Downloading certificates or JWT using a different user

Procedure to download and deploy certificates or JWT from the master domain manager to agents using a user different from the user which installed the master domain manager.

To define a user different from the user which installed the master domain manager, perform the following steps:

  1. Browse to the authentication_config.xml file located in:
    On UNIX operating systems
    TWA_DATA_DIR/usr/servers/engineServer/configDropins/overrides
    On Windows operating systems
    TWA_home\usr\servers\engineServer\configDropins\overrides
  2. Create a backup copy of the file to a different directory and add the new user and password to the file in the overrides directory.
  3. Create a new role for the user, as follows:
    composer new srol
    SECURITYROLE DOWNLOAD_CERT_SROLE
    FILE DISPLAY
    END
  4. Create a new domain for the user, as follows:
    composer new sdom
    SECURITYDOMAIN DOWNLOAD_DOMAIN
    FILE NAME="AGENT_CERTIFICATE"
    END
  5. Create a new access control list for the user, as follows:
    composer new acl
    ACCESSCONTROLLIST FOR DOWNLOAD_DOMAIN
    other_user DOWNLOAD_CERT_SROLE
    END
    where other_user is the user inserted into authentication_config.xml.

    You can now use the other_user, which has only the DISPLAY role for file AGENT_CERTIFICATE, to install the agent and download certificates or JWT, or to run the AgentCertificateDownload script and download and deploy certificates or JWT.

    You can also perform the same operations from the Dynamic Workload Console, as described in Managing Workload Security.