Adding new user to trading network or Integration Server components require a restart

Has anyone ever experience whenever a new user is added and have a role associated with either Trading Networks or Integration Server requires the IS to be restarted. Is that a bug or a configuration is being missed somewhere. The user logs into MWS but get “Access Denied” when viewing TN transactions. When I restart the IS, it works. I find that a big unusual.

That’s not the case. Check if Central User Management is configured correctly on IS, if yes then its better to report to support with SI.

Hi,

additionally to what Mahesh suggested please check the ACLs on IS starting with “TN” if the MWS group or role the user in question belongs to is member of these. Esp. TN Administrators should be checked here.

MWS groups or roles as members of IS ACLs are marked with “system/” instead of “local/”.

Additionally when adding new users it might take some time until the central users cache in IS refreshes automatically (might take up to an hour).

Which version of wM are you on, as this behaviour will change in the recent 10.3 and onwards (eventually already on 10.2) as using the MWS database as an JMS Provider for Central User management will be considered deprecated. An UM JMS Provider will be needed then even when (deprecated) Broker is still used as the main Mesagging Provider for the real data.

Regards,
Holger

The “old” db based event delivery mechanism was removed with a more reliable event delivery system via universal messaging.

Now SAG switched the sync mechanism for MWS clusters to UM and removed the previously existing DB mechanism.

With doing that, they also affected all other use cases for central user management, so that now UM is a requirement.

MywebMServer_readme_10-1.pdf
My webMethods Server 10.1 Readme
Removed Item
Using the database as a JMS provider for My webMethods Server clusters is removed

Replacement, if any
Using the My webMethods Server database as a JMS provider for cluster communication is
removed. The replacement is using the Universal Messaging server.


Configuring the Connection to the Universal Messaging Server
By default, My webMethods Server uses the webMethods Universal Messaging
server as a Java Message Service (JMS) provider. However, the connection to the
Universal Messaging server is not configured by default

To configure the connection to the Universal Messaging server

  1. Navigate to the following page:
    As My webMethods administrator: Navigate > Applications > Administration > My
    webMethods > Cluster Settings.
    As sysadmin: Administration Dashboard > Configuration > Cluster Administration.
  2. On the Advanced or Clustered Configuration tab, specify the location of the Universal
    Messaging server in the JNDI Provider URL field.
    The default URL of the Universal Messaging server in a local installation is:
    nsp://localhost:9000
  3. Click Submit.

There is dependency of Universal Messaging from 10.0 onwards, we have to configure UM to access new users.

Please follow below steps to configure UM.

  1. Install Universal Messaging
  2. start the UM server
  3. start UM “Enterprise Manager”
  4. Right Click on “Realms” and click on ‘Connect to Realm’
  5. Enter RNAME URL as nsp://localhost:9000 (nsp://:9000) and click ok button
  6. Login To MWS
  7. Go to Administration > My webMethods > System Settings > Cluster Settings"
  8. Click on ‘Advanced or Clustered Configuration’ tab
  9. Provide “JMS Provider URL:” as nsp://localhost:9000
  10. Save the changes and restart the IS, MWS and UM server

As mentioned in page 15 and 17 of https://techcommunity.softwareag.com/ecosystem/documentation/webmethods/wmsuites/wmsuite10-1/readme/MywebMServer_readme_10-1.pdf (see attached screenshot), MWS product design has been changed to stop using database as a JMS provider for MWS cluster, and instead switched to use Universal Messaging as JMS provider. The JMS provider is not only required by MWS cluster but also Central Users (CDS) which is applicable in your case. Please see detailed explanation and arrangements from R&D for the change below.


The decision to remove the database-based clustering was driven in an effort to improve robustness, as the database cluster implementation has caused significant issues in large MWS customers. It was assumed that MWS clustering would only be needed by BPMS customers and that they would have UM in their landscape anyway (or at least would have after a migration from Broker). There is an additional use-case of IS-only customers using Central Users (CDS). This setup also requires MWS clustering to be configured, even if there is only a single MWS, because each CDS client (i.e. each IS) is effectively a mini-MWS that needs its state synchronized using that mechanism.

Dear Experts,

We have webMethods 10.3 environment with 2 instance of IS, MWS and UM (all in same installation directory). UM is configured as JMS Provider in MWS cluster settings and I can see the Topic com/webMethods/cds/events in UM realm. When creating/updating the users or roles I see below message reaching the topic (captured via snoop).

The problem is, these changes are not reflected in Integration Server immedietly. (Reflects after restart).
I have cross checked the below configs,

  • SAML Resolver,
  • Central User JDBC pool config,
  • I see log entry " [ISS.0024.0012I] Central User Management initialized successfully." when IS is started.

How does Integration Server consumes these events from UM Topic? Does it use native or JMS connection alias? Is there something I can check further to debug this?

Thanks in advance.

Json message published to the topic by MWS -
{
“action”: 1,
“principalID”: “/directory/staticroleprovider/role/uid%3drepro_role_2”
}