You can configure IBM Business Automation
Workflow to work
with an external IBM Content
Navigator.
Before you begin
These prerequisites are necessary to configure IBM Business Automation
Workflow with an external IBM Content
Navigator.
- IBM Content
Navigator V3.0.5 must be
installed on WebSphere® Application
Server v8.5 or later. See Installing IBM Content Navigator for instructions.
- You must have installed or upgraded to IBM Content
Navigator V3.0.5.
- The IBM Content
Navigator computer must be
in the same domain as the IBM Business Automation
Workflow
computers.
- If there are multiple nodes for Business Automation Workflow,
you must configure a web server to work with Business Automation Workflow. For more information, see Customizing Business Automation Workflow to work with a web server.
About this task
Always make sure that the Business Automation Workflow
server is available before you start the IBM Content
Navigator environment.Restrictions:
- You cannot reverse this configuration and return to using the IBM Business Automation
Workflow embedded IBM Content
Navigator. After you configure, you must
always use the external IBM Content
Navigator.
- After you run the setExternalNavigator command, the following capabilities
are disabled:
Back up your system configuration and databases before you begin this configuration. This
backup means you can roll back your configuration if needed. See Backing up and restoring administrative configuration files.
Procedure
-
Configure access to a shared user repository, such as a Lightweight Directory Access Protocol
(LDAP) directory. Both IBM Business Automation
Workflow and IBM Content
Navigator must have
access to the same set of users.
-
In the administration console on both systems, select . The Global Security page opens.
-
In the Available realm definitions drop-down list, select one of these
options:
- If IBM Content
Navigator is
configured with a federated repository, select Federated Repositories and
then click Configure. The Federated Repositories page
opens.
- If IBM Content
Navigator is
configured with a stand-alone LDAP, select Standalone LDAP and then click
Configure. The Standalone LDAP page opens.
-
Configure your shared user repository with matching user and group attributes.
-
In any environment, select Require SSL communications for the user
repositories (recommended).
-
Test your LDAP connection. See Configuring Content Platform
Engine application server authentication (LDAP) settings.
-
If the realm names of IBM Business Automation
Workflow and IBM Content
Navigator are
different (for example, because you set different active realm definitions), make certain that in
each cell the realm of the other cell is trusted. From the navigation panel, click . Under RMI/IIOP security, click CSIv2 inbound
communications. Click Trusted authentication realms - inbound.
Select Trust realms as indicated below. Click Add external
realm and add the realm of the remote cell. Click Apply.
-
In the administration console on both systems, select and search for the IBM Business Automation
Workflow user ID that you are going
to define as the IBM Content
Navigator
administrative user. Verify that the user ID is unique and it is in the shared user repository.
-
Configure single sign-on (SSO) security for the external IBM Content
Navigator, including the configuration of the
user registry and trusted realm. Follow the instructions in Configuring single sign-on with LTPA for an external Business Automation Navigator.
-
On both the IBM Business Automation
Workflow and IBM Content
Navigator systems, configure SSL to exchange
SSL certificates in both directions between the servers.
-
In the administration console, select . The SSL certificate and key management page opens.
-
Select the Key stores and certificates link. The Key stores and
certificates page opens.
-
Select NodeDefaultTrustStore (for Base Server) or
CellDefaultTrustStore (if on a Network Deployment cell).
-
Either extract the certificate to a file and copy it to the other system to add, or use the
Retrieve from port button to connect and retrieve the certificate. For
details on retrieving from the port, see Configuring cross-cell security for IBM Workflow Center.
-
Set up a network shared directory between all computers in the IBM Business Automation
Workflow cluster and the IBM Content
Navigator
computer.
The shared directory must be the same on all computers. The computers must have the same
operating system.
- Optional: Containers: To
use an external IBM Business Automation
Navigator running in a container,
follow the instructions in Configuring IBM Business Automation
Workflow with an external IBM Business Automation
Navigator container. Then, return to the next
step.
-
Stop the deployment environment. On the IBM Business Automation
Workflow computer, run the
setExternalNavigator command to configure IBM Business Automation
Workflow to use the external
IBM Content
Navigator.
Change directories to
install_root/profiles/deployment_manager_profile/bin
and run the command.
For example,
wsadmin.bat -connType none -lang jython
AdminTask.setExternalNavigator(['-de', 'ProcessCenter', '-icnURL', 'https://icnhostname:ssl_port/navigator', '-icnAdminUser', 'P8Admin', '-icnAdminPassword', 'IBMFileNetP8'])
AdminConfig.save()
-
Import the IBM Content
Navigator SSL
certificate into the IBM Business Automation
Workflow
Case configuration tool.
-
On the IBM Business Automation
Workflow computer, access
https://icn_host_name:ssl_port/navigator
to obtain the SSL certificate from the IBM Content
Navigator server. See Adding trusted certificates in Liberty.
-
Import the certificate into the IBM Business Automation
Workflow JVM by using the keytool
command.
For example,
/opt/IBM/baw/java/jre/bin/keytool -import -keystore
/opt/IBM/baw/java/jre/lib/security/cacerts -storepass changeit -file
/u/ICN/certificate.crt
-
If you are upgrading from IBM Case
Manager,
return to Upgrading and follow the rest of the steps. If you are
configuring an external Content Platform Engine, return to
Configuring an existing external Content Platform Engine and follow the rest of the steps. Otherwise, start the deployment
environment.
-
With the deployment environment running, run the Business Automation Workflow Case configuration tool to deploy the case
plug-ins onto the IBM Content
Navigator server.
For information about the Case configuration tool, which is located under
Workflow_install_root/CaseManagement/configure/, see the
topic for your environment:
- Restart the deployment environment.