securityibm-integration-bus

IIB - BIP4761E: The message flow attempted to use 'SecurityProfiles' policy


I' am trying to set LDAP Auth on Pet Store REST API in IBM App Connect v11.0.0.6 In order to do so, I have followed this guide:

Creating a security profile for LDAP

I made a BAR file out of my "pet" REST API, deployed policy to the same Integration Node, then in flow properties tried to pick my ldapPolicy but it was not present. When I enter it manually and deploy I end up with this error:


Begin running task [Deploying [pet.bar] to integration server [InteriorIntegration]]

The BAR file C:/WorkDir/workspace/pet/pet.bar has been deployed to InteriorIntegration but there were one or more failures which may mean the deployed resources will be unable to execute. 

The following message was received:

BIP9339W: The values defined in the policy(s) 'ldapPolicy' in policy project 'ldapTest' match the values of the existing policy(s). Any deployed resources using the policy(s) will not be affected by the redeploy of the policy project. 
BIP4761E: The message flow attempted to use 'SecurityProfiles' policy 'ldapPolicy', which has not been defined in the integration server. 
BIP9320E: Message Flow 'gen.pet', 'gen.pet' encountered a failure and could not start. 
BIP4761E: The message flow attempted to use 'SecurityProfiles' policy 'ldapPolicy', which has not been defined in the integration server. 
BIP4761E: The message flow attempted to use 'SecurityProfiles' policy 'ldapPolicy', which has not been defined in the integration server. 
BIP9320E: Message Flow 'gen.pet', 'gen.pet' encountered a failure and could not start. 
BIP4761E: The message flow attempted to use 'SecurityProfiles' policy 'ldapPolicy', which has not been defined in the integration server. 
BIP9333W: RestAPI 'pet' has been changed but contains errors which has prevented some resources from starting. 
BIP1096E: The source 'pet.bar' has been deployed but there were one or more failures which may mean the deployed resources will be unable to execute. 

The task did not complete successfully: The deployment was partially successful. Check error messages for explanation.

And here is my Policy XML:

<?xml version="1.0" encoding="UTF-8"?>
<policies>
  <policy policyType="SecurityProfiles" policyName="ldapPolicy" policyTemplate="SecurityProfiles">
    <authentication>LDAP</authentication>
    <authenticationConfig>ldap://example.com:389/ou=example</authenticationConfig>
    <mapping>NONE</mapping>
    <mappingConfig></mappingConfig>
    <authorization>LDAP</authorization>
    <authorizationConfig>ldap://example.com:389/ou=example</authorizationConfig>
    <propagation>false</propagation>
    <idToPropagateToTransport>Message ID</idToPropagateToTransport>
    <transportPropagationConfig></transportPropagationConfig>
    <keyStore>Reserved for future use</keyStore>
    <trustStore>Reserved for future use</trustStore>
    <passwordValue>PLAIN</passwordValue>
    <rejectBlankpassword>true</rejectBlankpassword>
  </policy>
</policies>

What am I missing?

Note:

BIP9339W: The values defined in the policy(s) 'ldapPolicy' in policy project 'ldapTest' match the values of the existing policy(s). Any deployed resources using the policy(s) will not be affected by the redeploy of the policy project. 

EDIT: I think the above error occurs because ldapTest is already deployed (?). If so then why I cannot choose this policy in security profile dropdown?

Error from event logs:

( Int.Server ) The message flow attempted to use ''SecurityProfiles'' policy ''ldapPolicy'', which has not been defined in the integration server.   

Policies need to be set on the integration server. Use the administrative REST API to check that a '''SecurityProfiles'' policy called ''ldapPolicy' exists.   

Use the toolkit to create the required policy and deploy it to the integration server, or adjust the message flow to avoid requiring the policy.  

Solution

  • After few days of trying to find an answer in docs and going trough trial and error I found out that to set Security Profile Name field you have to use special syntax:

    {PolicyProjectName}:PolicyName

    So for example if you create and deploy MyPolicies project and you want to use MyPolicy policy you have to type in Security Profile Name:

    {MyPolicies}:MyPolicy