If you are using the Web Services Atomic Transaction
(WS-AT) support in a secure environment, you might need to change
the default transaction service configuration. For example, you might
want to use an alternative port number for WS-AT protocol messages,
you might be interoperating with a non-WebSphere Application Server
product that requires client certificate authentication on the Secure
Sockets Layer (SSL) connection that is used for protocol messages,
or you might not need to use WebSphere Application Server in a Common
Criteria EAL4 evaluated configuration.
About this task
This task consists of the following subtasks. Perform
one or more of the subtasks depending upon your requirements:
- Disable WebSphere Application Server protocol security, which
is enabled by default. Perform this subtask if you want to interoperate
transactionally with other servers when the server is not in a Common
Criteria EAL4 evaluated configuration.
Configure a new Web container transport
chain for use by WS-AT. When global security is enabled, the transaction
service, by default, uses the default secure Web container transport
chain: WCInboundDefaultSecure. By configuring a new transport chain
you can specify settings that are different from those in the default
transport chain, for example you can specify an alternative SSL repertoire
requiring client certificate authentication.
Configure the outbound SSL repertoire
that is used by the transport chain. Perform this subtask when the
WS-AT or partner system has SSL endpoints.
Procedure
Disable WebSphere Application Server
protocol security.
- In the administrative console, click > server_name.
- Under Container Settings, expand Container
Services and select Transaction Service.
- Under Additional Properties click Custom
Properties.
- On the Custom Properties page, click New to
create a new custom property.
- On the settings page, type DISABLE_PROTOCOL_SECURITY in
the Name field and TRUE in
the Value field.
- Click OK and save your changes
to the master configuration.
- Create a new Web container
transport chain for WS-AT.
- In the administrative console, click > server_name.
- Under Container Settings click .
- Click New to create a new transport
chain.
- Type a name for the transport chain.
- From the transport chain template list, select the WebContainer-Secure template.
- Click Next to select a new port
for the chain
- Type a name, host, and port number for the port.
The host should match the common name in the certificate that
is used.
- Click Next.
- Confirm the settings, then click Finish.
- Save your changes to the configuration.
- Create a new SSL repertoire as appropriate and associate
it with the SSL channel that is associated with your new chain.
You are now ready to configure the transaction service
to use the new transport chain.
- Return to the server page by clicking > server_name.
- Under Container Services, select Transaction
Service.
- Under Additional Properties,
select Custom Properties.
- Click New to create a new custom
property.
- Enter WSTX_SECURE_TRANSPORT_CHAIN as
the name of the property, and the name of the secure Web container
transport chain that you created earlier as the value.
- Click OK and save your changes
to the master configuration.
- After you have saved all the configuration changes that
you require, restart the server for the changes to take effect.
Results
You configured your system to use
WS-AT in a secure environment.