Creating a secure environment
Security of IBM®
Business Process Manager Enterprise Service Bus depends on securing the runtime
environment and securing applications.
Application security is turned on by default in IBM Business Process Manager and cannot be turned off.
IBM Business Process Manager security is based on the WebSphere® Application Server version 8.5 security. For detailed information, see the documentation for WebSphere Application Server Network Deployment.
- Configuring the user registry
To use an external security provider, you must add the provider to the federated repository. Several types of repositories are supported, including the local operating system registry, a standalone Lightweight Directory Access Protocol (LDAP) registry, a standalone custom registry, and federated repositories. - Configuring multiple deployment environments
You can isolate multiple deployment environments within a single cell in your IBM Business Process Manager configuration. - Configuring IBM BPM endpoints to match your topology
If the user's browser requests pass through a web server or load-balancing server before the request reaches the IBM BPM server, you must configure the virtual host information that is used by IBM BPM to generate URLs. - Configuring third-party authentication products
To use a third-party authentication product, you must customize various configuration settings. - Security configuration properties
Use the WebSphere command-line administration tool (wsadmin) AdminConfig commands to access and modify IBM Business Process Manager security properties as configuration objects. - Configuring Secure Sockets Layer (SSL) for IBM Business Process Manager
You can enable Secure Sockets Layer (SSL) communication for IBM Business Process Manager. This process enables secure https communication between the Process Center and the Process Server. - Enabling a NIST SP800-131a compliant environment
You can configure IBM Business Process Manager to support the National Institute of Standards and Technology (NIST) SP800-131a security standard. SP800-131a requires longer key lengths and stronger cryptography than other standards, such as FIPS 140-2. SP800-131a requires Transport Layer Security (TLS) V1.2. - Configuring cross-cell security for IBM Process Center
Before registering a Process Center with another Process Center in different cell, you must complete security configuration. Once the security configuration between the cells is completed, a Process Center in one cell can register a Process Center in another cell with HTTPS protocol over Secure Sockets Layer (SSL). - Configuring administrative and application security
The first step in securing your IBM Business Process Manager environment and your applications is to make sure that administrative security is enabled. - Setting up security for the Business Space component and Heritage Process Portal
If you are using Heritage Process Portal with your environment, you must consider security options for the Business Space component. If you want to turn on security, set up application security and designate a user repository. To define administrators, assign a Business Space superuser role. - Security in human tasks and BPEL processes
There are a number of roles associated with human tasks and BPEL processes. These roles are unique to tasks and processes that run in Business Process Choreographer. - Securing access to timetables in the Business Calendars widget
The Security Roles widget provides you with the ability to secure access to individual timetables in the Business Calendars widget. You use the Security Roles widget to assign roles to the members of an organization. It is these roles that determine the level of access to the timetables. - Security-hardening properties
IBM Business Process Manager provides configuration settings at the deployment environment level to harden security that mitigates web application threats, including cross-site request forgery (CSRF), network sniffing, clickjacking, and uploading malicious documents.