Enabling federated security is part of many environment setups.
Note: If you encounter a failure during the configuration process, determine
whether you can run the step again, skip the step, or if you must
clean up the step. For some failed steps, learn how to correct the
issue and recover from the failure.
Each potential step in the configuration is included. Because the steps vary
depending on your selections, the steps are not numbered. Find the step that
failed to learn more about correcting and recovering from the failure. If
you need to change a value that you entered in the wizard, then you must run
the configuration again.
Tip: If you must go through the wizard again, download the wizard
selections that you made to save time. Then, cancel the configuration. Start
the process over and upload your saved selections. Correct or enter values
for the parameters that caused the failure.
Attention: The Enable Federated Security option modifies the
wimconfig.xml file. Make a backup copy of this
file before you run any of the configuration
tasks.
wp_profile_root/config/cells/CellName/wim/config/wimconfig.xml
Manual Step: Retrieve the SSL certificate from the SSL port
About this task:Table 1. Appropriate actions for step: Manual Step:
Retrieve the SSL certificate from the SSL
portIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run the step again |
Not applicable |
| Skip the step |
Yes, if you completed this
manual step successfully, you can skip the step in
subsequent configuration attempts |
| Clean up step |
None required |
Create a backup of the HCL Portal profile before modifying cell
security
About this task:
| Actions |
Notes |
| Run step again |
You can run the step
repeatedly without causing any harm. |
| Skip step |
If this step is successful,
you can skip it if you run the configuration
process again. |
| Clean up step |
None required |
Validate your LDAP server settings
During this step, the wizard attempts to connect to your LDAP server and
authenticate by using the provided credentials and LDAP information.
About this task:Table 2. Appropriate actions for step: Validate your LDAP
server settingsIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run step again |
You can run the step
repeatedly without causing any harm. |
| Skip step |
If this step is successful,
you can skip it if you run the configuration
process again. |
| Clean up step |
None required |
Verify that the values used to connect with the LDAP were entered
correctly. Click View Step Command to see
which values are used.
Add an LDAP user registry to the default federated repository
During this step, the wizard attempts to add your LDAP to the federated
repository. This step uses the same parameters as the step that
validates the LDAP server settings.
About this task:Table 3. Appropriate actions for step: Add an LDAP user
registry to the default federated
repositoryIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run step again |
You can run the step
repeatedly without causing any harm. |
| Skip step |
If this step is successful,
you can skip it if you run the configuration
process again. |
| Clean up step |
Complete the following steps
from the WebSphere® Integrated
Solutions Console to remove the configured
repository:
- Go to .
- Remove the repository from the realm.
- Go to Manage
repositories and delete the repository
configuration.
|
Register the WebSphere Application Server scheduler tasks
About this task:Table 4. Appropriate actions for step: Register the
WebSphere Application Server scheduler
tasksIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run step again |
You can run this step again
after you clean up the issue. |
| Skip step |
If this step is successful,
you can skip it if you run the configuration
process again. |
| Clean up step |
Log in to the WebSphere®
Integrated Solutions Console. Go to and delete the
WPSTaskScheduler. If this
task fails because of the administrator ID, change
the federated.ldap.bindDN and optionally
the newAdminId
value. These values must be unique. Then, rerun
this task. If this action does not resolve the
issue, run the wp-change-portal-admin-user and
wp-change-was-admin-user tasks. These
tasks change the PortalAdminId and WasUserId so that the
file system administrators are different from the
LDAP users. |
Replace the file-based HCL Digital Experience and WebSphere
Application Server users and groups with users and groups from your
LDAP server
During this step, the wizard attempts to configure the portal to use the
administrative user and user group that is stored in your LDAP
server. The administrative ID and group must exist in your LDAP
server. If the ID and group do not exist, create them and try the
step again.
About this task:Table 5. Appropriate actions for step: Replace the
file-based HCL Digital Experience and WebSphere
Application Server users and groups with users and
groups from your LDAP serverIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run step again |
You can run the step
repeatedly without causing any harm. |
| Skip step |
If this step is successful,
you can skip it if you run the configuration
process again. |
| Clean up step |
You can log in to the
WebSphere® Integrated Solutions Console.
However, the portal administrative user does not
work as expected. You do not need to deactivate
security with the file-based repository.If the
WebSphere® Application Server
administrative user is not functional, it is
likely that the WebSphere® Integrated
Solutions Console is not accessible. If you
cannot log in to the WebSphere® Integrated
Solutions Console, disable security in the
security.xml
file in the wp_profile_root/config/cells/cellname
directory. Restart WebSphere® Application
Server and log in. Then, complete the
following steps:
- Go to .
- Validate the current administrative user ID or
set a new user.
- Go to .
- Validate the values for the administrative
users and groups of the different domains. If
necessary, update the values to a valid user.
Valid users: To find valid
users, go to to search for valid
users.
|
Update the user registry where new users and groups are
stored
About this task:Table 6. Appropriate actions for step: Update the user
registry where new users and groups are
storedIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run step again |
You can run the step
repeatedly without causing any harm. |
| Skip step |
If the current user
repository is correct for new users and groups,
you can skip this step. |
| Clean up step |
Complete the following steps
from the WebSphere® Integrated
Solutions Console to change the
repository:
- Go to .
- Click one of the following options to edit the
Base Entry for the Default
Parent to the specific Base Entry for
your target repository:
- Group
- OrgContainer
- PersonAccount
|
Recycle the servers after a security change
During this step, the wizard stops and starts the portal server.
About this task:Table 7. Appropriate actions for step: Recycle the servers
after a security changeIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run step again |
Yes, run this step again
under the following conditions.
- If this step fails, run the step again.
- If you are running the configuration again.
|
| Skip step |
If you are running the
configuration again, you can skip this step only
if you skipped all the previous steps. |
| Clean up step |
None required |
Update the search administration user
The wizard updates the user ID that is used to manage the search
collections.
About this task:Table 8. Appropriate actions for step: Update the search
administration userIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run step again |
Yes, run this step again under the following
conditions.
- If this step fails, run the step again.
- If you are running the configuration again.
|
| Skip step |
If you are running the
configuration again, you can skip this step only
if you skipped all the previous steps. |
| Clean up step |
Log in to the WebSphere®
Integrated Solutions Console. Go to . Change the user ID and password
for the SearchAdminUser and
the alias. |
After you change the security model, the servers need to be
restarted
During this step, the wizard stops and starts the portal server.
About this task:Table 9. Appropriate actions for step: After you change
the security model, the servers need to be
restartedIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run step again |
Yes, run this step again
under the following conditions.
- If this step fails, run the step again.
- If you are running the configuration again.
|
| Skip step |
If you are running the
configuration again, you can skip this step only
if you skipped all the previous steps. |
| Clean up step |
None required |
Verify that all defined attributes are available in the configured
LDAP user registry
About this task:Table 10. Appropriate actions for step: Verify that all
defined attributes are available in the configured
LDAP user registryIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run step again |
Yes, run this step again
under the following conditions:
- If this step fails, run the step again.
- If you are running the configuration again.
|
| Skip step |
If you are running the
configuration again, you can skip this step if
both of the following conditions are true:
- The step completed successfully before
- You did not change any attributes when you
corrected other failures
|
| Clean up step |
None required |
Manual Step: Update the appropriate MemberFixerModule.properties file with the
values for your LDAP users
About this task:Table 11. Appropriate actions for step: Manual Step: Update
the appropriate MemberFixerModule.properties file with
the values for your LDAP usersIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run step again |
Not applicable |
| Skip step |
Yes, if you previously
modified the properties file, you can skip this
step. |
| Clean up step |
None required |
Run the member fixer tool
During this step, the wizard runs the member fixer tool to clean up the
entries in the portal server.
About this task:Table 12. Appropriate actions for step: Run the member
fixer toolIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run step again |
Yes, run this step again
under the following conditions.
- If this step fails, run the step again.
- If you are running the configuration again.
|
| Skip step |
If you are running the
configuration again, you can skip this step only
if you skipped all the previous steps. |
| Clean up step |
None required |
Manual Step: Map attributes to ensure proper communication between
HCL Digital Experience and the LDAP server
About this task:Table 13. Appropriate actions for step: Manual Step: Map
attributes to ensure proper communication between
HCL Digital Experience and the LDAP
serverIf you must run a configuration again, the table helps
you determine what actions are appropriate.
| Actions |
Notes |
| Run step again |
Not applicable |
| Skip step |
If you successfully
completed the step before, then skip this step.
|
| Clean up step |
None required |