I want to automate a change that can be done in the WAS admin console via Jython.
I want to configure the Inbound transport panels in the administrative console to change Transport to SSL supported.
The auto generated script is as follows:

# Transport SSL Supported
#AdminTask.configureCSIInbound('[-messageLevelAuth Supported -supportedAuthMechList LTPA|BASICAUTH -clientCertAuth Supported -transportLayer Supported -sslConfiguration -enableIdentityAssertion false -statefulSession true -enableAttributePropagation true -trustedIdentities ]')

I am waiting for confirmation from the client that this is acceptable. However I thought there may be a better way to do this.

I am trying to change these lines in the security.xml

<CSI xmi:id="IIOPSecurityProtocol_1">
64 <claims xmi:type="orb.securityprotocol:CommonSecureInterop" xmi:id="CSIv2 Inbound Configuration" stateful="true">
....................
....................
73 <layers xmi:type="orb.securityprotocol:TransportLayer" xmi:id="TransportLayer_1">
74 <requiredQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_2" establishTrustInClient="false" enableProtection="true" confidentiality="false" integrity="true"/>
75 <supportedQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_1" establishTrustInClient="true" enableProtection="false" confidentiality="true" integrity="true"/>
76 <serverAuthentication xmi:id="IIOPTransport_1" sslConfig=""/>
77 </layers>
78 </claims>

My script fails at the change itself.
Here is the complete script.

aSec = AdminConfig.getid('/Security:/')
csi = AdminConfig.showAttribute(aSec, "CSI")
claim = AdminConfig.showAttribute(csi, "claims")
if (claim.find('CSIv2 Inbound Configuration')!= -1):

------------------------------
Amit Kapila
AmitKapila
------------------------------

Hello,   Amit. 
I tried your script and got the same result that you pointed. 

C:\WAS90ND\profiles\Dmgr01\bin>wsadmin -username Administrator -password password -lang jython -f amit.py
WASX7209I: Connected to process "dmgr" on node DESKTOP-BBBKTCUCellManager02 using SOAP connector;  The type of process is: DeploymentManager
WASX7241I: There are no unsaved changes in this workspace.​

Then my colleague Gil suggested my security.xml already has the values you are trying to set... that may be why WAS did not do anything. 
So I flipped true/false in your script just to see his theory is good or not.   This time, the script says there's unsaved change.  😊

C:\WAS90ND\profiles\Dmgr01\bin>wsadmin -username Administrator -password password -lang jython -f amitnew.py
WASX7209I: Connected to process "dmgr" on node DESKTOP-BBBKTCUCellManager02 using SOAP connector;  The type of process is: DeploymentManager
WASX7146I: The following configuration files contain unsaved changes:
 cells/DESKTOP-BBBKTCUCell02/security.xml   

------------------------------
Hiroko Takamiya
IBM
------------------------------

Original Message:
Sent: Mon April 13, 2020 08:23 AM
From: Amit Kapila
Subject: AdminConfig.modify not modifying security.xml

I want to automate a change that can be done in the WAS admin console via Jython.
I want to configure the Inbound transport panels in the administrative console to change Transport to SSL supported.
The auto generated script is as follows:

# Transport SSL Supported
#AdminTask.configureCSIInbound('[-messageLevelAuth Supported -supportedAuthMechList LTPA|BASICAUTH -clientCertAuth Supported -transportLayer Supported -sslConfiguration -enableIdentityAssertion false -statefulSession true -enableAttributePropagation true -trustedIdentities ]')

I am waiting for confirmation from the client that this is acceptable. However I thought there may be a better way to do this.

I am trying to change these lines in the security.xml

<CSI xmi:id="IIOPSecurityProtocol_1">
64 <claims xmi:type="orb.securityprotocol:CommonSecureInterop" xmi:id="CSIv2 Inbound Configuration" stateful="true">
....................
....................
73 <layers xmi:type="orb.securityprotocol:TransportLayer" xmi:id="TransportLayer_1">
74 <requiredQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_2" establishTrustInClient="false" enableProtection="true" confidentiality="false" integrity="true"/>
75 <supportedQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_1" establishTrustInClient="true" enableProtection="false" confidentiality="true" integrity="true"/>
76 <serverAuthentication xmi:id="IIOPTransport_1" sslConfig=""/>
77 </layers>
78 </claims>

My script fails at the change itself.

AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')

AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )

Here is the complete script.

aSec = AdminConfig.getid('/Security:/')
csi = AdminConfig.showAttribute(aSec, "CSI")
claim = AdminConfig.showAttribute(csi, "claims")
if (claim.find('CSIv2 Inbound Configuration')!= -1):

layers = AdminConfig.showAttribute(claim, "layers" )

layList = layers[1:len(layers)-1].split(" ")

for aLayer in layList:

if (aLayer.find('TransportLayer')!= -1):

supportedQOP = AdminConfig.showAttribute(aLayer, "supportedQOP" )

requiredQOP = AdminConfig.showAttribute(aLayer, "requiredQOP" )

AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')

AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )

print AdminConfig.queryChanges()

AdminConfig.save()

When I query the changes via the penultimate line the security.xml does not change. I thought that this may be as a result of the Global Security. However Global Security is false.

wsadmin>AdminTask.isAppSecurityEnabled()
u'true'
wsadmin>AdminTask.isGlobalSecurityEnabled()
u'false'

Why might the modify not actually work?

Kind regards,

------------------------------
Amit Kapila
AmitKapila
------------------------------

Hi, Amit 

I tried your script and got the same result at first. 

C:\WAS90ND\profiles\Dmgr01\bin>wsadmin -username Administrator -password password -lang jython -f amit.py
WASX7209I: Connected to process "dmgr" on node DESKTOP-BBBKTCUCellManager02 using SOAP connector;  The type of process is: DeploymentManager
WASX7241I: There are no unsaved changes in this workspace.​

Then my colleague Gil pointed that I might have the security.xml that already has the same values that your script is trying to set.  So I flipped true/false in your script.   Now it seems to recognize the change.  😊

C:\WAS90ND\profiles\Dmgr01\bin>wsadmin -username Administrator -password password -lang jython -f amitnew.py
WASX7209I: Connected to process "dmgr" on node DESKTOP-BBBKTCUCellManager02 using SOAP connector;  The type of process is: DeploymentManager
WASX7146I: The following configuration files contain unsaved changes:
 cells/DESKTOP-BBBKTCUCell02/security.xml

------------------------------
Hiroko Takamiya
IBM
------------------------------

Original Message:
Sent: Mon April 13, 2020 08:23 AM
From: Amit Kapila
Subject: AdminConfig.modify not modifying security.xml

I want to automate a change that can be done in the WAS admin console via Jython.
I want to configure the Inbound transport panels in the administrative console to change Transport to SSL supported.
The auto generated script is as follows:

# Transport SSL Supported
#AdminTask.configureCSIInbound('[-messageLevelAuth Supported -supportedAuthMechList LTPA|BASICAUTH -clientCertAuth Supported -transportLayer Supported -sslConfiguration -enableIdentityAssertion false -statefulSession true -enableAttributePropagation true -trustedIdentities ]')

I am waiting for confirmation from the client that this is acceptable. However I thought there may be a better way to do this.

I am trying to change these lines in the security.xml

<CSI xmi:id="IIOPSecurityProtocol_1">
64 <claims xmi:type="orb.securityprotocol:CommonSecureInterop" xmi:id="CSIv2 Inbound Configuration" stateful="true">
....................
....................
73 <layers xmi:type="orb.securityprotocol:TransportLayer" xmi:id="TransportLayer_1">
74 <requiredQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_2" establishTrustInClient="false" enableProtection="true" confidentiality="false" integrity="true"/>
75 <supportedQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_1" establishTrustInClient="true" enableProtection="false" confidentiality="true" integrity="true"/>
76 <serverAuthentication xmi:id="IIOPTransport_1" sslConfig=""/>
77 </layers>
78 </claims>

My script fails at the change itself.

AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')

AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )

Here is the complete script.

aSec = AdminConfig.getid('/Security:/')
csi = AdminConfig.showAttribute(aSec, "CSI")
claim = AdminConfig.showAttribute(csi, "claims")
if (claim.find('CSIv2 Inbound Configuration')!= -1):

layers = AdminConfig.showAttribute(claim, "layers" )

layList = layers[1:len(layers)-1].split(" ")

for aLayer in layList:

if (aLayer.find('TransportLayer')!= -1):

supportedQOP = AdminConfig.showAttribute(aLayer, "supportedQOP" )

requiredQOP = AdminConfig.showAttribute(aLayer, "requiredQOP" )

AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')

AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )

print AdminConfig.queryChanges()

AdminConfig.save()

When I query the changes via the penultimate line the security.xml does not change. I thought that this may be as a result of the Global Security. However Global Security is false.

wsadmin>AdminTask.isAppSecurityEnabled()
u'true'
wsadmin>AdminTask.isGlobalSecurityEnabled()
u'false'

Why might the modify not actually work?

Kind regards,

------------------------------
Amit Kapila
AmitKapila
------------------------------

Hello Hiro,
The issue was exactly as you suggested. WebSphere won't change anything if the particular change is already configured.
I should have realized this myself.
Thanks for your reply,
Amit

------------------------------
Amit Kapila
AmitKapila
------------------------------

Original Message:
Sent: Tue April 14, 2020 01:10 PM
From: Hiroko Takamiya
Subject: AdminConfig.modify not modifying security.xml

Hi, Amit 

I tried your script and got the same result at first. 

C:\WAS90ND\profiles\Dmgr01\bin>wsadmin -username Administrator -password password -lang jython -f amit.pyWASX7209I: Connected to process "dmgr" on node DESKTOP-BBBKTCUCellManager02 using SOAP connector;  The type of process is: DeploymentManagerWASX7241I: There are no unsaved changes in this workspace.​

Then my colleague Gil pointed that I might have the security.xml that already has the same values that your script is trying to set.  So I flipped true/false in your script.   Now it seems to recognize the change.  😊

C:\WAS90ND\profiles\Dmgr01\bin>wsadmin -username Administrator -password password -lang jython -f amitnew.pyWASX7209I: Connected to process "dmgr" on node DESKTOP-BBBKTCUCellManager02 using SOAP connector;  The type of process is: DeploymentManagerWASX7146I: The following configuration files contain unsaved changes: cells/DESKTOP-BBBKTCUCell02/security.xml

------------------------------
Hiroko Takamiya
IBM

Original Message:
Sent: Mon April 13, 2020 08:23 AM
From: Amit Kapila
Subject: AdminConfig.modify not modifying security.xml

I want to automate a change that can be done in the WAS admin console via Jython.
I want to configure the Inbound transport panels in the administrative console to change Transport to SSL supported.
The auto generated script is as follows:

# Transport SSL Supported
#AdminTask.configureCSIInbound('[-messageLevelAuth Supported -supportedAuthMechList LTPA|BASICAUTH -clientCertAuth Supported -transportLayer Supported -sslConfiguration -enableIdentityAssertion false -statefulSession true -enableAttributePropagation true -trustedIdentities ]')

I am waiting for confirmation from the client that this is acceptable. However I thought there may be a better way to do this.

I am trying to change these lines in the security.xml

<CSI xmi:id="IIOPSecurityProtocol_1">
64 <claims xmi:type="orb.securityprotocol:CommonSecureInterop" xmi:id="CSIv2 Inbound Configuration" stateful="true">
....................
....................
73 <layers xmi:type="orb.securityprotocol:TransportLayer" xmi:id="TransportLayer_1">
74 <requiredQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_2" establishTrustInClient="false" enableProtection="true" confidentiality="false" integrity="true"/>
75 <supportedQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_1" establishTrustInClient="true" enableProtection="false" confidentiality="true" integrity="true"/>
76 <serverAuthentication xmi:id="IIOPTransport_1" sslConfig=""/>
77 </layers>
78 </claims>

My script fails at the change itself.

AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')

AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )

Here is the complete script.

aSec = AdminConfig.getid('/Security:/')
csi = AdminConfig.showAttribute(aSec, "CSI")
claim = AdminConfig.showAttribute(csi, "claims")
if (claim.find('CSIv2 Inbound Configuration')!= -1):

layers = AdminConfig.showAttribute(claim, "layers" )

layList = layers[1:len(layers)-1].split(" ")

for aLayer in layList:

if (aLayer.find('TransportLayer')!= -1):

supportedQOP = AdminConfig.showAttribute(aLayer, "supportedQOP" )

requiredQOP = AdminConfig.showAttribute(aLayer, "requiredQOP" )

AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')

AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )

print AdminConfig.queryChanges()

AdminConfig.save()

When I query the changes via the penultimate line the security.xml does not change. I thought that this may be as a result of the Global Security. However Global Security is false.

wsadmin>AdminTask.isAppSecurityEnabled()
u'true'
wsadmin>AdminTask.isGlobalSecurityEnabled()
u'false'

Why might the modify not actually work?

Kind regards,

------------------------------
Amit Kapila
AmitKapila
------------------------------

Great!  This was a really good question, we ourselves learned a lot.  Thanks, Amit.

------------------------------
Hiroko Takamiya
IBM
------------------------------

Original Message:
Sent: Wed April 15, 2020 07:50 AM
From: Amit Kapila
Subject: AdminConfig.modify not modifying security.xml

Hello Hiro,
The issue was exactly as you suggested. WebSphere won't change anything if the particular change is already configured.
I should have realized this myself.
Thanks for your reply,
Amit

------------------------------
Amit Kapila
AmitKapila

Original Message:
Sent: Tue April 14, 2020 01:10 PM
From: Hiroko Takamiya
Subject: AdminConfig.modify not modifying security.xml

Hi, Amit 

I tried your script and got the same result at first. 

C:\WAS90ND\profiles\Dmgr01\bin>wsadmin -username Administrator -password password -lang jython -f amit.pyWASX7209I: Connected to process "dmgr" on node DESKTOP-BBBKTCUCellManager02 using SOAP connector;  The type of process is: DeploymentManagerWASX7241I: There are no unsaved changes in this workspace.​

Then my colleague Gil pointed that I might have the security.xml that already has the same values that your script is trying to set.  So I flipped true/false in your script.   Now it seems to recognize the change.  😊

C:\WAS90ND\profiles\Dmgr01\bin>wsadmin -username Administrator -password password -lang jython -f amitnew.pyWASX7209I: Connected to process "dmgr" on node DESKTOP-BBBKTCUCellManager02 using SOAP connector;  The type of process is: DeploymentManagerWASX7146I: The following configuration files contain unsaved changes: cells/DESKTOP-BBBKTCUCell02/security.xml

------------------------------
Hiroko Takamiya
IBM

Original Message:
Sent: Mon April 13, 2020 08:23 AM
From: Amit Kapila
Subject: AdminConfig.modify not modifying security.xml

I want to automate a change that can be done in the WAS admin console via Jython.
I want to configure the Inbound transport panels in the administrative console to change Transport to SSL supported.
The auto generated script is as follows:

# Transport SSL Supported
#AdminTask.configureCSIInbound('[-messageLevelAuth Supported -supportedAuthMechList LTPA|BASICAUTH -clientCertAuth Supported -transportLayer Supported -sslConfiguration -enableIdentityAssertion false -statefulSession true -enableAttributePropagation true -trustedIdentities ]')

I am waiting for confirmation from the client that this is acceptable. However I thought there may be a better way to do this.

I am trying to change these lines in the security.xml

<CSI xmi:id="IIOPSecurityProtocol_1">
64 <claims xmi:type="orb.securityprotocol:CommonSecureInterop" xmi:id="CSIv2 Inbound Configuration" stateful="true">
....................
....................
73 <layers xmi:type="orb.securityprotocol:TransportLayer" xmi:id="TransportLayer_1">
74 <requiredQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_2" establishTrustInClient="false" enableProtection="true" confidentiality="false" integrity="true"/>
75 <supportedQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_1" establishTrustInClient="true" enableProtection="false" confidentiality="true" integrity="true"/>
76 <serverAuthentication xmi:id="IIOPTransport_1" sslConfig=""/>
77 </layers>
78 </claims>

My script fails at the change itself.

AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')

AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )

Here is the complete script.

aSec = AdminConfig.getid('/Security:/')
csi = AdminConfig.showAttribute(aSec, "CSI")
claim = AdminConfig.showAttribute(csi, "claims")
if (claim.find('CSIv2 Inbound Configuration')!= -1):

layers = AdminConfig.showAttribute(claim, "layers" )

layList = layers[1:len(layers)-1].split(" ")

for aLayer in layList:

if (aLayer.find('TransportLayer')!= -1):

supportedQOP = AdminConfig.showAttribute(aLayer, "supportedQOP" )

requiredQOP = AdminConfig.showAttribute(aLayer, "requiredQOP" )

AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')

AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )

print AdminConfig.queryChanges()

AdminConfig.save()

When I query the changes via the penultimate line the security.xml does not change. I thought that this may be as a result of the Global Security. However Global Security is false.

wsadmin>AdminTask.isAppSecurityEnabled()
u'true'
wsadmin>AdminTask.isGlobalSecurityEnabled()
u'false'

Why might the modify not actually work?

Kind regards,

------------------------------
Amit Kapila
AmitKapila
------------------------------

Original Message------

Great!  This was a really good question, we ourselves learned a lot.  Thanks, Amit.

------------------------------
Hiroko Takamiya
IBM
------------------------------

Good morning Amit,
you can use the AdminConfig.hasChanges() function to determine if there are unsaved changes in the workspace. You can optimize the script and call AdminConfig.save() only of AdminConfig.hasChanges() returns 1.

------------------------------
Hermann Huebler

#IBMChampion
------------------------------

Original Message:
Sent: Mon April 13, 2020 08:23 AM
From: Amit Kapila
Subject: AdminConfig.modify not modifying security.xml

I want to automate a change that can be done in the WAS admin console via Jython.
I want to configure the Inbound transport panels in the administrative console to change Transport to SSL supported.
The auto generated script is as follows:

# Transport SSL Supported
#AdminTask.configureCSIInbound('[-messageLevelAuth Supported -supportedAuthMechList LTPA|BASICAUTH -clientCertAuth Supported -transportLayer Supported -sslConfiguration -enableIdentityAssertion false -statefulSession true -enableAttributePropagation true -trustedIdentities ]')

I am waiting for confirmation from the client that this is acceptable. However I thought there may be a better way to do this.

I am trying to change these lines in the security.xml

<CSI xmi:id="IIOPSecurityProtocol_1">
64 <claims xmi:type="orb.securityprotocol:CommonSecureInterop" xmi:id="CSIv2 Inbound Configuration" stateful="true">
....................
....................
73 <layers xmi:type="orb.securityprotocol:TransportLayer" xmi:id="TransportLayer_1">
74 <requiredQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_2" establishTrustInClient="false" enableProtection="true" confidentiality="false" integrity="true"/>
75 <supportedQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_1" establishTrustInClient="true" enableProtection="false" confidentiality="true" integrity="true"/>
76 <serverAuthentication xmi:id="IIOPTransport_1" sslConfig=""/>
77 </layers>
78 </claims>

My script fails at the change itself.

AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')

AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )

Here is the complete script.

aSec = AdminConfig.getid('/Security:/')
csi = AdminConfig.showAttribute(aSec, "CSI")
claim = AdminConfig.showAttribute(csi, "claims")
if (claim.find('CSIv2 Inbound Configuration')!= -1):

layers = AdminConfig.showAttribute(claim, "layers" )

layList = layers[1:len(layers)-1].split(" ")

for aLayer in layList:

if (aLayer.find('TransportLayer')!= -1):

supportedQOP = AdminConfig.showAttribute(aLayer, "supportedQOP" )

requiredQOP = AdminConfig.showAttribute(aLayer, "requiredQOP" )

AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')

AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )

print AdminConfig.queryChanges()

AdminConfig.save()

When I query the changes via the penultimate line the security.xml does not change. I thought that this may be as a result of the Global Security. However Global Security is false.

wsadmin>AdminTask.isAppSecurityEnabled()
u'true'
wsadmin>AdminTask.isGlobalSecurityEnabled()
u'false'

Why might the modify not actually work?

Kind regards,

------------------------------
Amit Kapila
AmitKapila
------------------------------

Hello Hermann,
I have implemented the change in the file.

aSec = AdminConfig.getid('/Security:/')
csi = AdminConfig.showAttribute(aSec, "CSI")
claim = AdminConfig.showAttribute(csi, "claims")
if (claim.find('CSIv2 Inbound Configuration')!= -1):
layers = AdminConfig.showAttribute(claim, "layers" )
layList = layers[1:len(layers)-1].split(" ")
for aLayer in layList:
if (aLayer.find('TransportLayer')!= -1):
supportedQOP = AdminConfig.showAttribute(aLayer, "supportedQOP" )
requiredQOP = AdminConfig.showAttribute(aLayer, "requiredQOP" )
AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')
AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )
if (AdminConfig.hasChanges() == 1):
print AdminConfig.queryChanges()
AdminConfig.save()


Thanks for your reply,
Amit

------------------------------
Amit Kapila
AmitKapila
------------------------------

Original Message:
Sent: Wed April 15, 2020 02:41 AM
From: Hermann Huebler
Subject: AdminConfig.modify not modifying security.xml

Good morning Amit,
you can use the AdminConfig.hasChanges() function to determine if there are unsaved changes in the workspace. You can optimize the script and call AdminConfig.save() only of AdminConfig.hasChanges() returns 1.

------------------------------
Hermann Huebler

#IBMChampion

Original Message:
Sent: Mon April 13, 2020 08:23 AM
From: Amit Kapila
Subject: AdminConfig.modify not modifying security.xml

I want to automate a change that can be done in the WAS admin console via Jython.
I want to configure the Inbound transport panels in the administrative console to change Transport to SSL supported.
The auto generated script is as follows:

# Transport SSL Supported
#AdminTask.configureCSIInbound('[-messageLevelAuth Supported -supportedAuthMechList LTPA|BASICAUTH -clientCertAuth Supported -transportLayer Supported -sslConfiguration -enableIdentityAssertion false -statefulSession true -enableAttributePropagation true -trustedIdentities ]')

I am waiting for confirmation from the client that this is acceptable. However I thought there may be a better way to do this.

I am trying to change these lines in the security.xml

<CSI xmi:id="IIOPSecurityProtocol_1">
64 <claims xmi:type="orb.securityprotocol:CommonSecureInterop" xmi:id="CSIv2 Inbound Configuration" stateful="true">
....................
....................
73 <layers xmi:type="orb.securityprotocol:TransportLayer" xmi:id="TransportLayer_1">
74 <requiredQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_2" establishTrustInClient="false" enableProtection="true" confidentiality="false" integrity="true"/>
75 <supportedQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_1" establishTrustInClient="true" enableProtection="false" confidentiality="true" integrity="true"/>
76 <serverAuthentication xmi:id="IIOPTransport_1" sslConfig=""/>
77 </layers>
78 </claims>

My script fails at the change itself.

AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')

AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )

Here is the complete script.

aSec = AdminConfig.getid('/Security:/')
csi = AdminConfig.showAttribute(aSec, "CSI")
claim = AdminConfig.showAttribute(csi, "claims")
if (claim.find('CSIv2 Inbound Configuration')!= -1):

layers = AdminConfig.showAttribute(claim, "layers" )

layList = layers[1:len(layers)-1].split(" ")

for aLayer in layList:

if (aLayer.find('TransportLayer')!= -1):

supportedQOP = AdminConfig.showAttribute(aLayer, "supportedQOP" )

requiredQOP = AdminConfig.showAttribute(aLayer, "requiredQOP" )

AdminConfig.modify(requiredQOP, '[[establishTrustInClient "false"]]')

AdminConfig.modify(supportedQOP, [["establishTrustInClient", "true"]] )

print AdminConfig.queryChanges()

AdminConfig.save()

When I query the changes via the penultimate line the security.xml does not change. I thought that this may be as a result of the Global Security. However Global Security is false.

wsadmin>AdminTask.isAppSecurityEnabled()
u'true'
wsadmin>AdminTask.isGlobalSecurityEnabled()
u'false'

Why might the modify not actually work?

Kind regards,

------------------------------
Amit Kapila
AmitKapila
------------------------------