You can use SSO with a proxy server in your Application Engine environment. To enable this optional approach, edit the web.xml file on the WebSphere® Application Server.
AE_install_path/Workplace/WEB-INF/web.xml
<param-name>challengeProxyEnabled</param-name>
<param-value> false </param-value>
<web-resource-collection> <web-resource-name>action</web-resource-name> <description>Define thecontainer secured resource</description> <url-pattern>/containerSecured/*</url-pattern> <!-- Uncomment this section if all resources that require credentials must be secured in order to obtain a secured Thread. If using WebSphere, this section must be uncommented. --> Move this commenting tag here from just before the </web-resource- collection> closing tag below. <url-pattern>/containerSecured/*</url-pattern> <url-pattern>/</url-pattern> <url-pattern>/author/*</url-pattern> <url-pattern>/Browse.jsp</url-pattern> <url-pattern>/eprocess/*</url-pattern> <url-pattern>/Favorites.jsp</url-pattern> <url-pattern>/GetPortalSitePreferences.jsp</url-pattern> <url-pattern>/GetTokenSignIn.jsp</url-pattern> <url-pattern>/GetUserInformation.jsp</url-pattern> <url-pattern>/GetUserToken.jsp</url-pattern> <url-pattern>/HomePage.jsp</url-pattern> <url-pattern>/IntegrationWebBasedHelp.jsp</url-pattern> <url-pattern>/is/*</url-pattern> <url-pattern>/operations/*</url-pattern> <url-pattern>/properties/*</url-pattern> <url-pattern>/redirect/*</url-pattern> <url-pattern>/regions/*</url-pattern> <url-pattern>/Search.jsp</url-pattern> <url-pattern>/select/*</url-pattern> <url-pattern>/SelectReturn.jsp</url-pattern> <url-pattern>/Tasks.jsp</url-pattern> <url-pattern>/UI-INF/*</url-pattern> <url-pattern>/utils/*</url-pattern> <url-pattern>/WcmAdmin.jsp</url-pattern> <url-pattern>/WcmAuthor.jsp</url-pattern> <url-pattern>/WcmBootstrap.jsp</url-pattern> <url-pattern>/WcmCloseWindow.jsp</url-pattern> <url-pattern>/WcmDefault.jsp</url-pattern> <url-pattern>/WcmError.jsp</url-pattern> <url-pattern>/WcmJavaViewer.jsp</url-pattern> <url-pattern>/WcmObjectBookmark.jsp</url-pattern> <url-pattern>/WcmQueueBookmark.jsp</url-pattern> <url-pattern>/WcmSignIn.jsp</url-pattern> <url-pattern>/WcmSitePreferences.jsp</url-pattern> <url-pattern>/WcmUserPreferences.jsp</url-pattern> <url-pattern>/WcmWorkflowsBookmark.jsp</url-pattern> <url-pattern>/wizards/*</url-pattern> <url-pattern>/Author/*</url-pattern> <url-pattern>/axis/*.jws</url-pattern> <url-pattern>/Browse/*</url-pattern> <url-pattern>/ceTunnel</url-pattern> <url-pattern>/CheckoutList/*</url-pattern> <url-pattern>/downloadMultiTransferElement/*</url-pattern> <url-pattern>/ExternalUrl/*</url-pattern> <url-pattern>/findRecordTarget</url-pattern> <url-pattern>/formCallback/*</url-pattern> <url-pattern>/getAnnotSecurity/*</url-pattern> <url-pattern>/getCEAnnotations/*</url-pattern> <url-pattern>/getContent/*</url-pattern> <url-pattern>/getForm/*</url-pattern> <url-pattern>/getISAnnotations/*</url-pattern> <url-pattern>/getISAnnotSecurity/*</url-pattern> <url-pattern>/getISContent/*</url-pattern> <url-pattern>/getMultiContent/*</url-pattern> <url-pattern>/getPreview</url-pattern> <url-pattern>/getProcessor/*</url-pattern> <url-pattern>/getRealms/*</url-pattern> <url-pattern>/getUsersGroups/*</url-pattern> <url-pattern>/Inbox/*</url-pattern> <url-pattern>/integrationCommandProxy</url-pattern> <url-pattern>/integrationResponse</url-pattern> <url-pattern>/integrationResponseProxy</url-pattern> <url-pattern>/integrationWebBasedCommand</url-pattern> <url-pattern>/keepAlive</url-pattern> <url-pattern>/launch/*</url-pattern> <url-pattern>/PublicQueue/*</url-pattern> <url-pattern>/putContent/*</url-pattern> <url-pattern>/QuickSearch/*</url-pattern> <url-pattern>/signingServlet/*</url-pattern> <url-pattern>/transport/*</url-pattern> <url-pattern>/upload/*</url-pattern> <url-pattern>/vwsimsoapservlet</url-pattern> <url-pattern>/vwsoaprouter</url-pattern> <url-pattern>/Workflows/*</url-pattern> Move the closing comment tag from here to the location indicated at the beginning of this example. </web-resource-collection>
<auth-constraint> <!-- <role-name>*</role-name> --> <!-- For WebSphere 6, use the role-name line below instead of the wildcard role above. --> <role-name>All Authenticated</role-name> <!-- For WebSphere 6, add this security-role element below the login-config element (below). <security-role> <description>All Authenticated</description> <role-name>All Authenticated</role-name> </security-role> --> </auth-constraint>
<security-role> <description>All Authenticated</description> <role-name>All Authenticated</role-name> </security-role>
<security-constraint> <web-resource-collection> <web-resource-name>action</web-resource-name> <description>Define the non-secured resource</description> <url-pattern>/P8BPMWSBroker/*</url-pattern> </web-resource-collection> </security-constraint>
<!-- <login-config> <auth-method>FORM</auth-method> <realm-name>AE Workplace</realm-name> <form-login-config> <form-login-page>/ContainerLogin.jsp</form-login-page> <form-error-page>/ContainerError.jsp</form-error-page> </form-login-config> </login-config> -->
These parameter values are used to modify one or more elements of the native URL that Workplace sees on a request. Wherever the value of an SSO proxy host element in the URL request is different from the equivalent information for the host where Workplace is deployed, you must set the corresponding SSO <proxy host element> parameter for that element in the URL to the value for the SSO proxy host.
<init-param> <param-name>ssoProxyContextPath</param-name> <param-value></param-value> </init-param> <init-param> <param-name>ssoProxyHost</param-name> <param-value></param-value> </init-param> <init-param> <param-name>ssoProxyPort</param-name> <param-value></param-value> </init-param> <init-param> <param-name>ssoProxySSLPort</param-name> <param-value></param-value> </init-param>
<param-name>ssoProxyContextPath</param-name> <param-value>/Workplace</param-value>
<param-name>ssoProxyHost</param-name> <param-value>sso_proxy_server</param-value>
<param-name>ssoProxyPort</param-name> <param-value>80</param-value>
<param-name>ssoProxySSLPort</param-name> <param-value>443</param-value>