Integration with IBM WebSphere Application Server

9 min

this document describes how to integrate kron pam with ibm websphere application server to manage password rotation for users associated with data sources defined in the websphere environment it also details the configuration of the kron pam jdbc proxy driver required for this integration prerequisites kron pam jdbc proxy driver should be downloaded from kron file repo copy this file to the directory where websphere jdbc drivers are located adding new jdbc provider after copying the kron pam jdbc proxy driver driver jar file, proceed to define the jdbc provider in the websphere environment navigate to resources → jdbc → jdbc providers in the websphere console click new to create a new jdbc provider adding new jdbc provider enter the parameters as follows and click next to proceed parameter description scope default system value (non editable) database type user defined implementation class name com kron jdbc kronconnectionpoolds name name for the jdbc driver (e g , kron pam jdbc proxy driver) description optional – enter any notes related to this provider creating new jdbc provider on the database class path information screen, provide the full path to the directory where you placed kron pam jdbc proxy driver in the example below, the ${was install root} variable refers to the websphere installation directory (e g , /program files/ibm/websphere/appserver) adding database class path review all entered parameters on the summary screen if everything is correct, click finish to complete the jdbc provider configuration reviewing jdbc provider configuration adding new data source after the jdbc provider setup, create a new data source using this provider navigate to resources → jdbc → data sources click new to create a new data source fill in the details as follows and click next to continue parameter description data source name name for datasource ( e g kron jdbc ds ) jndi name kronjdbcdriverds adding new data source on the next screen, select the kron jdbc provider you created earlier selecting jdbc provider review database specific properties this screen covers the properties required by the jdbc driver if the wizard does not display all necessary fields (e g , servername, portnumber, databasename, url, drivertype), missing properties must be added manually as custom properties later the wizard may only show basic fields for some database types for certain custom or user defined jdbc drivers, websphere may not recognize the helper class and will default to a generic class if the checkbox for container managed persistence (cmp) is selected, the datasource becomes available for ejb components, enabling the ejb container to automatically manage database transactions entering database specific properties on the next screen, select the authentication alias that the application will use to connect to the database if multiple applications access the same datasource and each requires different authentication aliases, map global authentication settings (e g , for all datasources) to specify which authentication aliases and method the datasource will use for database connections define the authentication aliases for container managed database connections (e g , in cmp ejb or jta transaction applications) then, proceeds to the next page configuring security aliases review the summary and click to finish reviewing the summary editing custom properties of data source after creating the data source, open it in edit mode and navigate to the custom properties tab editing custom properties click new to add the following parameters and values parameter description token the application token (aapm token) value which is created on kron pam pamurl the url address of the kron pam instance accname password vault account name accpath password vault account path url the database connection string for the target user, in the format jdbc\ kron {subprotocol} //{db address} {db port}/{db name} (the prefix jdbc\ kron must be included for all data sources e g jdbc\ kron\ postgresql //postgresql example com 5432/example db ) agenthost ip address of kron pam secrets management agent agentport port number of kron pam secrets management agent adding new property after defining all configuration parameters, restarting the application server is recommended once all configurations are complete the kron jdbc provider and data source are ready for integration with kron pam