To configure Business Workflow Automation Workflow on premise with external IBM Business Automation Navigator and Content Platform Engine, you need to do the following things:
- Configure Business Workflow Automation, Navigator container and Content Platform Engine container with the same LDAP
- Configure Business Workflow Automation, Navigator container and Content Platform Engine container with the same User Management Sever
- Exchange the certificate with Business Workflow Automation and Navigator, CPE container certificate
- Setup the share directory between Business Workflow Automation and Navigator container.
- Configure external IBM Case Navigator and Content Platform Engine in Case Configuration tool
First, you can install Business Workflow Automation on premise and configure it with LDAP and User Management Server. Navigator container and Content Platform Engineer container is part of IBM Cloud Pack for Automation, you must configure and deploy Navigator and Content Platform Engineer in Cloud Pack for Automation. Please select the same LDAP and User Management Server as the Business Workflow Automation on premise.
Then, please configure Business Workflow Automation on premise with User Management Server, you can follow this guide: https://www.ibm.com/support/knowledgecenter/SS8JB4_19.x/com.ibm.wbpm.main.doc/topics/ums_configuring_sso_adding_production.html.
Next, Configure SSL between IBM Business Automation Workflow and the external IBM Business Automation Navigator and Content Platform Engine container. You need to do the follow actions:
- In the WebSphere Application Server administrative console, go to SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates and export the IBM Business Automation Workflow certificate as a file named baw.cert.
- Copy baw.cert to the IBM Business Automation Navigator container operator environment and add this certification using the IBM Business Automation Navigator operator TLS setting.
Follow the instructions in Importing the TLS certificate of an external service,
- Add IBM Business Automation Navigator root certification to IBM Business Automation Workflow.
Follow the instructions in Exchanging TLS certificates with external services.
You also need to import the Navigator and Content Platform Engine operator root certificate into Business Workflow Automation.
- Export the root certificate key in the Navigator and Content Platform Engine operator. You can use the following command to find the root CA key:
kubectl get secret App Engine root CA key -o template --template='{{ index .data "tls.crt" }}' | base64 --decode > rootCA.
- Import the certificate into the IBM Business Automation Workflow JVM by using the keytool command.
For example:
/opt/IBM/baw/java/jre/bin/keytool -import -keystore
/opt/IBM/baw/java/jre/lib/security/cacerts -storepass changeit -file
/u/ICN/certificate.crt
Then, we need to set up a network shared directory between all computers in the IBM Business Automation Workflow cluster and the IBM Content Navigator computer.
The shared directory must be exactly the same on all computers. The computers must have the same operating system.
- By default, the shared directory on the IBM Business Automation Workflow computer is install_root/CaseManagement/properties. If you customized the path to the shared directory, use that customized path.
- On the IBM Content Navigator computer, create a folder with the same path as the IBM Business Automation Workflow shared directory.
- To set up the shared directory, run the sshfs command on the IBM Business Automation Workflow computer.
- By default, the shared path on the IBM Business Automation Workflow computer is install_root\CaseManagement\properties. If you customized the path to the shared directory, use that customized path. If the path is a UNC path to share files among Windows servers, use a forward slash, for example //WIN129146/shareFolder instead of \\WIN129146/shareFolder.
- On the IBM Content Navigator computer, create a folder with the same path as the IBM Business Automation Workflow shared directory.
- Share the directories between the computers.
After that, you can execute the setExternalNavigator command to configure IBM Business Automation Workflow to use the external IBM Content Navigator. Change directories to install_root/profiles/deployment_manager_profile/bin and run the command.
For example:
wsadmin.bat -connType none -lang jython
AdminTask.setExternalNavigator(['-de', 'ProcessCenter', '-icnURL', 'https://icnhostname:ssl_port/navigator', '-icnAdminUser', 'P8Admin', '-icnAdminPassword', 'IBMFileNetP8'])
AdminConfig.save()
At last, you can go to Case Configuration Tool to configure external IBM Business Automation Navigator and Content Platform Engine. Follow the Case configuration tool wizard to configure all the needed information, and when it comes to external Navigator panel,
configure single sign-on with User Management Service (UMS) by filling in the following three parameters:
- User Management Service URL: Enter the URL and port number for UMS. The URL format is https://ums_server:port. This parameter is optional. If you specify the UMS URL, the connection to the IBM Business Automation Navigator server will be redirected to UMS first and then return to the IBM Business Automation Navigator server after the authentication check.
- User Management Service user name: Enter the user account that can log in to UMS.
- User Management Service password: Enter the password for the UMS user.
Save the configuration and execute all the tasks under the Case Configuration Tool for the external Naviagtor and Content Platform Engine container, you will get the configuration successfully.