Preparing to configure Application Designer with Business Automation Workflow with toolkit contributions on premise

You can configure your IBM Business Automation Studio installation to integrate with Workflow Center in IBM Business Automation Workflow.

With this integration, you can build applications that call actions that are bound to Workflow Services (process apps) defined in Business Automation Workflow. You can also use Business Automation Workflow capabilities and, for example, start processes in Business Automation Workflow.

Before you begin

You must have successfully installed Business Automation Workflow on premise.

You must be running Business Automation Workflow 19.0.0.3 or later, or 19.0.0.2 with interim fix JR61324.

You must have a Business Automation Workflow server whose hostname can be resolved in containers. The hostname must be included in the Business Automation Workflow server certificate common name or in the alternative names of the certificate. Use the following command to verify that your hostname can be resolved in containers:
oc exec pod_name -- curl https://baw_host:baw_port -k
Note: If you are using IBM HTTP Server with your Business Automation Workflow, your users might encounter a connection error or definition prompt while configuring the Start Process action in nested actions in their business applications. For more information about how they can address this during the nested action configuration, see Creating actions.

About this task

For your business applications to use capabilities in Business Automation Workflow, you must register Business Automation Workflow with Application Engine and IBM Resource Registry.
The procedure includes the following high-level steps:
  • Before you install Business Automation Studio:
    1. To enable Business Automation Studio and Application Engine to communicate with Business Automation Workflow, extract the Business Automation Workflow root CA certificate or proxy root CA certificate.
    2. Add the Business Automation Workflow root CA certificate or proxy root CA certificate to the trusted certificate list for the shared operator custom resource. All the components that are installed with the same custom resource share this list.
  • After you installed Business Automation Studio (for a more detailed description of the following steps, see Optional: Configuring Application Designer with Business Automation Workflow with toolkit contributions on premise):
    1. Make sure that the Business Automation Workflow system uses the same LDAP server as Identity and Access Management (IAM).
    2. To enable Business Automation Workflow to communicate with Business Automation Studio, Application Engine, and Resource Registry, add the shared ICP4A operator root CA certificate to the Business Automation Workflow truststore.
    3. Import the Business Automation Workflow toolkits into Business Automation Studio.
    4. Configure Business Automation Workflow with Resource Registry information.
    5. Verify the integration.
Note: If multiple Business Automation Workflow servers are registered with one Business Automation Studio environment, then a Business Automation Workflow process app should only be deployed to one server. If a process app is deployed to multiple connected servers, it's indeterminate which server your application will invoke when it calls the process app.

Procedure

  1. To enable Business Automation Studio and Application Engine to communicate with Business Automation Workflow, extract the Business Automation Workflow root CA certificate (if you don' t use a proxy) or the proxy root CA certificate (if you do).
    1. To get the Business Automation Workflow certificate, run an OpenSSL command.
      For the root CA certificate, run the following command:
      openssl s_client -showcerts -verify 5 -connect baw_hostname:baw_port -servername baw_hostname
      For the proxy root certificate, run the following command:
      openssl s_client -showcerts -verify 5 -connect proxy_hostname:proxy_port -servername proxy_hostname
      If you didn't customize your Business Automation Workflow root CA, the results look similar to the following output:
      verify depth is 5
      CONNECTED(00000005)
      depth=1 C = US, O = IBM, OU = Dmgr, OU = PCCell1, OU = Root Certificate, CN = <baw_hostname>
      verify error:num=19:self signed certificate in certificate chain
      verify return:1
      depth=1 C = US, O = IBM, OU = Dmgr, OU = PCCell1, OU = Root Certificate, CN = <baw_hostname>
      verify return:1
      depth=0 C = US, O = IBM, OU = Node1, OU = PCCell1Node1, CN = <baw_hostname>
      verify return:1
      ---
      Certificate chain
      0 s:/C=US/O=IBM/OU=Node1/OU=PCCell1Node1/CN=<baw_hostname>
        i:/C=US/O=IBM/OU=Dmgr/OU=PCCell1/OU=Root Certificate/CN=<baw_hostname>
      -----BEGIN CERTIFICATE-----
      MIIDyDCCArCgAwIBAgIGAq4ud30yMA0GCSqGSIb3DQEBCwUAMHYxCzAJBgNVBAYT
      AlVTMQwwCgYDVQQKEwNJQk0xDTALBgNVBAsTBERtZ3IxEDAOBgNVBAsTB1BDQ2Vs
      ...
      -----END CERTIFICATE-----
      1 s:/C=US/O=IBM/OU=Dmgr/OU=PCCell1/OU=Root Certificate/CN=<baw_hostname>
        i:/C=US/O=IBM/OU=Dmgr/OU=PCCell1/OU=Root Certificate/CN=<baw_hostname>
      -----BEGIN CERTIFICATE-----
      MIID8DCCAtigAwIBAgIGAjrOZKp8MA0GCSqGSIb3DQEBCwUAMHYxCzAJBgNVBAYT
      AlVTMQwwCgYDVQQKEwNJQk0xDTALBgNVBAsTBERtZ3IxEDAOBgNVBAsTB1BDQ2Vs
      ...
      -----END CERTIFICATE-----
      ---
      Server certificate
      subject=/C=US/O=IBM/OU=Node1/OU=PCCell1Node1/CN=<baw_hostname>
      issuer=/C=US/O=IBM/OU=Dmgr/OU=PCCell1/OU=Root Certificate/CN=<baw_hostname>
      ...
    2. Find the certificate with the deepest depth. In this case, the deepest depth is 1.
      This certificate is the Business Automation Workflow root CA certificate (if you don' t use a proxy) or the proxy root CA certificate (if you do).
    3. Copy the Business Automation Workflow root CA certificate or the proxy root CA certificate and save it to a file in your local file system.
      Copy the content that begins with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----. In this case, copy and save the following content:
      -----BEGIN CERTIFICATE-----
      MIID8DCCAtigAwIBAgIGAjrOZKp8MA0GCSqGSIb3DQEBCwUAMHYxCzAJBgNVBAYT
      AlVTMQwwCgYDVQQKEwNJQk0xDTALBgNVBAsTBERtZ3IxEDAOBgNVBAsTB1BDQ2Vs
      ...
      -----END CERTIFICATE-----
  2. Add the Business Automation Workflow root CA certificate or proxy root CA certificate to the trusted certificate list for the shared ICP4A operator custom resource. All the components that are installed with the same custom resource share this list.

What to do next

After you've finished this task and prepared for each capability that you want to install, deploy the custom resource (CR) file. See Creating a production deployment.