Knowledge Collection: Security documents for the IBM Business Process Manager products

Education


Abstract

This knowledge collection is a focused compilation of links to security-related documents for the IBM Business Process Manager products.

Content

Knowledge Collections are navigation aids that organize content to help users quickly find relevant information. Knowledge Collections are not designed to be an all-inclusive list of all documents dealing with the specific theme. The applicable version is included in each entry.

Other Knowledge Collections are available for the IBM Business Process Manager.


If you need technical support, see the Support section for information on what IBM Software Support needs to investigate the issue.

Webcast replay: IBM Business Process Manager (BPM) Security (7036415)
Versions: 8.0, 7.5.1, 7.5.0.1
This session covers configuring Single Sign On/Lightweight Directory Access Protocol to access Business Process Manager. It also talks about the user/group references in various components of Business Process Manager like problem determination, Process Admin, WebSphere Application Server, and so on. At the end of the presentation, there was a discussion on troubleshooting in this area.
Level of Difficulty: Intermediate
Presenters: Sridhar Edam and Dhamu Veluswamy
Date: 20 November 2012

Securing the messaging engines underlying the IBM Process Server and Performance Data Warehouse for IBM Business Process Manager (BPM) (1499518)
Version: 7.5
The buses underlying the IBM Process Server and Performance Data Warehouse are shipped unsecured; to secure the buses, you need to complete additional steps.

IBM Business Process Manager (BPM) server fails to start and java.security.AccessControlException messages exist in the SystemOut.log files (1501660)
Version: 7.5
The server fails to start, and you see multiple java.security.AccessControlException errors in the SystemOut.log file if you enable Java™ 2 security on IBM Business Process Manager V7.5.

Importing a Teamworks file that references content from LDAP into IBM Business Process Manager (BPM) can fail (1571843)
Version: 7.5.1
Importing a Teamworks file that references LDAP Users and Groups into a system that is not configured to use the same LDAP repository can result in failure. The references are added when a user selects users and groups from LDAP when defining a participant group. Exporting a snapshot to a Teamworks file causes that file to contain references to content from LDAP.

A "CWLLG0095W: The repository contact failed with a status of: 302" error occurs with IBM Business Process Manager (BPM) (1580089)
Versions: 7.5.1, 7.5
When the Process Server tries to connect to the Process Center repository, the following warning message might occur in the SystemOut.log file: CWLLG0095W: The repository contact failed with a status of: 302

Error: You cannot maintain internal users because the application server is not configured to use the Business Process Manager (BPM) Internal Security Provider. (1586586)
Versions: 7.5.1, 7.5
When you click "manage users" in the IBM Business Process Manager Process Admin Console, you see a "You cannot maintain internal users because the application server is not configured to use the BPM Internal Security Provider" error.

Shipped version of the plugin-key.kdb password expires on April 26, 2012 US EDT (1591896)
Versions: 7.5.1, 7.5
SSL connections between the plug-in and WebSphere Application Server might fail or revert to non-SSL after the shipped version of the plugin-key.kdb password expires on April 26, 2012 US EDT.

The "Read E-Mail via IMAP" integration service for the IBM Business Process Manager (BPM) products does not support SSL (1592149)
Versions: 7.5.1, 7.5
The integration service "Read Email via IMAP" from the System Toolkit does not support the IMAPS protocol. As a result, you cannot connect to IMAP servers that require Secure Sockets Layer (SSL).

A SRVE0068E error occurs when an LDAP user is added to the tw_admins group when using IBM Business Process Manager (BPM) Advanced and IBM Business Process Manager Standard (1593114)
Version: 8.0
When you access the Monitoring > Instrumentation functionality in the Process Admin Console using an LDAP user that was added to the LDAP tw_admins group you will receive a SRVE0068E error.

IBM Business Process Manager (BPM) Advanced and IBM Business Process Manager Standard internal custom repository user name fails with a CWLLG2015E error message (1593299)
Version: 8.0
IBM Business Process Manager Advanced and IBM Business Process Manager Standard internal custom repository user names that contain ?=? characters are not added to the LSW_USR_XREF table.

Server startup problems occur when using IBM Business Process Manager (BPM) with Lightweight Directory Access Protocol (LDAP) for a large number of groups (1594714)
Versions: 8.0, 7.5.1
When IBM Business Process Manager is configured to use LDAP with a large number of groups, the server might take a long time to start.

Changing the value of the Session Bean Timeout in IBM Business Process Manager (BPM) (1601357)
Versions: 7.5.1, 7.5
The default value of Session Bean Timeout in Business Process Manager is 7200 seconds. How do you change this default value?

LDAP attributes, other than the user name and display name, are not accessible in IBM Business Process Manager (BPM) (1609893)
Versions: 8.0, 7.5.1, 7.5
How can you access user attributes other than user name and display name in an LDAP store from the IBM Business Process Manager products?

Querying LDAP databases using IBM Business Process Manager (BPM) V8.0 (1610113)
Version: 8.0
How do you use attributes other than the username and group attributes to query an LDAP database for IBM Business Process Manager?

The 'Manage Group' Add User search in the Process Admin Console does not return available users for IBM Business Process Manager (BPM) (1615427)
Versions: 8.0, 7.5.1, 7.5
When you search for a user within the 'Manage Group' in the Process Admin Console for IBM Business Process Manager, a more specific search keyword does not result in any entries. In addition, an LDAP timeout message is added to the SystemOut.log file.

A user in a group cannot retrieve assigned tasks in the IBM Business Process Manager (BPM) Process Portal (1616500)
Version: 8.0.1
Portal users in a group cannot see tasks that have been assigned to their group.

Error adding LDAP user or group to Lombardi internal group (1617395)
Versions: 7.5.1, 7.5
Although able to see LDAP members and groups, they cannot successfully be added to Lombardi user groups.

Changing the tw_admin password in IBM Business Process Manager (BPM) after installation (1619258)
Versions: 8.0, 7.5.1
After your install IBM Business Process Manager, you attempt to change the tw_admin password value. However, the following error occurs in the SystemOut.log file: CWLLG2003E: GetSubject for userName=tw_admin failed in ServiceLocator.

Potential security vulnerabilities in the IBM Business Process Management products for the Oracle October 2012 CPU (1620041)
Versions: 8.0.1, 8.0, 7.5.1, 7.5
The IBM Business Process Manager, WebSphere Process Server, WebSphere Lombardi Edition, and WebSphere Enterprise Service Bus products depend on WebSphere Application Server and its IBM Developer Kit, Java edition.

Trust store problem when connecting from Process Designer to Process Center in IBM Business Process Manager (BPM) (1590164)
Version: 7.5.1
Trust store is not included for a network deployment (ND) environment or with a correct password for security with Process Designer.

Security Bulletin: An IBM Business Process Manager SSL connection can be established without host name verification: CVE-2012-5785 (1622589)
Versions: 8.01, 8.0, 7.5.1, 7.5
A Secure Sockets Layer (SSL) connection can be established without host name verification, which an make the connection vulnerable to a man-in-the-middle attack.

SqlIntegrityConstraintViolationException at server startup (1619620)
Versions: 8.0.1, 8.0, 7.5.1
When IBM Business Process Manager is configured to use LDAP and LDAP has duplicate groups in it, at server startup, a SqlIntegrityConstraintViolationException gets thrown. Additionally, upon server startup, LDAP groups are not visible from WebSphere Application Server Administrative Console or Process Admin Console. APAR JR44698 is applied & the server is restarted. But the original problem still persists.


Support


If you are having security issues and need help from IBM Support, see the Collect troubleshooting data for security problems in IBM Business Process Manager (BPM) (1609418) topic. This document explains what documentation you must collect (MustGather) so that the IBM Business Process Manager Support team can diagnose your problem. If you gather this documentation before contacting support, it will expedite the troubleshooting process, and save you time.



Other Knowledge Collections for IBM Business Process Manager




Original publication date

2012/12/14

Cross reference information
Segment Product Component Platform Version Edition
Business Integration IBM Business Process Manager Advanced General AIX, Linux, Linux zSeries, Solaris, Windows, z/OS 8.0.1, 8.0, 7.5.1, 7.5
Business Integration IBM Business Process Manager Express General Linux, Linux zSeries, Windows 8.0.1, 8.0, 7.5.1, 7.5

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Business Process Manager Standard
Security

Software version:

7.5, 7.5.1, 8.0, 8.0.1

Operating system(s):

AIX, Linux, Linux zSeries, Solaris, Windows

Reference #:

7036942

Modified date:

2013-03-21

Translate my page

Machine Translation

Content navigation