Customizing Process Federation Server

You can add custom configuration for Process Federation Server.

About this task

After you install Business Automation Workflow, the <CR_Name>-federated_ps_short-secret-custom secret contains a Process Federation Server configuration file named user.xml. If federated_ps_short_configuration.enable_default_security_roles is set to true in the custom resource (CR) file, you can use the user.xml to configure the user registry and user roles for Process Federation Server.

You can customize the Process Federation Server configuration by using the federated_ps_short_configuration.config_dropins_overrides_secret property in the CR. You must create a secret and set the secret name to federated_ps_short_configuration.config_dropins_overrides_secret. Use the following command to create the secret:
kubectl create secret generic ibm-federated_ps_short-config --from-file=/opt/federated_ps_short/configDropins
where /opt/federated_ps_short/configDropins is the folder that contains the Process Federation Server configuration files.

Procedure

The following example shows how to update the custom configuration roles for Process Federation Server by changing the user.xml file.

  1. Get the content of the user.xml file.
    The file is encoded with base64 in the ibm-federated_ps_short-config secret. Run the following command to get it:
    oc get secret <CR_Name>-federated_ps_short-secret-custom -o yaml
  2. Decode the data in the user.xml file and update the content, then encode the updated content with base64. If you are on a Linux based system, you can decode and encode with the base64 command. For more information, see Base64 Linux man page. If you are on Windows, you can decode and encode with the built-in certutil command. For more information, see Certutil windows command.
  3. Update ibm-federated_ps_short-config to add the new secret.
    Run the following command:
    oc edit secret <CR_Name>-federated_ps_short-secret-custom
    Replace the data in user.xml with the updated base64-encoded content.
    When you save and quit, the content is updated in the Process Federation Server Pod starter-ibm-process-federation-server-0 synchronously.

What to do next

You can add custom configuration for Process Federation Server, like custom user authorizations, custom logging for troubleshooting, and custom logging. When Process Federation Server is installed as part of the CR, the operator defines a default set of authorizations for Process Federation Server users, that you can customize depending on your needs. For more information, see Specifying Process Federation Server user authorizations on Kubernetes. For more information on customizing logging, see Troubleshooting Process Federation Server in a container environment.