Changing IBM Business Process Manager passwords

When you change passwords, make sure to change them at the provider level and for the authentication aliases that are mapped to the RunAs roles for applications provided byIBM® Business Process Manager.

About this task

When you change the password for a user, user IDs that are mapped to RunAs user roles also must be updated.

IBM Business Process Manager provides the following applications that contain users that are mapped to the RunAs roles:
  • IBM_BPM_PerformanceDW_supportDeploymentTarget
  • IBM_BPM_Teamworks_applicationDeploymentTarget
  • BPEContainer__applicationDeploymentTarget
  • TaskContainer__applicationDeploymentTarget
Where the suffix is either the application cluster or the stand-alone server (for IBM Business Process Manager Express® and IBM Integration Designer's Unit Test Environment (UTE)), and the support cluster or stand-alone server: _clusterName or _nodeName_serverName.
Note: The updateBPMAliasesAndRunAsRolesPasswords command cannot be used to change passwords for the IBM BPM CellAdmin security role that was specified as the default administrative account during installation or for custom applications that are not provided by IBM BPM.

Procedure

To change passwords for any user that is stored in the file registry, including the CellAdmin security role, complete the following steps:

  1. Go to the external security provider and change the password for the user at the provider level. The following steps use WebSphere® Application Server as the provider:
    1. Change the password in the WebSphere Application Server file registry by logging into the WebSphere Application Server admin console.
    2. Click Users and Groups > Manage Users.
    3. Select the user and enter the new password in the Password field.
    4. Click Apply and then click OK.
    5. Save the changes.

Additional steps are necessary when the password of the user defined in the file registry or external security provider is changed and the user ID is used by IBM BPM authentication aliases or RunAs roles of IBM BPM applications. The passwords must be synchronized with the updateBPMAliasesAndRunAsRolesPasswords command. Complete the following steps:

  1. In an ND environment, stop the deployment manager. (In a stand-alone environment like IBM BPM Express or the IBM Integration Designer unit test environment, stop the app server.)
  2. In the deployment manager profile bin folder (or in the AppServer profile bin folder for IBM Business Process Manager Express or the Integration Designer unit test environment), run the updateBPMAliasesAndRunAsRolesPasswords wsadmin command to synchronize passwords for authentication aliases or application RunAs roles.
    • For Jacl
      dmgr_profile_root/bin > wsadmin -conntype NONE
      wsadmin> $AdminTask updateBPMAliasesAndRunAsRolesPasswords {-userName username -password new_password}
      
      You should see the following messages:
      
      Processing: IBM_BPM_PerformanceDW_SingleCluster
      Processing: IBM_BPM_Teamworks_SingleCluster
      Processing: BPEContainer_SingleCluster
      Processing: TaskContainer_SingleCluster
      
      wsadmin> $AdminConfig save
    • For Jython
      dmgr_profile_root/bin>wsadmin -conntype NONE -lang jython
      
      wsadmin>AdminTask.updateBPMAliasesAndRunAsRolesPasswords('[-userName username -password new_password]')
      Processing: IBM_BPM_PerformanceDW_SingleCluster
      Processing: IBM_BPM_Teamworks_SingleCluster
      Processing: BPEContainer_SingleCluster
      Processing: TaskContainer_SingleCluster
      
      wsadmin>AdminConfig.save()
  3. In an ND environment, start the deployment manager and synchronize your changes on the other nodes. (In a stand-alone environment like IBM BPM Express or the IBM Integration Designer unit test environment, start the app server.)
  4. In an ND environment, restart the application cluster members and support cluster members.