Many PRODUCTION WebSphere environments are configured with 'Administrative Security' enabled and 'Service Integration Bus (SIB) Securtiy' enabled. LiveCycle configuration documentation for environments where WebSphere Administrative Security is integrated with the corporate LDAP directory currently does not exist.
Create a J2C Authentication Alias
In WebSphere Admin Console, create a new 'J2C Configuration Alias' mapped to a user in the corporate LDAP directory. Ideally, the password for this user should not frequently, and without warning, expire. Navigate to Security->Secure Administration, applications, and infrastructure->Java Authentication and Authorization Service->J2C authentication data->New
Verify that the special built-in group 'AllAuthenticated' is listed in the bus connector role. Navigate to Service Integration->Buses->IDP_JMS_Bus->Additional Properties->Security->Additional Properties->Users and groups in the bus connector role. If not, configure it, or configure the user mapped to the J2C Authentication Alias in this role.
Configure LiveCycle JMS Activation Specifications
LiveCycle has three Activation Specifications, namely JobManager_AS, PECommand_AS and Task_Event_AS. Configure all three with the newly created 'J2C Authentication Alias'. Navigate to Resources->JMS->Activation specifications.
Force Re-Synchronize the Nodes
All nodes in the WebSphere cell have to be updated with these changes.
Re-start LiveCycle appserver instances
Watch the SystemOut.log for any error messages. If there are any related to the Service Integration Bus, fix them first.
Leave a comment