Webmethods Command Central 9.5 User configuration

Introduction:
Command central is one of the new components from WebMethods 9.0
It helps you monitor and manage your environment in one visual tool.
This compononent is growing with each version.

The way the user management works is a bit different from the other components.
A big part of this is being done using commands or by manually copie files to other location.
 

USER ARCHITECTURE

1.       Local Administrator user in users.txt  will have same password on all environments
2.       This user is used to connect to SPM and its components !
3.       To connect to IS, MWS and other user protected CI, local administrator of that component will be used.
4.       LDAP is used to authorize CCE access trough roles4
 

Configure local Users when Administrator password changes: 

The configuration is done using Command Central(cce) commands:
Set the CC_CLI_HOME environment variable to the following directory:
Software AG_directoryCommandCentralclient

1. Change the command central password by running.

C:SoftwareAGcommonbin>internaluserrepo.bat -f ../conf/users.txt -p manage1 Administrator

2. Update configuration data for all nodes

When this is done, the node will become green on “Installations Tab”

cc update configuration data {destination nodeAlias} OSGI-SPM-ENGINE SIN-INTERNAL-USERS-users.txt -i D:CCE_95commonconfusers.txt

 

Password to be used is password in users.txt at that moment on the Node_ALIAS
this will copy users.txt to the destination alias
OR You can also copy 3 files from CCE_95 to node =
Users.txt
Roles.txt
Groups.txt
When you don’t define a specific node, it will try to apply it to all nodes.
RESTART OF SPM ON DESTINATION SERVER IS NEEDED

3. Create creds.xml

cc get security credentials –format xml –server http://localhost:8090/cce –output d:creds.xml
Change password credentials to current CCE password.
save creds.xml
 
<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes” ?>
<userCredentials>
<userName>Administrator</userName>
<authenticationType>BASIC</authenticationType>
<password>passwordincleartext</password>
</userCredentials>

3.1 Execute the below to fix the communication between CCE and all SPM

When this is done SPM will be green on Instances Tab only
 
cc add security credentials runtimeComponentId=OSGI-SPM -i D:/creds.xml -f xml
D:CCE_95CommandCentralclientbin>cc add security credentials runtimeComponent
Id=OSGI-SPM -i ./creds.xml -f xml
Password:
POST
http://localhost:8090/cce/security/credentials?runtimeComponentId=OSGI-SPM
returned a response status of 200 OK

4. Execute next command to fix the communication between SPM and all other OSGI platform products

When this is done all components using Adminstrator PWS combination will be green (NerV , Web server…)
Other Components like IS and MWS there you need to set the password manually trough WebInterface of CCE
 
cc add security credentials runtimeComponentId=OSGI-* -i D:/creds.xml -f xml
D:CCE_95CommandCentralclientbin>cc add security credentials runtimeComponent
Id=OSGI-* -i ./creds.xml -f xml
Password:
POST http://localhost:8090/cce/security/credentials?runtimeComponentId=OSGI-* re
turned a response status of 200 OK

NOTE:
In 9.5 ALL SPM’s must have the same Administrator password otherwise CCE cannot connect to them.

LDAP Configuration

Copy file from DEV / SYS :
Jaas.conf
Or adjust it:
com.softwareag.security.jaas.login.internal.InternalLoginModule optional
// LDAP config started
                                    com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule optional
                                    url=”ldap://ldapserver:ldapPort
                                    prin=”cn={ldap info},o={ ldap info }
                                    cred=”********”
                                    gidprop=”cn”
                                    uidprop=”cn”
                                    usecaching=”false”
                                    userrootdn=”ou=={ ldap info },o=={ ldap info }
                                    mattr=”uniquemember”
                                    memberinfoingroups=true
                                    grouprootdn=”ou=={ ldap info },o=={ ldap info }
                                    groupobjclass=”groupofnames”
                                    creategroups=true
                                    personobjclass=”person”;
            // LDAP config ended
Copy this file to SPM to keep in mind to change path to local files!
Or you will have some strange effects.
 
 
+ Adapt roles.txt to LDAP:
 
[groups]
group:”Administrators”=superadmin
group:”DEVAdministrator”=superadmin
group:”DEVDeveloper”=readonlyadmin
group:”DEVMonitorAdministrator”=readonlyadmin

blogger

blogger

Curious to know more about this topic?

Working at i8c

i8c is a system integrator that strives for an informal atmosphere between its employees, who have an average age of approx 30 years old. We invest a lot of effort in the professional development of each individual, through a direct connection between the consultants and the management (no multiple layers of middle management). We are based in Kontich, near Antwerp, but our customers are mainly located in the triangle Ghent-Antwerp-Brussels and belong to the top 500 companies in Belgium (Securex, Electrabel, UCB, etc…).

Quality Assurance

i8c is committed to delivering quality services and providing customer satisfaction. That’s why we invested in the introduction of a Quality Management System, which resulted in our ISO9001:2000 certification. This guarantees that we will meet your expectations, as a reliable, efficient and mature partner for your SOA & integration projects.

i8c - ISO9001-2015

Also worth reading

AWS AppFlow: Streamlining SaaS Integrations with AWS Services

In today’s digital world, organizations are constantly looking for ways to streamline their workflows and improve their data management processes. One of the key challenges that organizations face is integrating their various software as a service (SaaS) applications with their data management systems. This is

Read More »

Apigee Scope Validation using OpenAPI Specification

In API security and management, we often use a lot of different security mechanisms to protect the requested resource behind the API Gateway. One of these mechanisms is the validation of scopes to authorize a client on a specific sub-resource of the API. Most of

Read More »