pp108 : Distributed Installation and Trust and Key Stores

Distributed Installation and Trust and Key Stores
This topic describes the procedure to set up Single Sign-On in a distributed installation with trust and key stores.

Before you begin this task:

  • You must have the role of System Administrator or Organizational Administrator to perform this task.
  • You must have installed Process Platform on both the computers and one of them as 'distributed' so that it is connected to the other (first) monitor.

  1. Copy the following files from the first Process Platform installation to the second Process Platform installation:
    • <Process_Platform_Installation_Directory>/certificates/truststore/CordysDefaultTrustStore.p12
    • <Process_Platform_Installation_Directory>/certificates/keystore/server1_monitor.p12
  2. Change the following properties in the wcp.properties configuration file of the second Process Platform installation to correspond to the first: 
    bus.keystore.file bus.keystore.password bus.keystore.privatekey.password bus.truststore.password

    Both systems now use the same keystore and truststore for the Monitor.

  3. On CUSP > My Applications , click ( LDAP Explorer ). The LDAP Explorer window appears.
  4. Click system > soap nodes > monitorsoapnode@<server1> to go to the service group configuration of the first OpenText Process Suite Platform (<instance name>). The Properties - monitorsoapnode@<server1> window appears.
  5. Click the button in the bussoapnodeconfiguration row. The String (xml) - Edit XML for string window appears.
  6. Inside the <configuration> tag, there is a <monitor_keystore> tag. Copy the tag with all contents to the clipboard.
    A sample monitor configuration is as follows: 
    <configuration>
    <routing ui_algorithm="failover" ui_type="failover">
        <numprocessors>1</numprocessors>
        <algorithm>com.eibus.transport.routing.DynamicRouting</algorithm>
    </routing>
    <monitor_keystore>
        <sharedkey>
            <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
                <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
                <CipherData>
                    <CipherValue>OvnIwI3lUahb8UyL6l/3LSzAspnzGtAwC9LEcFA8iQvtpfv3XOLSWQcVfOwxcdBB4hia AV8lY9XyXpKm8UG9CTPENnJ+4SPVOjH45f6Yqwgfvz1SOvPbJGpEVU6gIABXNEAPJ5+vAT0/KJsgOA HWDK7A3KWBKwT3OvWFbxaOmgM=</CipherValue>
                </CipherData>
            </EncryptedKey>
        </sharedkey>
    </monitor_keystore>
</configuration>
  7. Click system > soap nodes > monitorsoapnode@<server2> to go to the service group configuration of the second OpenText Process Suite Platform (<instance name>). The Properties - monitorsoapnode@<server2> window appears.
  8. Click the button in the bussoapnodeconfiguration row. The String (xml) - Edit XML for string window appears.
  9. Paste the <monitor_keystore> with all contents, overwriting the old <monitor_keystore> tag. Both monitors now have the same shared key.
  10. Remove the key and trust stores from all service groups of <server2>. For more information on removing key and trust stores, refer to Removing Key and Trust Stores
  11. Restart the OpenText Process Suite Platform (<instance name>) on both the computers.
    The keystores and truststores are configured to be used in a distributed installation.

    After you complete this task:
    Enable SSO by following the steps in Enabling Single Sign-On.