Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
187 views12 pages

Securing Connections To Web User Interface in ACE

Uploaded by

Kumar

The document discusses securing the web user interface in IBM App Connect Enterprise (ACE) by enabling HTTPS. It provides steps to configure HTTPS using the command line or the node.conf.yaml configuration file. The steps include pointing to a .p12 certificate, enabling SSL password protection, and setting the certificate password in the database. Once HTTPS is enabled, the web user interface URL can be accessed securely over HTTPS.

Copyright:

© All Rights Reserved
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt

Securing Connections To Web User Interface in ACE

Uploaded by

Kumar
187 views12 pages
The document discusses securing the web user interface in IBM App Connect Enterprise (ACE) by enabling HTTPS. It provides steps to configure HTTPS using the command line or the node.conf.yaml configuration file. The steps include pointing to a .p12 certificate, enabling SSL password protection, and setting the certificate password in the database. Once HTTPS is enabled, the web user interface URL can be accessed securely over HTTPS.

Original Title

Securing connections to web user interface in ACE

Copyright

© © All Rights Reserved

Available Formats

DOCX, PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

The document discusses securing the web user interface in IBM App Connect Enterprise (ACE) by enabling HTTPS. It provides steps to configure HTTPS using the command line or the node.conf.yaml configuration file. The steps include pointing to a .p12 certificate, enabling SSL password protection, and setting the certificate password in the database. Once HTTPS is enabled, the web user interface URL can be accessed securely over HTTPS.

Copyright:

© All Rights Reserved
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
187 views12 pages

Securing Connections To Web User Interface in ACE

Uploaded by

Kumar
The document discusses securing the web user interface in IBM App Connect Enterprise (ACE) by enabling HTTPS. It provides steps to configure HTTPS using the command line or the node.conf.yaml configuration file. The steps include pointing to a .p12 certificate, enabling SSL password protection, and setting the certificate password in the database. Once HTTPS is enabled, the web user interface URL can be accessed securely over HTTPS.

Copyright:

© All Rights Reserved
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1/ 12

ACE web user interface configuration

Creating username and password for Web User Interface for


Integration Node in IBM App Connect Enterprise[ACE] using
command line or using node.conf.yaml file [FILE BASED]

This blog explains step by step process of creating username and password for ACE
web user interface. These steps will be slightly different from the earlier version of
ACE i.e. IIB because of the introduction of node level config files.

For this blog, I will be creating an Integration Node[earlier was known as Broker]
by name ACE_IN01 which has an Integration Server[earlier was known as
Execution Group] DEV_IS_01.

The below steps are executed in Windows environment so please make sure you
change the absolute/relative paths if you are working on Linux or any other
environment.

Also I have not tied MQ to Integration Node. The below steps are executed without
MQ linked to Integration Node.

The blog does not cover user and groups creations as well. It is assumed that the
required users/groups are already available

====================================================

Optional Steps [Can be skipped if you already have Integration Node and
Integration Servers created]

====================================================

 Create an Integration Node using mqsicreatebrokercommand

mqsicreatebroker ACE_IN01

 Start the integration node using mqsistart command

mqsistart ACE_IN01
 Create Integration Server using mqsicreateexecutiongroup command

mqsicreateexecutiongroup ACE_IN01 -e DEV_IS_01

There are two ways to create user name and passwords for Web User Interface.
- via command line
- via node.conf.yaml config file.

====================================================

Steps for creating username and passwords for Web User Interface using
command line
====================================================

 Step 1: First lets check for the properties of Rest Admin Listener using
mqsireportproperties command

mqsireportproperties ACE_IN01 -b webadmin -o RestAdminListener -r

 Step 2: Enable the basicAuth and authorizationEnabled parameters to true.


mqsichangeproperties ACE_IN01 -b webadmin -o RestAdminListener -n
basicAuth,authorizationEnabled -v true,true

 Step 3:Provide the permissions based on the role selected. Here I am using
aceAdmin as the role for which full permissions are being granted.The second
commands provides access to navigate to Integration Server and perform
actions accordingly.

mqsichangefileauth ACE_IN01 -r aceAdmin -p all+


mqsichangefileauth ACE_IN01 -e DEV_IS_01 -r aceAdmin -p all+

 Step 4 :Check for the role and permissions that has been granted using the
below command

mqsireportfileauth ACE_IN01 -l

 Step 5 :Create a user with user name as aceUser and password as


passw0rd

mqsiwebuseradmin ACE_IN01 -c -u aceUser -a passw0rd -r aceAdmin

 Step 6: Stop and start the integration node


mqsistop ACE_IN01
mqsistart ACE_IN01

 Step 7: You can verify the node.conf.yaml file to see if the changes that has
been done via command line is reflecting in the config file. To do so
navigate to C:\ProgramData\IBM\MQSI\components\<NodeName> in this
case it is C:\ProgramData\IBM\MQSI\components\ACE_IN01. You will
observer node.conf.yaml file. Since the commands have been executed
after creation of broker and override file for the same will be generated which
will have the values. To view the override file, go to overrides
folder present in the same
location C:\ProgramData\IBM\MQSI\components\ACE_IN01 and open
the node.conf.yaml file to view the properties. The values that you have set
using the above steps should be reflected in this file.
 For Linux servers, look at
the path /var/mqsi/components/ACE_IN01.

 Step 8:Open the web user


interface https://<hostname>:<weblistenerport>. In my case the URL
is https://localhost:4418. If you are not sure of the port number details
execute the below command and find out the port number.

mqsireportproperties ACE_IN01 -b webadmin -o RestAdminListener -r


 Step 9:Login with the username and password that was set using
mqsiwebuseradmin. In this case user name is aceUser and password is
passw0rd.

 Step 10:You should be able to view the server details and should not get
any authorization error.
====================================================

Steps for creating username and passwords for Web User Interface using
node.conf.yaml file

====================================================

 Step 1: First lets check for the properties of Rest Admin Listener using by
navigating to "C:\ProgramData\IBM\MQSI\components\ACE_IN01". You can
see node.conf.yaml file. Alternatively you can also see overrides directory in
the same location which again contains the same node.conf.yaml. For this
part, we will be working on node.conf.yaml file under ACE_IN01 directory.
the node.conf.yaml under overrides directory will only contain values that
has been updated via command line.In the below image, look at the
highlighted fields which we will be changing in the below steps directly in
config file for logging into web user interface with user name and password
with necessary permissions.
 For Linux servers, look at
the path /var/mqsi/components/ACE_IN01.
 Step 2: Un-comment the basicAuth field at line number 57 to enable basic
authorization.
 Next un-comment the authorizationEnabled field at line number 62 and
change the value to true.
 Lastly un-comment the authorizationMode at line number 63 and finally save
the node.config.yaml file.
 Step 3:Now coming to providing permissions to the rule.

1. Un-comment the field adminRole under Node-> Permissions section,


replace the value of adminRole with aceAdmin at line number 79.
2. Un-comment the field adminRole under Node->DataPermissions section,
replace the value of adminRole with aceAdmin at line number 87.
3. Un-comment lines 91, 92, 94, 95, 101.
4. At line number 91, replace server01 with the Integration server name which
you have created. In this case it is DEV_IS_01.
5. Repeat the same process for the Server level permissions by
uncommenting the adminRole fields at line number 94 and 101 and replacing
it with aceAdmin and save the file

 Step 4 :Create a user with user name as aceUser and password as


passw0rd

mqsiwebuseradmin ACE_IN01 -c -u aceUser -a passw0rd -r aceAdmin

 Step 5: Stop and start the integration node


mqsistop ACE_IN01
mqsistart ACE_IN01

 Step 6:Open the web user


interface https://<hostname>:<weblistenerport>. In my case the URL
is https://localhost:4418.

 Step 7:Login with the username and password that was set using
mqsiwebuseradmin. In this case user name is aceUser and password is
passw0rd.

 Step 8:You should be able to view the server details and should not get any
authorization error.
Securing connections to web user interface in ACE

This blog explains step by step process of securing the web user interface in
ACE using command line and using config file node.conf.yaml file.

Securing connections to web user interface in ACE

Initial Steps: If you already have a .p12 certificate available you can ignore
this initial steps otherwise, refer the below link for creating certificate using
openSSL

https://prasadvadnala.blogspot.com/2019/11/generating-p12-certificate-using-openssl.html

For configuration purpose, I will be using the below names for node and
servers.

Integration Node Name : ACE_IN01


.p12 certificate password : password
========================================
Securing connection (https) using command line
========================================

Step 1: Execute the below command to point to the p12 certificate absolute
path along with the certificate name using the below command

mqsichangeproperties ACE_IN01 -b webadmin -o RestAdminListener


-n sslCertificate -v 'D:\p12\dev_certificate.p12'

Step 2: Next use the below command. In the below command


"adminRestApi::sslpwd" is the default resource name that will be used while
setting the p12 certificate password using mqsisetdbparms

mqsichangeproperties ACE_IN01 -b webadmin -o RestAdminListener


-n sslPassword -v adminRestApi::sslpwd

Step 3: Navigate to
"C:\ProgramData\IBM\MQSI\components\ACE_IN01\overrides"
[/var/mqsi/components/ACE_IN01/overrides directory in Linux] and verify
the node.conf.yaml file will reflect the above mentioned changes.
Step 4: Execute the mqsisetdbparms as below. The "password" for -p
parameter is the password that you have set for your p12 certificate.

mqsisetdbparms ACE_IN01 -n adminRestApi::sslpwd -u ignore -p


password

Step 5: Stop and Start the Integration node

mqsistop ACE_IN01
mqsistart ACE_IN01

Step 6: Enter the web user interface URL https://localhost:4418 [use the
host name and port number that you have assigned in your case] and verify
if the page loads correctly using https. [In case you get an option of go to
home page instead or continue to this webpage. Click on continue to the
webpage link and proceed for loading of webuser interface.

Note: I have configured user name and password for web user interface. For
how to generate user name and password, refer the blog
https://prasadvadnala.blogspot.com/2019/11/acewebuserinterfaceconfiguration.html

You might also like