Security in webMethods

30 October 2009

Managing the Server Security

Securing Access

Securing Data Control Mechanisms

30 October 2009

Contd
Control who can configure and manage the server Control who can use webMethods Developer to connect to the server Digitally sign documents and verify digital signatures pub.pki.pkcs7:sign pub.pki.pkcs7:verify

30 October 2009

Public Key Infrastructure (PKI)

PKI Profiles Stored in File system as .epf files HSM Devices

30 October 2009

PKI Profile Checking Process

A client running outside your enterprise sends a signed and/or encrypted document to an Integration Server running inside your enterprise The Integration Server passes the document to an application Application calls the pub.pki services to access the PKI profiles The server verifies that the user associated with the request is a member of the PKI profiles Execute ACL

30 October 2009

PKI Profile Checking Process Contd..

The server decrypts and verifies the document using the keys and certificates in PKI Profile The PKI profile resides either in the file system, or on an HSM device The application processes the document and sends a response to the client

30 October 2009

Creating a PKI Profile

There are two main steps to setting up a PKI profile

Create a PKI profile

Create an alias for the PKI profile in the Integration Server

30 October 2009

Contd..
Open the Integration Server Administrator In the Adapters menu of the Navigation panel, click PKI In the PKI menu, click Profile Management Click Create PKI Profile

30 October 2009

30 October 2009

Control Mechanisms Contd..

Control access to packages, folders, and other elements that reside on server Specify how you want the server to authenticate clients Use different certificates for different connections Isolate your webMethods Integration Server behind an inner firewall i.e. Reverse Invoke Configuration

30 October 2009

10

Setting up Administrators
To grant administrative privileges to a user
Open the Integration Server Administrator if it is not already open In the Security menu of the Navigation panel, click User Management. Users in this Group Remaining Users In Groups area of the screen, in the Select group list, select Administrators In the Remaining Users list, select (highlight) the user or users to whom you want to grant administrator privileges The server moves the selected users to the Users in this Group list Click Save Changes.

30 October 2009

11

30 October 2009

12

Setting up Developers
To grant developer privileges to a user
Open the Integration Server Administrator if it is not already open In the Security menu of the Navigation panel, click User Management. Users in this Group Remaining Users In Groups area of the screen, in the Select group list, select Developers In the Remaining Users list, select (highlight) the user or users to whom you want to grant developer privileges The server moves the selected users to the Users in this Group list Click Save Changes.
30 October 2009 13

30 October 2009

14

Enabling & Disabling User Accounts

To enable a user: Open the Integration Server Administrator In the Security menu of the Navigation panel, click User Management Click Enable and Disable Users In the Disabled Users list select the user or users you want to enable At the bottom of the Disabled Users area of the screen Click The server moves the selected users to the Enabled Users area of the screen Click Save Changes

30 October 2009

15

30 October 2009

16

Contd..
To disable a user: Open the Integration Server Administrator In the Security menu of the Navigation panel, click User Management Click Enable and Disable Users In the Enabled Users list select the user or users you want to disable At the bottom of the Disabled Users area of the screen Click The server moves the selected users to the Disabled Users area of the screen Click Save Changes

30 October 2009

17

30 October 2009

18

Defining Groups
Administrator privileges Replicator privileges Developer privileges Privileges to invoke a service

30 October 2009

19

THANK YOU

30 October 2009

20