If you use Web Services Atomic Transaction (WS-AT) or Web Services
Business Activity (WS-BA) support when administrative security is enabled,
you might have to change the default transaction service configuration. You
can disable the transaction coordination authorization setting, create a new
Web container transport chain, or do both.
About this task
You
might disable transaction coordination authorization if you want to interoperate
with other servers and you do not want to set up security for the transaction
manager to support the Common Criteria EAL4 evaluated configuration. When
transaction coordination authorization is disabled, WebSphere® Application Server does
not automatically reject secure WS-Transactions protocol messages.
You
might configure a new Web container transport chain for use by WS-Transactions
in the following situations:
- You want to use an alternative port number for WS-AT or WS-BA protocol
messages.
- You want to interoperate with a non-WebSphere Application Server
that requires client certificate authentication on the Secure Sockets Layer
(SSL) connection that is used for protocol messages.
The transaction service, by default, selects a suitable Web container
transport chain from the list of those configured and uses it for protocol
messages. You can configure a new transport chain and specify your own settings.
For example, you can specify an alternative SSL configuration that requires
client certificate authentication, which is then used specifically for WS-Transactions
protocol messages.
Procedure
- Optionally, use the following steps to disable transaction coordination
authorization.
- In the administrative console, click .
- Clear the Enable transaction coordination authorization check
box.
- Click Apply or OK.
- Save your changes to the master configuration.
- Optionally, use the following steps to create a new Web container
transport chain.
- In the administrative console, click .
- Click New to create a new transport chain.
- Type a name for the transport chain.
- From the Transport chain template list, select an appropriate
template.
- Click Next to select a new port for the
chain.
- Type a name, host, and port number for the port. For
a secure chain, the host must match the common name in the certificate that
is used.
- Click Next, confirm the settings, then
click Finish.
- Save your changes to the master configuration.
- If necessary, create a new SSL configuration and associate it
with the SSL channel associated with your new chain. For more information,
see Creating a Secure Sockets Layer configuration. You
are now ready to configure the transaction service to use the new transport
chain.
- Click .
- In the External WS-Transaction HTTP(S) URL prefix section, click Select
prefix, then select the Web container transport chain that you
have just created from the list.
If you are using an intermediary,
such an HTTP proxy, in front of the application server, click Specify
custom prefix, then type the external endpoint URL information
for the intermediary node in the field. For more information, see Enabling WebSphere Application Server to use an intermediary node for Web services transactions.
- Click Apply or OK,
then save your changes to the master configuration.
- After you save all the configuration changes, restart the server
for the changes to take effect.
Results
You configured your system to use WS-AT or WS-BA in a secure environment.