Integrating BMC ITBM and WebSphere application server

As an option, you can configure the IBM WebSphere application server to work with the BMC Atrium Single Sign-On server. To configure the WebSphere application server to work with the BMC Atrium Single Sign-On server, you must have already installed and set up the BMC Atrium Single Sign-On server.

Before you begin

• If you have already deployed BMC IT Business Management Suite on WebSphere, you must first undeploy the application and then configure the WebSphere application server to work with the BMC Atrium Single Sign-On server.
• If you want to use the latest features of BMC Atrium Single Sign-On, you must upgrade to the 9.0 web agents libraries on your existing BMC product servers.You do not need to reintegrate your products with BMC Atrium Single Sign-On. Contact the respective BMC product administrator for upgrading agent libraries.

To configure the WebSphere application server to work with the BMC Atrium Single Sign-On server

1. Stop the application server.
2. Copy the certificate truststore file (cacerts) from the <WebSphereHome>\java\jre\lib\security directory to the <WebSphereHome>\bin directory.
3. Copy the deployment utility webagent.zip file from the BMC Atrium Single Sign-On server build to the temporary directory called <WEB_AGENT_DIR>

4. Run the following deployer script from the websphere java directory:

   Note

   The supported containers are WebSphere v6, WebSphere v7, WebSphere v8. WebSphere v7 is used as an example in the following script.

   java -jar $<WEB_AGENT_DIR>\deployer.jar --install --container-type WEBSPHEREV7
   --atrium-sso-url https://<FQDN-of-Atrium-SSO-Server>:<port>/atriumsso
   --web-app-url http://<FQDN-of-ITBM-Server>:<port>/itm --container-base-dir
   "<WEBSPHERE_HOME>" --instance-config-directory "<ITBM_APPLICATION_CONFIG_DIR>"
   --server-instance-name "<WEBSPHERE_APPLICATION_SERVER_FOR_ITBM>" --admin-name
   amadmin --admin-pwd password --jvm-truststore
   "<WEBSPHERE_HOME>\java\jre\lib\security\cacerts"
   --jvm-truststore-password changeit --truststore "<WEBSPHERE_HOME>\bin\cacerts"
   --truststore-password changeit

   
   For example, you can specify the following script:

   java -jar "C:\Program Files\BMC
   Software\ARSystem\midtier\webagent\deployer\deployer.jar"
   --install --container-type WEBSPHEREV7
   --atrium-sso-url https://w8k-itsm-vm16.dsl.bmc.com:8443/atriumsso
   --web-app-url http://w28-itm-vm02.dsl.bmc.com:9080/itm/
   --container-base-dir "C:\Program Files\IBM\WebSphere\AppServer"
   --instance-config-directory "C:\Program Files\IBM\WebSphere\AppServer\profiles
   \AppSrv01\config\cells\w28-itm-vm02Node01Cell\nodes\w28-itm-vm02Node01\servers
   \server1"
   --server-instance-name "server1" --admin-name amadmin --admin-pwd password
   --jvm-truststore
   "C:\Program Files\IBM\WebSphere\AppServer\java\jre\lib\security\cacerts"
   --jvm-truststore-password changeit
   --truststore "C:\Program Files\IBM\WebSphere\AppServer\bin\cacerts"
   --truststore-password changeit

   Note

   When you run the script using the java command, use the WebSphere copy of the java version, not the one from the Oracle JDK.

5. Start the application server.
6. In the WebSphere application logon window, specify the User ID as itmadm and Password as itmadmin and press Enter.
7. In the left navigation pane of the Integrated Solutions console, click Servers > Server Types > WebSphere application servers.
8. In the WebSphere application servers page, click the server on which you have installed BMC IT Business Management Suite.
9. In the Application servers > server page, click Java and Process Management in the Server Infrastructure options on the right.
10. In the Java and Process Management options, click Process definition.
11. In the Process definition page, click Java Virtual Machine in the Additional Properties options.
12. In the Java Virtual Machine page, click Custom properties.
13. To specify a new property, click New.

14. In the Custom properties > New page, specify the following properties and values for custom repository:

    Name	Value
    atsso.configuration.dir	Atrium SSO agents configuration directory. For example, C:\Program Files\IBM\WebSphere\AppServer\atssoAgents

15. Click OK.
16. Click Save in the Message box at the top of the screen to commit the changes.
17. In the left navigation pane of the Integrated Solutions Console, click Security > Global security.
18. In the Global security page, click the Security Configuration Wizard button.
19. In the Specify extent of protection page, select Enable application security and click Next.
20. In the Select user repository page, select the Standalone custom registry option and click Next.

21. Add the following properties and values for the custom repository:

    Name	Value
    sso.installed true cacerts	C:/Program Files/IBM/WebSphere/AppServer/bin/cacerts Note: If your folder path contains spaces, copy cacerts from <Websphere_Home>\bin\cacerts to any temp directory (for example, C:/bmc/).
    cacerts.password	changeit
    sso.acceptAllServerCertificates	true

22. Click Next.
23. Verify the Summary page, and click Finish.
24. Click Save in the Message box at the top of the screen to commit the changes.
25. In the Global security window, click the Available realm definition list and select Standalone custom registry.
26. Click the Set as current button.
27. Click the Java Authentication and Authorization Service option.
28. In Java Authentication and Authorization Service, click System Logins.
29. In the resources list, select the WEB_INBOUND resource.
30. In the JAAS login modules table, click the com.itmsoft.security.auth.module.ITBMLoginModule option.

31. Specify the following custom properties and values:

    Name	Value
    sso.installed true cacerts.path	C:/Program Files/IBM/WebSphere/AppServer/bin/cacerts Note: If your folder path contains spaces, copy cacerts from <Websphere_Home>\bin\cacerts to any temp directory (for example, C:/bmc/).
    cacerts.password	changeit
    sso.acceptAllServerCertificates	true

32. Click Apply and OK.
33. Click Save in the Message box at the top of the screen to commit the changes.
34. Log out and restart the WebSphere server before deploying the BMC IT Business Management Suite.
35. Deploy BMC IT Business Management Suite on the WebSphere application server.