Procedure to download and deploy certificates or JWT from the master domain manager to agents using a user
different from the user which installed the master domain manager.
To define a user different from the user which installed the master domain manager, perform the
following steps:
-
Browse to the authentication_config.xml file located
in:
-
- On UNIX operating systems
- TWA_DATA_DIR/usr/servers/engineServer/configDropins/overrides
- On Windows operating systems
- TWA_home\usr\servers\engineServer\configDropins\overrides
-
Create a backup copy of the file to a different directory and add the new user
and password to the file in the overrides directory.
-
Create a new role for the user, as follows:
composer new srol
SECURITYROLE DOWNLOAD_CERT_SROLE
FILE DISPLAY
END
-
Create a new domain for the user, as follows:
composer new sdom
SECURITYDOMAIN DOWNLOAD_DOMAIN
FILE NAME="AGENT_CERTIFICATE"
END
-
Create a new access control list for the user, as follows:
composer new acl
ACCESSCONTROLLIST FOR DOWNLOAD_DOMAIN
other_user DOWNLOAD_CERT_SROLE
END
where
other_user is the user inserted into
authentication_config.xml.
You can now use the other_user, which has only the DISPLAY
role for file AGENT_CERTIFICATE, to install the agent
and download certificates or JWT, or to run the
AgentCertificateDownload script and download and
deploy certificates or JWT.
You can also perform the same operations from the Dynamic Workload Console, as described
in Managing Workload Security.