Switching to unique administrator IDs for system level communication
Create extra J2C authentication aliases and remap the roles.
Before you begin
This task is optional. Complete this task only if you want to map a different user ID to the system-level roles for one or more HCL Connections applications.
About this task
When you install HCL Connections, you are prompted by the installation wizard to provide credentials for a user account for application-to-application communication. The installation wizard also creates a J2C authentication alias called connectionsAdmin. This alias is associated with the new user account and maps that account to a set of application roles. If you want to map these roles to different system user accounts, create extra J2C authentication aliases and remap the roles.
Role | Description |
---|---|
dsx-admin | Used by the Profiles and Communities applications to retrieve user or community data. When other applications need user or community data, they use the connectionsAdmin user to authenticate with Profiles and Communities and then request the data from Profiles and Communities. |
search-admin | Used by all applications to control which user IDs can query seedlist information. The seedlist data is used to create the global index. The Search application uses the connectionsAdmin user ID to authenticate with the other applications and queries them on a scheduled basis to update the index. |
widget-admin | Used by applications, such as Activities, Blogs, Files, and Wikis, that make widgets available within the Communities application. Users that are assigned to this role can run administrative commands on managed applications. The Communities application uses the connectionsAdmin user ID to authenticate with the other applications and then passes the requests to them. |
The connectionsAdmin does not represent the administrative user of an application; it represents a system-level user for application to application communication.
To map a different user ID to one of the default roles, complete the following steps:Procedure
- Complete either set of the following substeps:
- Specify a different system-level user ID for the dsx-admin,
search-admin, or widget-admin roles:
- From the IBM® WebSphere® Application Server Integrated Solutions Console, expand Securityand then select Global security.
- In the Authentication area, expand Java Authentication and Authorization Service and click J2C authentication data.
- Click New and then enter an alias name,
user ID, and password.Notes:
- dsx-admin: If you use single sign-on, specify a user ID that is present in the corporate directory and not only in WebSphere® Identity Manager.
- search-admin: Specify an alias with the syntax: searchapplication_nameAlias where application_name is the name of the application for which you want to create the alias. For example: searchBlogsAlias.
- widget-admin: Specify an alias name with the syntax: widgetapplication_nameAlias where application_name is the name of the application for which you want to create the alias. For example: widgetActivitiesAlias.
- Click OK and then click Save
- Repeat steps c to d for each new role that you want to create.
- Save your changes.
- Specify a different system-level user ID for the connectionsBus
role:
- From the WebSphere® Application Server Integrated Solutions Console, select .
- Click the bus to which you want to map a different user ID. Note: All HCL Connections buses have names that begin with Connections.
- Click .
- Delete the existing user ID by selecting the check box next to the user ID and clicking Delete.
- To add the new user ID, click New, select User name, and then type the name of the new user ID.
- Click OK.
- Repeat steps b to f for each bus.
- Save the changes.
- Specify a different system-level user ID for the dsx-admin,
search-admin, or widget-admin roles:
- Map the user in the alias to the role:Attention: For Activities, you must map the account that you are mapping to the widget-admin role to the person role as well.
- From the WebSphere® Application Server Integrated Solutions Console, expand and then select WebSphere enterprise applications. Find and click the link to the application that you want to configure.
- Click Security role to user/group mapping. Find the role that you created in the Role column and then click Map users or Map groups.
- In the Search String box, type the name of the user or group you would like to assign to this role and then click Search. If the user or group exists in the directory, it is displayed in the Available list.
- Select the user or group name from the Available box and then move it into the Selected column.
- Repeat steps i and j to add extra users or groups.
- Repeat steps f through k to define access levels and assign people to any other aliases that you created.
- Click OK.
- Click OK and then click Save to save the changes.
- (widget-admin role only) Edit the widget-config.xml file
for each application that is affected:Note: Check out each file by using the wsadmin client and the Jython script interpreter. For more information about checking out files, see the Starting the wsadmin client and Applying common configuration property changes topics.
- From the profile_root\config\cells\cellName\LotusConnections-config directory, open the widget-config.xml file in a text editor.
- Change the remoteHandlerAuthenticationAlias attribute in the lifecycle element for the widgetDef (widget definition) that corresponds to the application. Replace the current value with the name of the alias that you created. Include the full name of the alias, including the node name prefix, if it is present.
- Repeat the previous step for each application for which you defined a new alias.
- Save the widget-config.xml file.
- (dsx-admin role only) Update the value of the corresponding
attributes in the LotusConnections-config.xml file.
To do so, start the wsadmin client, and then complete the following
steps:
- Restart the application servers that host the applications for which you created user roles.