If you are using a WebSphere application server and your Application Engine or Workplace XT has been configured for
Single Sign On (SSO), perform the following procedure to enable SSO
for your InfoSphere™ Enterprise
Records web
application by updating its web.xml file.
- Make a backup copy of the web.xml file. The default file location is: <RM_install_path>/FileNet/RM/
RecordsManager /WEB-INF/web.xml
- Edit the web.xml file.
- Set the parameter perimeterChallengeMode to
true, as in:
<init-param>
<param-name>perimeterChallengeMode</param-name>
<param-value>true</param-value>
</init-param>
- As needed, set the ssoProxyContextPath, ssoProxyHost, ssoProxyPort,
and ssoProxySSLPort parameters. These
parameter values are used to modify one or more elements of the native
URL that InfoSphere Enterprise
Records sees
on a request. Wherever the value of an SSO proxy host element in the
URL request is different from the equivalent information for the host
where the InfoSphere Enterprise
Records web
application is deployed, you must set the corresponding sso* parameter
for that element in the URL to the value for the SSO proxy host. The
default settings are:
<init-param>
<param-name>ssoProxyContextPath</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>ssoProxyHost</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>ssoProxyPort</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>ssoProxySSLPort</param-name>
<param-value></param-value>
</init-param>
In general, the init parameters above
should be configured as follows:- ssoProxyContextPath
- Set the value to the context path of the SSO proxy host URL. This
is the path portion of the URL that appears after the server name,
which represents top-level access to the InfoSphere Enterprise
Records application. For example,
if the InfoSphere Enterprise
Records deploy
host URL is http://deploy_server:port#/RecordsManager and
the SSO proxy host URL is http://sso_proxy_server.domain.com/fn/RecordsManager,
then use the following:
<param-name>ssoProxyContextPath</param-name>
<param-value>/fn/RecordsManager</param-value>
- ssoProxyHost
- Set the value to the SSO proxy host server name. Typically, this
is a full domain-qualified hostname. For example, if the host URL
where InfoSphere Enterprise
Records is deployed
is http://deploy_server/RecordsManager and the corresponding
SSO proxy host URL is http://sso_proxy_server/RecordsManager,
then use the following:
<param-name>ssoProxyHost</param-name>
<param-value>sso_proxy_server</param-value>
- ssoProxyPort
- Set the value to the http port on the SSO proxy host. For example:
<param-name>ssoProxyPort</param-name>
<param-value>80</param-value>
- ssoProxySSLPort
- Set the value to the http port on the SSO proxy host. For example:
<param-name>ssoProxyPort</param-name>
<param-value>80</param-value>
- ssoProxySSLPort
- Set the value to the HTTPS port on the SSO proxy host, if defined
and/or used to access InfoSphere Enterprise
Records pages.
For example:
<param-name>ssoProxySSLPort</param-name>
<param-value>443</param-value>
- Comment out the <login-config> block
located at the end of the web.xml file. This
block is not used in an SSO environment.
- Save your changes to web.xml and close
the file.