Use this task to secure an existing service integration
bus by using the global security domain.
Before you begin
- Review the information in Service integration security planning.
- The bus you want to secure must exist in the administrative console.
If you want to create a new bus, see Adding a secured bus.
- If administrative security is not enabled for the cell that hosts
the bus, the wizard prompts you to enable it. You need to know the
type of user repository, and the administrative security username
and password.
- If the service bus contains a bus member at
WebSphere® Application Server Version 6, the wizard prompts you
to select an existing authentication alias, or specify a new one.
If you want to specify a new authentication alias, you must provide
a username and password.
- Ensure that there are no indoubt transactions on the messaging
engine because incomplete transactions cannot be recovered after the
bus is secured. For more information, see Resolving indoubt transactions.
- Stop all servers on which the SIB Service enabled. This ensures
that the bus security configuration is applied consistently when the
servers are restarted. For more information, see Stopping an application server.
About this task
Use this task if you want to secure a bus that exists already
in the administrative console, and you want to use the default global
security domain. For example, a bus that has a bus member at
WebSphere Application Server Version 6. A mixed-version bus cannot
use non-global security domains.
This task uses an administrative
console wizard to guide you through the steps to secure a bus. The
following steps are conditional, depending on the bus environment:
- If administrative security is not enabled for the cell that hosts
the bus, the wizard prompts you to enable administrative security.
- If the bus has a bus member at
WebSphere Application Server Version 6, the wizard prompts you
for an authentication alias to establish trust between bus members,
and to enable the bus to operate securely.
Use the administrative console to secure a selected bus
by using the global security domain as follows:
Procedure
-
In the navigation pane, click
.
The general properties for the selected bus are displayed.
-
Click Configure Bus Security to
start the Bus Security Configuration wizard.
-
Read the Introduction panel, and click Next.
The next step is conditional, depending on whether administrative
security is enabled or disabled:
- If administrative security is disabled, complete all the following
steps.
- If administrative security is already enabled, continue from
step 7.
-
Select the appropriate user repository, and click Next.
-
Depending on the type of user registry you selected, do
one of the following:
- For a federated repository, specify a username and password
for administrative security, and click Next.
- For all other types of repository, follow the wizard prompts,
and click Next.
-
Review the summary of your choices:
-
If you want to make changes, click Previous to
return to an earlier panel, and make the changes you require.
-
Click Finish when you are ready
to confirm your choices.
Administrative security for the cell is now enabled.
-
If you do not want clients to use SSL protected transports,
clear the check box Require clients use SSL protected transports .
By default, clients are required to use SSL protected transports
to ensure data confidentiality and integrity.
-
Select the global security domain option, and click Next.
-
If at least one bus member is at Version 6, you must specify an authentication
alias. Specify either an existing authentication alias, or create
a new one:
- Select Specify existing authentication alias,
and select the alias name from the drop-down list.
- Select Create a new authentication alias,
type a unique alias name and password.
-
Review the summary of your choices:
- Optional:
If you want
to make changes, click Previous to return to
an earlier panel, and make the changes you require.
-
Click Finish to confirm your
choices.
-
Save your changes to the master configuration.
Results
You have secured the bus using the global security domain.
The new security settings for the bus are displayed in the updated Bus
Security Settings panel. The bus is secured after you restart
all the servers that are members of the bus, or (for a bus that has
bootstrap members) servers for which the SIB service is enabled.