Configuring the WebSphere application server to work with BMC Atrium SSO server

As an option, you can configure the WebSphere application server to work with the BMC Atrium Single Sign-On (SSO) server. To configure the WebSphere application server to work with the BMC Atrium SSO server, you must have already installed and set up the BMC Atrium SSO server.

Before you begin

If you have already deployed BMC IT Business Management Suite on WebSphere, you must first undeploy the application and then configure the WebSphere application server to work with the BMC Atrium SSO server.

To configure the WebSphere application server to work with the BMC Atrium SSO server

  1. Stop the application server.
  2. Copy the certificate truststore file (cacerts) from the $\<WebSphereHome>\java\jre\lib\security* directory to the *$<WebSphereHome>\bin directory.
  3. Copy the deployment utility webagent.zip file from the Atrium SSO server build to the temporary directory called <WEB_AGENT_DIR>.

  4. Run the following deployer script from the websphere java directory:

    java -jar $<WEB_AGENT_DIR>\deployer.jar --install --container-type WEBSPHEREV7
    --atrium-sso-url https://<FQDN-of-Atrium-SSO-Server>:<port>/atriumsso
    --web-app-url http://<FQDN-of-ITBM-Server>:<port>/itm --container-base-dir
    "<WEBSPHERE_HOME>" --instance-config-directory "<ITBM_APPLICATION_CONFIG_DIR>"
    --server-instance-name "<WEBSPHERE_APPLICATION_SERVER_FOR_ITBM>" --admin-name
    amadmin --admin-pwd password --jvm-truststore
    "<WEBSPHERE_HOME>\java\jre\lib\security\cacerts"
    --jvm-truststore-password changeit --truststore "<WEBSPHERE_HOME>\bin\cacerts"
    --truststore-password changeit

    For example, you can specify the following script:

    java -jar "C:\Program Files\BMC
    Software\ARSystem\midtier\webagent\deployer\deployer.jar"
    --install --container-type WEBSPHEREV7
    --atrium-sso-url https://w8k-itsm-vm16.dsl.bmc.com:8443/atriumsso
    --web-app-url http://w28-itm-vm02.dsl.bmc.com:9080/itm/
    --container-base-dir "C:\Program Files\IBM\WebSphere\AppServer"
    --instance-config-directory "C:\Program Files\IBM\WebSphere\AppServer\profiles
    \AppSrv01\config\cells\w28-itm-vm02Node01Cell\nodes\w28-itm-vm02Node01\servers
    \server1"
    --server-instance-name "    server1" --admin-name amadmin --admin-pwd password
    --jvm-truststore
    "    C:\Program Files\IBM\WebSphere\AppServer\java\jre\lib\security\cacerts"
    --jvm-truststore-password changeit
    --truststore "    C:\Program Files\IBM\WebSphere\AppServer\bin\cacerts"
    --truststore-password changeit

    Note

    When you run the script using the java command, use the WebSphere copy of the java version, not the one from the Oracle JDK.

  5. Start the application server.
  6. In the WebSphere application logon window, specify the User ID as itmadm and Password as itmadmin and press Enter.
  7. In the left navigation pane of the Integrated Solutions console, click Servers > Server Types > WebSphere application servers.
  8. In the WebSphere application servers page, click the server on which you have installed BMC IT Business Management Suite.
  9. In the Application servers > server page, click Java and Process Management in the Server Infrastructure options on the right.
  10. In the Java and Process Management options, click Process definition.
  11. In the Process definition page, click Java Virtual Machine in the Additional Properties options.
  12. In the Java Virtual Machine page, click Custom properties.
  13. To specify a new property, click New.

  14. In the Custom properties > New page, specify the following properties and values for custom repository:

    Name

    Value

    atsso.configuration.dir

    Atrium SSO agents configuration directory. For example, C:\Program Files\IBM\WebSphere\AppServer\atssoAgents

  15. Click OK.
  16. Click Save in the Message box at the top of the screen to commit the changes.
  17. In the left navigation pane of the Integrated Solutions Console, click Security > Global security.
  18. In the Global security page, click the Security Configuration Wizard button.
  19. In the Specify extent of protection page, select Enable application security and click Next.
  20. In the Select user repository page, select the Standalone custom registry option and click Next.

  21. Add the following properties and values for the custom repository:

    Name

    Value

    sso.installed  

     

    true

    cacerts.path

    C:/Program Files/IBM/WebSphere/AppServer/bin/cacerts

    Note

    If your folder path contains spaces, copy cacerts from <Websphere_Home>\bin\cacerts to any temp directory (for example, C:/bmc/).

    cacerts.password

    changeit

    sso.acceptAllServerCertificates

    true

  22. Click Next.
  23. Verify the Summary page, and click Finish.
  24. Click Save in the Message box at the top of the screen to commit the changes.
  25. In the Global security window, click the Available realm definition list and select Standalone custom registry.
  26. Click the Set as current button.
  27. Click the Java Authentication and Authorization Service option.
  28. In Java Authentication and Authorization Service, click System Logins.
  29. In the resources list, select the WEB_INBOUND resource.
  30. In the JAAS login modules table, click the com.itmsoft.security.auth.module.ITBMLoginModule option.

  31. Specify the following custom properties and values:

    Name

    Value

    sso.installed

    true

     

    cacerts.path

    C:/Program Files/IBM/WebSphere/AppServer/bin/cacerts

    Note

    If your folder path contains spaces, copy cacerts from <Websphere_Home>\bin\cacerts to any temp directory (for example, C:/bmc/).

    cacerts.password

    changeit

    sso.acceptAllServerCertificates

    true

  32. Click Apply and OK.
  33. Click Save in the Message box at the top of the screen to commit the changes.

Where to go from here

Deploy BMC IT Business Management Suite on the WebSphere application server.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*