The XML configuration
interface is only accessible to users that have the manager role on the virtual
resource XML_ACCESS and the
administrator role on the virtual resource PORTAL.
|
Syntax
element
|
Description
|
|
xmlaccess
|
This is the shell script. It is located in
directory wp_profile_root/PortalServer/bin
. Use one of the following scripts:
|
|
-in
|
Use this element to specify
the name of a file containing the XML request (configuration export or
update) that should be processed.
|
|
-user and -password
|
Use these elements to
specify the user identification and password describing the authority under
which the request should be processed. For the value for user you must
specify the short user name as specified during login; full distinguished
names (DN) are not supported.
|
|
-askForCredential
|
You can use the parameter
askForCredential and leave out the parameters user and password. The XML
configuration interface will then prompt you for the user ID and password.
The parameter askForCredential requires no value to be specified.
|
|
-useEncryptedCredentials
|
Use this option if you
want to provide the user credentials in a properties file rather than with
the XML command.
|
|
-noUpdateProperties
|
Use this option
additionally with the option useEncryptedCredentials, if you do not want to
have the encrypted credentials written back to the properties file.
|
|
-url
|
Use this element to
specify the URL to access the configuration servlet. This URL consists of the
host name, the base URI as specified during installation (for example /wps),
and the servlet extension /config.
|
|
-out
|
The name of the result
file that contains the XML output. This file gives a result status and
thereby indicates whether the XML request was performed successfully, or what
errors might have occurred. In the case of an XML export, this file contains
the exported configuration. You can later use this file to re-import the
exported configuration.
|
|
-truststore
|
Use this element to
specify the name of the truststore file that contains the server certificates
that are required for accepting SSL connections with trusted servers. If no
truststore is provided, the XML client will use the default Java cacerts
truststore.
|
|
-trustpwd
|
Use this element to
specify the password that is required for accessing the truststore. If the
default Java cacerts truststore is used, no trust password needs to be
provided.
|
|
-trusttype
|
Use this element to
specify the type of the truststore that is used. The default type is jks. As
long as the used truststore is of type jks, you do not have to provide this
parameter.
|
|
-keystore
|
Use this element to
specify the name of the keystore file that contains client certificates that
are required for establishing an SSL connection with a server that requires
client certificate authentication. If no keystore is provided, the XML client
will use the default Java cacerts keystore.
|
|
-keypwd
|
Use this element to
specify the password that is required for accessing the keystore. If the
default Java cacerts keystore is used, no key password needs to be provided.
|
|
-keytype
|
Use this element to
specify the type of the used keystore. The default type is jks. If the used
keystore is of type jks, you do not have to provide this parameter.
|
|
-protocol
|
Use this element to
specify the protocol, for example SSL, SSLv1, SSLv3, or TLS . Note that you
can select only protocols that WebSphere® Application Server supports and has
enabled. The parameter is evaluated only if the URL of the XMLAccess servlet
selects a secure connection with HTTPs. Otherwise, the parameter is ignored.
|
|
-credentialexport
|
This is a parameter
without value that indicates that export of credentials should be enabled
|
|
-passphrase
|
Use this element to
specify the encryptionPassPhrase for the encryption. The minimum length of
this string is the number of bits set as export keylength in the portal WP
Credential Vault Service (WP_VaultService) Custom Properties divided by 8.
The -passphrase value is used to create a key of the specified length for the
encryption. For details about the WP Credential Vault Service see the topic
about the Credential Vault Service. For details about how to configure or
determine service configuration properties see the topic about Setting
service configuration properties.
|
Before running the xmlaccess
command to export or import credential vault data, make sure that you have
added the two properties export.userDN and export.enforceSSL to the WebSphere®
Application Server configuration.
When you use the XML command
line client for credential export or import, you need to add two more
parameters: -credentialexport and -passphrase to the XML command.
xmlaccess -user user_ID
-password password -url
https://myhost:10035/wps/config/
-truststore wp_profile_root/config/cells/cellname/nodes/nodename/trust.p12 -trusttype PKCS12 -trustpwd WebAS -in input_file.xml -out result_file.xml -credentialexport -passphrase encryptionPassphrase
Click Resources >
Resource Environment > Resource Environment > Providers > WP_VaultService > Custom properties.
Add the property export.userDN :
- Name:
export.userDN
- Value:
administrator_DN. For example: cn=wpsadmin,o=ibm
- Type:
java.lang.String
Add the property
export.enforceSSL :
- Name:
export.enforceSSL
- Value:
true
- Type:
java.lang.Boolean
No comments:
Post a Comment