Configuring a Silver Fabric Controlled Deployment Manager to Enable Security

The following procedure is used to configure a Silver Fabric-controlled Deployment Manager to enable security.

Important: Enable the All Authenticated option for the performance servlet to ensure that Security role to user/group mapping for PerfServletApp is such that all valid authenticated users in the associated user registry can access resources that are protected by the role associated with the performance servlet application. Refer to your WebSphere Application Server documentation for detailed information about configuring security.

Procedure

  1. Access the administration console of WebSphere Deployment Manager running on an engine, then you can enable and configure various aspects of security through the console's SSL certificate and key management area. Refer to your WebSphere Application Server documentation for detailed information about configuring security.
  2. In the Silver Fabric Administration Tool, select Stacks > Components.
  3. Select Edit Component and enable HTTPS in the HTTP Support feature.
  4. Select Add/override/edit Enabler and Component Specific Runtime Context Variables and configure the following Runtime Context variables as necessary:
    Option Description
    KEY_STORE_TYPE The type of key store, generally PKCS12
    TRUST_STORE_TYPE The type of trust store, generally PKCS12
    SERVER_KEY_ALIAS Alias of the server key in the keystore
    CLIENT_KEY_ALIAS Alias of the client key in the keystore
    SERVER_KEY_STORE_FILE The file name of the server keystore file
    SERVER_TRUST_STORE_FILE The file name of the server truststore file
    SERVER_KEY_STORE_PASSWORD The password for the server keystore
    SERVER_TRUST_STORE_PASSWORD The password for the server truststore
    APP_SECURITY_ENABLED Whether or not to enable application security (true/false)
    JAVA2_SECURITY_ENABLED Whether or not to enable Java 2 security (true/false)
    ACTIVE_AUTH_MECHANISM The auth mechanism to use (KRB5 or LTPA)
    ACTIVE_USER_REGISTRY The user registry to use (LocalOSUserRegistry, CustomUserRegistry, LDAPUserRegistry, or WIMUserRegistry)
    CUPRIMARY_ID For use with CustomUserRegistry
    CUSERVER_ID For use with CustomUserRegistry
    CUSERVER_PASSWORD For use with CustomUserRegistry
    CUSERVER_CLASS For use with CustomUserRegistry
    KEY_STORE_NAME The logical name of the keystore
    TRUST_STORE_NAME The logical name of the truststore
  5. Select Add/override/customize Enabler and Component-specific content files and add the required keystore files with the keystores/relative path.
  6. Select Publish Changes from the Actions list adjacent to your Component after capture successfully finishes. The status column on Engines > Engines indicates if engine is currently capturing a component.

Result

The Deployment Manger will start with security enabled when the deployed component activates on an engine.