of 200 OK
Id=OSGI-* -i ./creds.xml -f xml
Password:
POST http://localhost:8090/cce/security/credentials?runtimeComponentId=OSGI-* re
turned a response status of 200 OK
NOTE:
In 9.5 ALL SPM's must have the same Administrator password otherwise CCE cannot connect to them.
LDAP Configuration
Copy file from DEV / SYS :
Jaas.conf
Or adjust it:
com.softwareag.security.jaas.login.internal.InternalLoginModule
optional
// LDAP config started
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule optional
url="ldap://ldapserver:ldapPort"
prin="cn={ldap info},o={ ldap info }"
cred="********"
gidprop="cn"
uidprop="cn"
usecaching="false"
userrootdn="ou=={ ldap info },o=={ ldap info }"
mattr="uniquemember"
memberinfoingroups=true
grouprootdn="ou=={ ldap info },o=={ ldap info }"
groupobjclass="groupofnames"
creategroups=true
personobjclass="person";
// LDAP config ended
Copy this file to SPM to keep in mind to change
path to local files!
Or you will have some strange effects.
+ Adapt roles.txt to LDAP:
[groups]
group:"Administrators"=superadmin
group:"DEVAdministrator"=superadmin
group:"DEVDeveloper"=readonlyadmin
group:"DEVMonitorAdministrator"=readonlyadmin
No comments:
Post a Comment