Integration Server 10.15 | Usage Notes
 
Usage Notes
This section provides any additional information you need to work with the current release of this product.
*webMethods Integration Cloud is deprecated as of December 31, 2022 and will be discontinued as of December 31, 2023. webMethods Integration Cloud has been superseded by webMethods.io Integration, which offers a number of improvements and new capabilities reaching significantly beyond the capabilities of webMethods Integration Cloud, including code, low-code and no-code approaches to building integrations and automation.
*Beginning with the 10.11 release, when you launch Integration Server Administrator, the redesigned interface loads by default. However, you can switch to the legacy interface temporarily by opening the home page of the WmRoot package. Alternatively, to use the legacy interface every time you start Integration Server, set the value of the watt.server.defaultPackage server configuration parameter to WmRoot.
*During installation of Integration Server, an option can be set requiring that the password for the Administrator user account be changed immediately upon successful log in to Integration Server Administrator. If so, the Administrator user account password must be changed before the server can do anything else. Any requests sent to Integration Server before the Administrator password is changed will be rejected.
*When migrating an Integration Server instance, if the user opts to use a clone of the live database for the JDBC connection pool, the migration utility prompts for the password for all JDBC connection pool aliases. The migration utility saves the encoded password in the migrate.dat file by default. However, saving the encoded password in the migrate.dat file represents a security vulnerability. The new server configuration parameter watt.migrate.hidePassword controls whether an encoded database password for a JDBC connection pool alias will be saved in migrate.dat. Set watt.migrate.hidePassword to false in the migrate.bat/sh file on the target Integration Server for the migration utility to save the encoded database password. Set to true to omit database passwords for JDBC connection pool aliases from the migrate.dat file. The default is false. Set the watt.migrate.hidePassword value on the target Integration Server before running the migration utility.
Example of setting watt.migrate.hidePassword in migrate.bat:
%JAVA_EXE% -Dwatt.migrate.hidePassword=true -Dwatt.migrate.product.dataProvider=com.wm.app.b2b.server.migrate.MigratorAppDataProviderImpl -Dwatt.installer.migrate.destDir="%IS_DIR%" -Dcom.webmethods.sc.config.configRoot="%IS_DIR%\config" -DCDBS.home.path=%DB_DIR% -Djava.library.path="%SSO_DIR%" -ms%JAVA_MIN_MEM% -mx%JAVA_MAX_MEM% -classpath %CLASSPATH% com.wm.app.b2b.server.migrate.cmd.IntegrationServerCmdLineToolMigrationDriver %*
Example of setting watt.migrate.hidePassword in migrate.sh:
$JAVA_RUN $JAVA_D64 -Dwatt.migrate.hidePassword=true -Dwatt.migrate.product.dataProvider=com.wm.app.b2b.server.migrate.MigratorAppDataProviderImpl -Dwatt.installer.migrate.destDir=$IS_DIR -Dcom.web
*Beginning in version 10.11, Integration Server supports the application/merge-patch+json media type. The PATCH operations in Integration Server Administrator API support the JSON Merge Patch specification, https://tools.ietf.org/html/rfc739, which requires a client to use the application/merge-patch+json media type. If you migrated to Integration Server 10.11 or later from a version prior to 10.11, the watt.server.content.type.mappings parameter might have been used to map application/merge-patch+json to another content-type. In these situations, Integration Server uses the content-handler for the mapped content-type as long as the request is not a PATCH request for the Administrator API. Requests to the Administrator API include the directive “admin”. However, Integration Server now prevents the watt.server.content.type.mappings from mapping another content-type to application/merge-patch+json. If the watt.server.content.type.mappings value is changed to include application/merge-patch+json, Integration Server Administrator displays the following error “The Content-Type mapping to application/merge-patch+json is not allowed”.
*Beginning with the 10.7 release, webMethods Integration Agent is no longer available. Use webMethods Microservices Runtime instead.
*Integration Server 10.11 no longer includes TLSv1.1 as a default enabled protocol. The default values for watt.net.jsse.client.disabledProtocols and watt.net.jsse.server.disabledProtocols now include TLSv1.1.
*Integration Server 10.7 supports TLS v1.3 for secure inbound and outbound connections that use JSSE. Integration Server 10.7 no longer includes TLSv1.0 as a default enabled protocol. To support this change, Integration Server removes the server configuration parameters watt.net.jsse.client.enabledProtocols and watt.net.jsse.server.enabledProtocols, replacing them with watt.net.jsse.client.disabledProtocols and watt.net.jsse.server.disabledProtocols, respectively. During migration of an earlier version of Integration Server to version 10.7, Integration Server detects the current values of watt.net.jsse.client.enabledProtocols and watt.net.jsse.server.enabledProtocols. Integration Server then uses those values to build the values for watt.net.jsse.client.disabledProtocols and watt.net.jsse.server.disabledProtocols.
*XML Schema 1.1 is not supported on AIX.The Xerces library in AIX supports XML Schema 1.0 only. Attempts to use XML Schema 1.1 features on an Integration Server running on AIX results in schema syntax errors and the schema does not compile.
*Use of MD5 signing algorithm is not supported when Integration Server runs in FIPS mode.
*Beginning in Integration Server 10.7, the pub.mime services have been enhanced to support large payloads. If any of your existing flow services use the pub.mime:createMimeData or the pub.mime:getEnvelopeStream services and you want to take advantage of the new functionality, you need to modify the follow services to use a javax.mail.internet.MimeMessage object instead of an InputStream. This would involve using the pipeline to change mapping for the service in question. Further, the watt.server.mime.largeDataThreshold value determines if the pub.mime:getEnvelopeStream service returns a javax.mail.internet.MimeMessage object instead of an InputStream. If you do not want invocations of pub.mime:getEnvelopeStream service to return a javax.mail.internet.MimeMessage object, increase the value of watt.server.mime.largeDataThreshold. You could also use convert a javax.mail.internet.MimeMessage to an InputStream using the javax.mail.internet.MimeMessage.writeTo().
*Integration Server does not support HTTP request or response compression for dynamic server pages (DSPs).
*Integration Server now includes the server configuration parameter watt.client.data.maxToStringLength which sets a limit on how long the String produced by IData.toString() can be. Previously, there was no limit to how long the produced String could be. Introduction of a limit of the maximum String length for the IData.toString() response will impact any solutions that use IData.toString() to determine if two Strings were equivalent. Use the equals() method to determine if two IData objects are equivalent.
*webMethods Broker is deprecated.
*Before importing a Swagger document into Integration Server, validate the document using an external tool.
*In Universal Messaging version 10.0 the implementation of shared durables was rewritten to improve stability and performance.
However, these changes were not compatible with the pub.publish:deliver* services which relied on the previous implementation of shared durables to ensure that delivered documents were routed by Universal Messaging to the intended destination. As of version 10.3 (and in fixes delivered on earlier releases), Universal Messaging implemented subscriber name filtering for its durable subscriptions. In subscriber name filtering, when a publisher designates a message for a specific subscriber, Universal Messaging routes the message to a consumer whose durable subscription name matches the designated subscriber name in the message. For Integration Server, the subscription name filtering requires some modifications, specifically:
*Enable the subscription name filtering feature on Universal Messaging To enable the feature through Universal Messaging Enterprise Manager, navigate to the realm and select the Config tab. In the realm server configuration panel, click Show Advanced Config. Expand Advanced Configuration - Durable Config and set Durable Name Filtering to true.
*Change the destID input parameter value in invocations of pub.publish:deliver and pub.publish:deliverAndWait, if necessary. This may only be necessary when the trigger to which the message is to be delivered contains an underscore in its name. For more information about client IDs for triggers and how this change may impact existing services that invoke pub.publish:deliver*, see the Publish-Subscribe Developer’s Guide.
*PIE-58995
Previously, when creating a Dockerfile for an Integration Server that runs on Windows, the -Dimage.name parameter did not need to be specified because the is_container scripts referenced the base image tagged “latest” for Windows server containers. However, Microsoft now provides Windows image tags per OS version instead of a “latest” base image. This change prevents a Dockerfile from being created for an Integration Server running on Windows when the -Dimage.name parameter was not specified.
For an Integration Server running on Windows, the -Dimage.name parameter should be set as follows:
-Dimage.name=mcr.microsoft.com/windows/servercore:YourOsImageTagWhere YourOsImageTag is the tag for the Windows image created for the OS version on which Integration Server runs.
*Integration Server 10.4 and previous versions to which a fix including PIE-51049 was applied provide stricter validation for an inbound SOAP request. Validation of an inbound SOAP request message fails if the SOAP request body includes input fields that are not part of the service input signature. This behavior change may be problematic for existing solutions. Integration Server includes a server configuration parameter named watt.server.soap.validateInput that can be used to control whether or not a validation error occurs when the inbound SOAP request includes fields that are not declared in the service input signature. Set this parameter to false to obtain the behavior that existed prior to 10.4 or applying a fix that includes PIE-51049.
*Take care when setting the watt.security.max* server configuration parameters. If the parameters values are set too low, Integration Server rejects legitimate requests. It is also possible to lock yourself out of Integration Server Administrator by setting the parameters too low. If this happens, you can try changing the configuration parameter values by invoking the wm.server.admin:setSettings service with a command-line HTTP client. If you are still unable to change the value of these parameters, you need to kill the Integration Server process, manually edit the parameters in the Integration Server_directory/instances/instanceName/config/server.cnf file, and restart Integration Server.
*PIE-32205
Integration Server does not provide Java-based NTLM (Windows NT LAN Manager) support for proxy servers that support NTLM authentication.
You can only use the NTLM authentication support in Integration Server to allow clients to access resources on web servers that support NTLM authentication, such as Microsoft Internet Information Server (IIS).
*PIE-16497
Integration Server does not generate the *doctype field for IS document types generated from derived document types in a schema, when:
*Deriving a complex type from an empty complex type by extension.
*Deriving a complex type from a simple type by extension.
*PIE-42419
As of Integration Server 10.0, the Allow List for any new port with an Access Mode of “Deny by Default” now includes the wm.server.csrfguard:getCSRFSecretToken service and the wm.server.csrfguard:isCSRFGuardEnabled service. When migrating to Integration Server 10.0 or higher from a version lower than 10.0, for any existing ports with an Access Mode of “Deny by Default”, you must manually update the Allow List to include the wm.server.csrfguard:getCSRFSecretToken and wm.server.csrfguard:isCSRFGuardEnabled services.
*PIE-48484
A web service request that specifies a content type of application/xml succeeds in versions of Integration Server prior to version 9.12. However, the web service request fails in Integration Server version 9.12. Prior to Integration Server 9.12, Integration Server did not provide out of the box support to directly handle the content type application/xml. If a content handler was not specified for application/xml, Integration Server used the default content handler. The default handling is the same as the handling of text/html, resulting in XML being placed in the pipeline as an inputStream . In version 9.12, Integration Server added a content handler named ContentHandler_XML to support the content type application/xml, resulting in the content being placed in the pipeline as an XML node. This behavior change causes the web service request to fail in version 9.12 because the web service expects an inputStream, not an XML node. To address this issue and avoid having to change the service to accept an XML node instead of an inputStream, you can use the watt.server.content.type.mappings server configuration parameter to map the application/xml content type to the text/xml content type. Integration Server will use the text/xml content handler when receiving a request that specifies a content type of application/xml. Specify the following: watt.server.content.type.mappings=application/xml text/xml
*PIE-63099 Integration Server returns a misleading message when you update a KEX algorithm for an SFTP server alias.
When you update a KEX algorithm for an SFTP server alias, the algorithm is updated correctly. However, Integration Server returns a message indicating that a different algorithm is updated.
Ignore the message as it is incorrect.
*If your solution includes publishable document types with an encoding type of protocol buffers, you need to edit, save, and synchronize the publishable document types to Universal Messaging while the queues of subscribing triggers are empty. This ensures that subscribing triggers will not fail with a NullPointerException if you later choose to edit the publishable document type while queues of subscribing triggers contain published documents that conform to earlier iterations of the publishable document type.
*Integration Server 10.0 introduces the ability to enable or disable follow the master behavior on a per messaging connection alias basis. Prior to Integration Server 10.0, follow the master was enabled globally for webMethods messaging. The only way to disable follow the master behavior was to modify the custom_wrapper.conf file to include the wrapper.java.additional.n=-DFollowTheMaster=false where n was the next available wrapper.java.additional number. Do not use the DFollowTheMaster parameter to control the follow the master behavior for Integration Server. This parameter setting will override the follow the master behavior set in Universal Messaging connection aliases and JMS connection aliases.
*When securing web services using policies based on WS-SecurityPolicy, you cannot alter an inbound message before the security processing executes or alter an outbound message after the security processing completes. For inbound messages, Integration Server always performs the security processing first upon receiving the message. As a result, Integration Server cannot invoke custom handlers before the security processing of an inbound message. For outbound messages, Integration Server always performs the security processing last, right before it sends the message. As a result, Integration Server cannot invoke custom handlers after the security processing of an outbound message.
*Integration Server uses Xerces Java parser version Xerces-J 2.12.1-xml-schema-1.1. Limitations for this version are listed at https://xerces.apache.org/xerces2-j/.
*If you want to use WS-SecurityPolicy to secure a web service and want to use MTOM streaming, be aware that if the fields to be streamed are being signed and/or encrypted, Integration Server cannot use MTOM streaming because Integration Server needs to keep the entire message in memory to sign and/or encrypt the message.
*Web services security implemented using WS-Security facility in Integration Server does not support partial message operations (Sign/Encrypt). Integration Server allows only the body of the SOAP message to be signed and encrypted.
*Do not modify the following file unless instructed to do so by Software AG:
<IntegrationServer_directory>\instances\<instanceName>\config\wss\axis2.xmlChanges to this file may result in an unstable configuration. Software AG will not support issues that arise because of changes to this file that were not authorized by Software AG.
*Software AG does not support the deployment of custom handlers or modules via placement of an Axis Module (*.mar) file in the following directory:
<IntegrationServer_directory>\instances\<instanceName>\config\wss\modulesUnexpected behavior that arises due to the manual deployment of mar files directly to this location is the responsibility of the user and will not be addressed by Software AG.
*Software AG does not support the deployment of web services via placement of an Axis Archive (*.aar) file in the following directory:
<IntegrationServer_directory>\instances\<instanceName>\config\wss\servicesUnexpected behavior that arises due to the manual deployment of aar files directly to this location is the responsibility of the user and will not be addressed by Software AG.
*In Integration Server version 10.1, the default behavior of the enhanced XML parser now prohibits the support of DTDs and resolution of external entity references. For the pub.xml:loadEnhancedXMLNode and pub.xml:XMLStringToEnhancedXMLNode services the inputProcessing\supportDTD input parameter and the inputProcessing\isSupportingExternalEntities now have a default value of false. If an existing solution relies in the previous default behavior (inputProcessing\supportDTD and inputProcessing\isSupportinExternalEntities were set to true), after migrating to Integration Server 10.1 or higher, you must update invocations of pub.xml:loadEnhancedXMLNode and pub.xml:XMLStringToEnhancedXMLNode to set inputProcessing\supportDTD and\or inputProcessing\isSupportinExternalEntities to true.
*If Integration Server uses central user management which is provided through Common Directory Services and My webMethods Server, you must keep the common libraries provided by My webMethods Server up to date. To obtain the current changes to the common libraries, install the latest My webMethods Server fix located under Common Libraries in Software AG Update Manager.
*Now, when you start Integration Server, Integration Server receives configuration settings (for example, the size of the Java heap) from the wrapper.conf and custom_wrapper.conf files located in the Software AG_directory\profiles\IS_instance_name\configuration directory. Integration Server no longer obtains settings from setenv.bat/sh or server.bat/sh.
If you need to modify the default property settings for Integration Server, you can override the settings using the custom_wrapper.conf file. The following table shows the settings formerly set in the setenv.bat/sh file that are now set using properties in the custom_wrapper.conf file:
This setting in setenv.bat/sh…
Is replaced with the following property in custom_wrapper.conf…
APPENDCLASSES/ APPEND_SYSTEM_CLASSPATH
wrapper.java.additional.203=-Dwatt.server.append.classes=
JAVA_CUSTOM_OPTS
wrapper.java.additional.n
JAVA_MAX_DIRECT_SIZE
wrapper.java.additional.n=XX:MaxDirectMemorySize=
JAVA_MAX_MEM
wrapper.java.maxmemory
JAVA_MAX_PERM_SIZE
wrapper.java.additional.n=XX:MaxPermSize=
JAVA_MIN_MEM
wrapper.java.initmemory
PREPENDCLASSES/ PREPEND_SYSTEM_CLASSPATH
wrapper.java.additional.202=-Dwatt.server.prepend.classes=
The following table shows settings you can change that were formerly in the setenv.bat/sh file, but are now located in other files or removed:
Setting
New location (if applicable)
DEBUG_ENABLED
Software AG_directory\profiles\IS_instance_name\bin\ startDebugMode.bat/sh
JAVA_PROFILER_OPTS/ PROFILER_ENABLED
Removed.
Java location
wrapper.java.command in Software AG_directory\ profiles\IS_instance_name\configuration\wrapper.conf
JMX_ENABLED
Removed. JMX monitoring is enabled by default and cannot be disabled.
JMX_PORT
The port property in Software AG_directory\profiles\IS_instance_name\configuration\ com.software.jmx.connector.pid-port.properties
The startup.bat/sh and shutdown.bat/sh scripts contained in the Integration Server_directory\instances\instance_name\bin and Integration Server_directory\bin directories are deprecated. You should use the scripts contained in the Software AG_directory\profiles\IS_instance_name\bin directory to start and stop Integration Server. If you will manage Integration Server through Command Central, you must use the scripts located in the Software AG_directory\profiles\IS_instance_name\bin directory.
The installSvc.bat file located in Integration Server_directory\instances\instance_name\support\win32 directory is also deprecated. You should use the service.bat file from the Software AG_directory\profiles\IS_instance_name\bin directory to register or remove an Integration Server instance as a Windows service.
For complete instructions for using any of the features affected by these changes, see webMethods Integration Server Administrator’s Guide and Working with the webMethods Product Suite and the Java Service Wrapper.