MDM Webservices Security Enablement

Body

MDM –WebServices Security enablement and validating request with backend LDAP on WAS

This document is step by step documentation to setup and turn on Global security for InfoSphere MDM:

1.       MDM server using LDAP on WAS Enabling Global Security for WAS BASE Edition

Log into the WebSphere admin console

http://<hostname>/:<port>/ibm/console/

Enabling Global Security for WAS ND Edition

Log into the WebSphere admin console

http://<hostname>/:<port>/ibm/console/

http://localhost:9061/ibm/console/navigatorCmd.do?forwardName=AdminSecu…

The port number is the port for that specific profile, server1 for that profile needs

to be started in order to access the admin console

2.       Start server and rite click on server, select “Administration”, after that click on “Run administrative console 

3.       This will start administrative console

4.       Click on Security tab and then click on the global security 

5.       In WAS7.x Click on Security tab in the left hand and then select Global Security under it, at rite hand side click on “Enable administrative security” By default all three security options are selected, deselect the two other options then “Enable administrative security”

6.        IN WAS6.x, Click on the “Security -> Secure administration, applications, and infrastructure” then at the rite hand side click on “Standalone the LDAP registry”

7.       Select Advanced Lightweight Directory Access Protocol (LDAP) user registry settings under the additional properties options group

8.        Configuration of the LDAP details by filling in the required details we can get these from the administrators

9.       Save the configuration by clicking on Save

10.    Configure the contents taking input from the Administrators as per your client setup

11.    Save the configurations by clicking on the save button

12.    Once details are filled first check the connection by clicking on the test connection

13.    Save the configurations by clicking on the save button

14.    If the connection is tested and it is successful we can enable the security but make sure to uncheck the ‘Use java 2 security’ we don’t need this in our configuration

15.    Save the configurations.

16.    Save changes to master configuration. Restart the server. This will enable the global security in your WAS and it will start expecting the user authorization data name/password

17.    The next step is to create the WAS security enabled MDM ear.

By default the security is enabled in the MDM ear, in case it is disabled we can ENABLE it by following the below step

On the RAD console click on ctrl+R this will open window listing all the files containing *.xmi. This will also have file having enable and disabled contents. To enable the security just copy the content in file .xmi_SecurityEnabled and paste it inside the file .xmi file.

18.    Once the security is enabled MDM.ear can be published to test our connection with proper user id and password from SOAP UI

19.    The next step is to make our SOAP request changes to accept authentication data (username/password). I am using the tool SOAPUI which can be downloaded from http://www.soapui.org/.

20.    Download the SOAPUI, and install it.

21.    Start SOAPUI  and select the option “New Soap UI Project” after clicking on File option

22.    Now select the appropriate WSDL, depending on service, for example party related services I have select PartyService.wsdl at “C:\workspace\PartyWSEJB\ejbModule\META-INF\wsdl\PartyService.wsdl”

23.    Open appropriate service and in SOAP UI and select Aut tab at the bottom of the request :

24.    This will pop up a window where we can enter the details as configured for your LDAP user details and password

25.    Rite click on the SOAP request and select “Add WSS Username Token” this will pop up a window where select the “password text option“ this will generate the soap header with security information in it.

26.    Fill in the remaining fields in it, it will generate the SOAP request as mentioned below.

<soapenv:Envelope xmlns:port="http://www.ibm.com/xmlns/prod/websphere/wcc/party/port&quot; xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"&gt;

   <soapenv:Header>

      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-sece…; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-util…;

         <wsse:UsernameToken wsu:Id="UsernameToken-1">

            <wsse:Username>db2admin</wsse:Username>

            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-…;

            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-se…;

            <wsu:Created>2012-04-15T05:40:42.187Z</wsu:Created>

         </wsse:UsernameToken>

      </wsse:Security>

   </soapenv:Header>

   <soapenv:Body>

      <port:GetPerson>

         <control>

            <requestId>100</requestId>

            <requesterName>Santosh</requesterName>

            <requesterLanguage>100</requesterLanguage>

         </control>

         <partyId>2342342</partyId>

         <inquiryLevel>4</inquiryLevel>

      </port:GetPerson>

   </soapenv:Body>

</soapenv:Envelope>

27.     Test the service with SOAP authentication containing data.