Configure Websphere Liberty to use password consumers for SQL Server or Oracle
search cancel

Configure Websphere Liberty to use password consumers for SQL Server or Oracle

book

Article ID: 46667

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Summary:

How to configure Websphere Liberty to use a PIM Oracle or SQL Server password consumer to make a datasource connection

 

Instructions:

NOTE: That there appears to be a bug with Websphere Liberty 8.5.5.8 (wlp-1.0.11.cl50820151201-1942) whereby it will not work with CAJDBC, or specifically jsafeFIPS.jar. You will receive a java.lang.NullPointerException. 16.0.0.2 (wlp-1.0.13.cl160220160526-2258) does not have this problem.

 

This assumes that a PIM agent is already installed and running on the server hosting Websphere Liberty, and that a privileged account and password consumer have already been set up for the SQL Server or Oracle login.

 

1) Create a folder c:\cajdbc, and copy the following files to it:

<AccessControl>\SDK\JDBC\CAJDBCDriver.jar 

<AccessControl>\SDK\JDBC\CAPUPMClientCommons.jar 

<AccessControl>\SDK\JDBC\jsafeFIPS.jar 

 

2) If using SQL Server, copy the correct version of sqljdbc*.jar for your version for the version of java you are using to c:\cajdbc. For Oracle copy correct version of ojdbc*.jar to c:\cajdbc.

 

3) Edit the Websphere Liberty instance's server.xml and add or modify the dataSource like so replacing the variables listed below:

<dataSource id="<datasourceid>" jndiName="jdbc/<datasourcename>" type="javax.sql.XADataSource">

<jdbcDriver javax.sql.XADataSource="com.ca.ppm.clients.jdbc.CAJDBCDataSource">

<library>

<fileset dir="C:/JDBC" includes="*.jar" scanInterval="5s"/>

</library>

</jdbcDriver>

<properties CAJDBCProperties="CAJDBCPropertyRealDatasourceClass=<datasourceclass>;url=<url>;user=<user>"/>

</dataSource>

 

Variables and their meaning:

<datasourceid>

The dataSource id for the connection. This might be "DefaultDataSource."

 

<datasourcename>

The data source name that you application uses to connect to the datasource

 

<datasourceclass>

For oracle "oracle.jdbc.xa.client.OracleXADataSource"

For SQL Server "com.microsoft.sqlserver.jdbc.SQLServerXADataSource"

 

<url>, where <server>, <port> and <db> have obvious meanings

For Oracle "jdbc:oracle:thin:@<server>:<port>:<db>"

For SQL Server "jdbc:sqlserver://<server>:<port>/<db>"

 

<user>

The user that is to be checked out via PIM and make the connection to the database

 

4) Restart Websphere Liberty.

Environment

Release: ACP1M005900-12.9-Privileged Identity Manager
Component:
Powered by Wolken Software