When you change passwords, make sure to change them at
the provider level and for the authentication aliases that are mapped
to the RunAs roles for applications provided byIBM® Business Process Manager.
About this task
When you change the password for a user, user IDs that
are mapped to RunAs user roles also must be updated.
IBM Business Process Manager provides
the following applications that contain users that are mapped to the
RunAs roles:
- IBM_BPM_PerformanceDW_supportDeploymentTarget
- IBM_BPM_Teamworks_applicationDeploymentTarget
- BPEContainer__applicationDeploymentTarget
- TaskContainer__applicationDeploymentTarget
Where the suffix is either the application cluster or the stand-alone
server (for
IBM Business
Process Manager Express® and
IBM Integration
Designer's
Unit Test Environment (UTE)), and the support cluster or stand-alone
server:
_clusterName or
_nodeName_serverName.
Note: The updateBPMAliasesAndRunAsRolesPasswords command
cannot be used to change passwords for the IBM BPM CellAdmin security
role that was specified as the default administrative account during
installation or for custom applications that are not provided by IBM
BPM.
Procedure
To change passwords for any user that is stored in
the file registry, including the CellAdmin security role, complete
the following steps:
- Go to the external security provider and change the password
for the user at the provider level. The following steps use WebSphere® Application
Server as the
provider:
- Change the password in the WebSphere Application
Server file registry
by logging into the WebSphere Application
Server admin
console.
- Click .
- Select the user and enter the new password in the Password field.
- Click Apply and then click OK.
- Save the changes.
Additional steps are necessary when the password of
the user defined in the file registry or external security provider
is changed and the user ID is used by IBM BPM authentication aliases
or RunAs roles of IBM BPM applications. The passwords must be synchronized
with the updateBPMAliasesAndRunAsRolesPasswords command.
Complete the following steps:
- In an ND environment, stop the deployment manager. (In
a stand-alone environment like IBM BPM Express or the IBM Integration
Designer unit test environment, stop the app server.)
- In the deployment manager profile bin folder
(or in the AppServer profile bin folder for IBM Business
Process Manager Express or
the Integration Designer unit test environment), run the updateBPMAliasesAndRunAsRolesPasswords wsadmin
command to synchronize passwords for authentication aliases or application
RunAs roles.
- For Jacl
dmgr_profile_root/bin > wsadmin -conntype NONE
wsadmin> $AdminTask updateBPMAliasesAndRunAsRolesPasswords {-userName username -password new_password}
You should see the following messages:
Processing: IBM_BPM_PerformanceDW_SingleCluster
Processing: IBM_BPM_Teamworks_SingleCluster
Processing: BPEContainer_SingleCluster
Processing: TaskContainer_SingleCluster
wsadmin> $AdminConfig save
- For Jython
dmgr_profile_root/bin>wsadmin -conntype NONE -lang jython
wsadmin>AdminTask.updateBPMAliasesAndRunAsRolesPasswords('[-userName username -password new_password]')
Processing: IBM_BPM_PerformanceDW_SingleCluster
Processing: IBM_BPM_Teamworks_SingleCluster
Processing: BPEContainer_SingleCluster
Processing: TaskContainer_SingleCluster
wsadmin>AdminConfig.save()
- In an ND environment, start the deployment manager and
synchronize your changes on the other nodes. (In a stand-alone environment
like IBM BPM Express or the IBM Integration Designer unit test environment,
start the app server.)
- In an ND environment, restart the application cluster members
and support cluster members.