Enabling the AJAX proxy to forward user credentials
Edit the proxy configuration template file to instruct the IBM® Connections server to accept LTPA tokens or the TAM or SiteMinder cookies in an SSO environment. This task is necessary if you want to configure single sign-on between IBM Connections and the servers defined in the proxy configuration file to forward a specific list of cookies.
Procedure
- Open a command line window, start the wsadmin tool, and
then do one of the following things:
- If you want all of the applications to pass LTPA tokens, access
the common AJAX proxy configuration template file.
- Open a command prompt, and then change to the
following directory of the system on which you installed the deployment
manager:
where app_server_root is the WebSphere Application Server installation directory and dm_profile_root is the Deployment Manager profile directory, typically dmgr01. For example, on Windows:app_server_root\profiles\dm_profile_root\bin
C:\Program Files\IBM\WebSphere\AppServer\profiles\Dmgr01\bin
Attention: You must run the following command to start the wsadmin client from this specific directory because the Jython files for the product are stored here. If you try to start the client from a different directory, then the execfile() command that you subsequently call to initialize the administration environment for an IBM Connections component does not work correctly. - Enter the following command to start the wsadmin
client:
- AIX or Linux:
./wsadmin.sh -lang jython -user admin_user_id -password admin_password -port SOAP_CONNECTOR_ADDRESS Port
- Microsoft Windows:
wsadmin -lang jython -user admin_user_id -password admin_password -port SOAP_CONNECTOR_ADDRESS Port
where:- admin_user_id is the user name of a person in the Administrator role on the IBM WebSphere® Application Server.
- admin_password is the password of the WebSphere Application Server administrator.
- SOAP_CONNECTOR_ADDRESS Port is the SOAP port
for the WebSphere Application
Server. The default value of the SOAP port is 8879. If you are using
the default port value, you do not need to specify this parameter.
If you are not using the default and you do not know the port number,
you can look up its value in the WebSphere Application
Server Integrated Solution Console. To look up the SOAP port number,
perform the following steps:
- Open the WebSphere Application Server Integrated Solution Console for the deployment manager, and then select System Administration > Deployment Manager.
- In the Additional properties section expand Ports, and then look for the SOAP_CONNECTOR_ADDRESS port entry to find the port number.
For example:- AIX or Linux:
./wsadmin.sh -lang jython -username primaryAdmin -password p@assword -port 8879
- Microsoft Windows:
wsadmin -lang jython -username primaryAdmin -password p@assword -port 8879
- AIX or Linux:
- Open a command prompt, and then change to the
following directory of the system on which you installed the deployment
manager:
- If you want only a single application to be able to pass LTPA
tokens, access the custom proxy configuration template file that you
created for that application. See Configuring the AJAX proxy for
information about how to create this file. To access the custom configuration
template file, use the following command:
where application_name is the name of the application for which you created a custom proxy configuration template file. For example:execfile("$WAS_HOME/profiles/DMGR/bin/ application_nameConfig.py")
- Activities:
activitiesAdmin.py
- Communities:
communitiesAdmin.py
- Home page:
homepageAdmin.py
- Profiles:
profilesAdmin.py
If you are prompted to specify which server to connect to, type 1. This information is not used by the wsadmin client when you are making configuration changes.
- Activities:
- If you want all of the applications to pass LTPA tokens, access
the common AJAX proxy configuration template file.
- Check out the proxy configuration template file using one
of the following commands:
- If you want all of the applications to be able to pass LTPA
tokens, use the following command to check out the proxy-config.tpl file.
LCConfigService.checkOutProxyConfig("temp_directory","cell_name")
- If you want only a single application to be able to pass LTPA
tokens, use the following command:
where application_name is the name of the application for which you created a custom proxy configuration template file. For example:application_nameConfigService.checkOutProxyConfig( "temp_directory","cell_name")
- Activities:
ActivitiesConfigService.checkOutProxyConfig("temp_directory", "cell_name")
- Communities:
CommunitiesConfigService.checkOutProxyConfig("temp_directory", "cell_name")
- Home page:
HomepageCellConfig.checkOutProxyConfig("temp_directory", "cell_name")
- Profiles:
ProfilesConfigService.checkOutProxyConfig("temp_directory", "cell_name")
- Activities:
- If you want all of the applications to be able to pass LTPA
tokens, use the following command to check out the proxy-config.tpl file.
- From the temporary directory to which you checked out the files, open the proxy configuration template file in a text editor.
- Include the following declarations in the proxy:policy
block of the service to allow cookies for LTPA tokens to be passed
to the applications:
<proxy:cookies> <proxy:cookie>JSESSIONID</proxy:cookie> <proxy:cookie>LtpaToken</proxy:cookie> <proxy:cookie>LtpaToken2</proxy:cookie> </proxy:cookies>
For a TAM or SiteMinder SSO environment, include the following declarations:<proxy:cookies> <proxy:cookie>DomAuthSessId</proxy:cookie> <proxy:cookie>LtpaToken</proxy:cookie> <proxy:cookie>LtpaToken2</proxy:cookie> <proxy:cookie>Shimmer</proxy:cookie> <proxy:cookie>ShimmerS</proxy:cookie> <proxy:cookie>iwaSSL</proxy:cookie> <proxy:cookie>iwaSSL2</proxy:cookie> <proxy:cookie>JSESSIONID</proxy:cookie> <proxy:cookie>has</proxy:cookie> <proxy:cookie>PD-H-SESSION-ID</proxy:cookie><!-- TAM --> <proxy:cookie>PD-S-SESSION-ID</proxy:cookie><!-- TAM --> <proxy:cookie>SMIDENTITY</proxy:cookie><!-- SiteMinder --> <proxy:cookie>SMSESSION</proxy:cookie><!-- SiteMinder --> </proxy:cookies>
- Save and close the file.
- Check in the proxy configuration template file during the
same session in which you checked it out. To do so, complete the following
steps:
- If you edited the proxy-config.tpl file,
use the following command to check it back in:
where temp_directory is the temporary directory to which you checked out the configuration files, and cell_name is the name of the cell where the application that uses the common proxy-config.tpl file is located.LCConfigService.checkInProxyConfig("temp_directory", "cell_name")
- If you made configuration changes for a specific application,
check that custom template file back in using one of the following
commands:
- Activities:
ActivitiesConfigService.checkInProxyConfig("temp_directory", "cell_name")
- Communities:
CommunitiesConfigService.checkInProxyConfig("temp_directory", "cell_name")
- Home page:
HomepageCellConfig.checkInProxyConfig("temp_directory", "cell_name")
- Profiles:
ProfilesConfigService.checkInProxyConfig("temp_directory", "cell_name")
where temp_directory is the temporary directory to which you checked out the configuration files, and cell_name is the name of the cell where the application that uses the proxy template file is located.
- Activities:
- If you edited the proxy-config.tpl file,
use the following command to check it back in:
- Restart the application server hosting IBM Connections.