Tuesday, 20 August 2013

IBM BPM - Process Center to Process Server - How is the authentication handled ?

We're currently configuring a newly built Process Center / Process Server environment, and wondered how PC authenticates to PS in order to allow a developer to install a snapshot.

We're using BPM Standard 7.5.1.1.

This is configured, on the Process Server box, in 100Custom.xml as follows: -

    <repository-server-user-auth-alias>BPMRuntimeServer_Auth_Alias</repository-server-user-auth-alias>
    <repository-server-designated-user-auth-alias>BPMAuthor_Auth_Alias</repository-server-designated-user-auth-alias>
    <repository-server-interval>10</repository-server-interval>
    <!-- Force Process Center Server to use https to deploy ProcessApps and Toolkits to Process Servers -->
    <!--
        <deploy-snapshot-using-https>true</deploy-snapshot-using-https>
        -->
    <server-name>ProcessServer</server-name>
    <server-description>A running process server</server-description>
    <server-host>process-server.uk.ibm.com</server-host>
    <server-port>9443</server-port>

The aliases can be seen via the WAS Integrated Solutions Console, under SecurityGlobal security > JAASJ2C authentication data > BPMAuthor_Auth_Alias, as per the example: -


The IBM Information Center covers this in far more detail: -


Optional: Edit the <repository-server-user-auth-alias> and <repository-server-designated-user-auth-alias> property values. The <repository-server-user-auth-alias> value specifies the authentication alias for a user to connect from the process server to the Process Center. The user and password set in this alias must be present in the Process Center.

The <repository-server-designated-user-auth-alias> value specifies the authentication alias for a user to access and deploy snapshots to the runtime process server and access that process server from the Process Inspector, which is located in IBM Process Designer. This authentication alias must be defined in both that process server and the Process Center and the passwords must match.

No comments: