DWP Catalog - BMC Premium Encryption Configuration Steps

Version 22
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BMC Digital Workplace Advanced


    APPLIES TO:

    BMC MyIT 3.3, Digtial Workplace 18.x+, Digital Workplace Catalog 18.x+, AR System Server 9.1.x+



    PROBLEM:

    After installing Encryption Premium or Performance security on AR System Server, DWP Catalog is no longer able to connect to AR System Server with encryption enabled.


    CAUSE:

    Installer has no options to install Encryption on the Catalog Server as well as a defect on later releases.


    SOLUTION:

     

    This total solution will requir 3 different fixes for the whole system to work.  Java will need to be modified to include the encryption libraries, the Digital Workplace Catalog Remedy connection needs to be patched, and the Digital Workplace Catalog User Sync will need to be updated.

    Notes:

      
       
    1. You will need to at least do the installation of Premium or Performance Encryption on your AR System Server before enabling DWP to work with encryption.  It is advised that you do not enable encryption until after all clients have been configured.

    2.  
    3. The Premium or Performance Encryption installer does not have a DWP option during the installation, so configuration will need to be done manually.

    4.  
    5. After doing any patch or upgrade you may need to run these steps again to configure encryption.  (Java, DWPC, AR Server, and system)

    6.  
    7. If RSSO is active on DWP and DWP C then

           
      

    Configuring Java and DWPC to Use Encryption Libraries

      


    Configuring Java:

      
       
    1. Ensure that the DWP Catalog system ONLY has 1 version of Java installed.  If multiple versions of Java are installed (example: Java 8 x64, Java 8 x86, Java 11, Java 13) then it makes this process infinitely more complex.

    2.  
    3. Copy the Premium or Performance security binaries from a working AR System Server Java instance to the Java instance on the DWP Catalog server.

           
           
      1. To validate installation, ensure that the following files are created/replaced in the Java installation directory (BMC_JAVA_HOME) on the DWP Catalog server.  You may need to create the directories. (These files can and will be different depending on your version of Java and AR System. 

        Java 11+

      2.   
      

    %BMC_JAVA_HOME%\conf\security\java.security
    %BMC_JAVA_HOME%
    \conf\security\local_policy.jar
    %BMC_JAVA_HOME%\conf\security\US_export_policy.jar
    %BMC_JAVA_HOME%\lib\bmcext\cryptojce.jar
    %BMC_JAVA_HOME%\lib\bmcext\cryptojcommon.jar
    %BMC_JAVA_HOME%\lib\bmcext\jcmfips.jar

     

      

    Java 8

      

    %BMC_JAVA_HOME%\lib\security\java.security
    %BMC_JAVA_HOME%
    \lib\security\local_policy.jar
    %BMC_JAVA_HOME%\lib\security\US_export_policy.jar
    %BMC_JAVA_HOME%\lib\ext\cryptojce.jar
    %BMC_JAVA_HOME%\lib\ext\cryptojcommon.jar
    %BMC_JAVA_HOME%\lib\ext\jcmfips.jar

      

    Configuring DWP Catalog (Only needed for Java 11+):

      
      1.  Modify    </dwpCatalog>/bin/arconnectconfig.config - Add the bmcext directory as a additional classpath.  See example below: 
      
    jvm.classpath.1=../lib/start/startlevel3/* jvm.classpath.2=../lib/start/startlevel7/* jvm.classpath.3=../lib/embedded/* jvm.classpath.4=%BMC_JAVA_HOME%/lib/bmcext/*
      
      2.  Modify    /etc/arsystem/dwpcatalogServerName/armonitor.conf - Add the classpath parameter to each java process that runs, that is not the DWP Catalog server itself, see example below: 
      
    Monitor-directory: /apps/dwpc /apps/java/bin/java -jar /apps/dwpc/bin/arserver.jar -s clm-aus-u5isim -i /apps/dwpc -l /etc/arsystem/clm-aus-u5isim /apps/java/bin/java -Xmx512m -classpath /apps/dwpc/pluginsvr:/apps/java/lib/bmcext/*:/apps/dwpc/pluginsvr/arpluginsvr192_build001.jar com.bmc.arsys.pluginsvr.ARPluginServerMain -x clm-aus-u5isim -i /apps/dwpc
       


    Updating DWPC User Sync Mechanism

      
       
    1. Create a backup of the following file and remove it from the DWP Catalog installation directory:

           
           
      1. /dwpcInstallDir/artools/dependency/arapiext192_buildxxx.jar
      2.   
    2.  
    3. Copy the following files from your AR System Server (Note Linux based AR System Server's will have this in the bin directory):

           
           
      1. \ARSystem\arapi-91_buildxxx.jar

      2.    
      3. \ARSystem\log4j-1.2.xx.jar

      4.   
    4.  
    5. Paste the files from step 2, into the /dwpcInstallDir/artools/dependency/ directory from step 1.

    6.  
    7. Rename the newly pasted arapi-91_buildxxx.jar to be the same filename from step 4 above arapiext192_buildxxx.jar.

      

     

      

    Updating DWPC Remedy Connector

      
    For any DWP Catalog version lower than 20.02, we have a defect on Remedy Connector not being able to talk to Remedy: DRMY1-18533 - please reach out to support to get this Hotfix which is fixed on the next versions: 19.05.00.002 , 19.08.01, 19.11.01  



    Please test the following scenarios to esnure all functionality works correctly:

      
       
    • Run user group sync script and make sure it works

    •  
    • Test Remedy Connector and make sure it can talk to AR System Server

       

      
       
    • FOR DWP and BMC Premium Encryption Integration Steps - KA 000188281
    •  
    • FOR RSSO and BMC Premium Encryption Integration Steps - KA 000185495

     


    Article Number:

    000357209


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles