If you are using a WebSphere or WebLogic application server
and your Application Engine or Workplace XTis configured for single
sign-on (SSO), enable SSO.
About this task
Perform the following procedure to enable SSO for your
IBM® Enterprise
Records web application by updating
its
web.xml file.
Procedure
To enable SSO:
- Make a backup copy of the web.xml file. The default file location is: ier_install_path/RecordsManager/WEB-INF/web.xml
- Edit the web.xml file.
- Set the parameter perimeterChallengeMode to true, as in the following example:
<init-param>
<param-name>perimeterChallengeMode</param-name>
<param-value>true</param-value>
</init-param>
- As needed, set the ssoProxyContextPath, ssoProxyHost, ssoProxyPort, and ssoProxySSLPort parameters. These parameter values are used to modify one or more elements of
the native URL that IBM Enterprise
Records sees on a request. Where the value of an SSO proxy host element
in the URL request is different from the equivalent information for
the host of the IBM Enterprise
Records web application, set the corresponding sso* parameter for that element. Set the value in the URL to the value
for the SSO proxy host. The default settings are:
<init-param>
<param-name>ssoProxyContextPath</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>ssoProxyHost</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>ssoProxyPort</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>ssoProxySSLPort</param-name>
<param-value></param-value>
</init-param>
In general, configure the initialization
parameters shown in the earlier example as shown in the following
sections:- ssoProxyContextPath
- Set the value to the context path of the SSO proxy host URL. This
value is the path portion of the URL that displays after the server
name, which represents top-level access to the IBM Enterprise
Records application. For example,
if the IBM Enterprise
Records deployment
host URL is http://deploy_server:port#/EnterpriseRecords and the SSO proxy host URL is http://sso_proxy_server.domain.com/fn/EnterpriseRecords, then use the following strings:
<param-name>ssoProxyContextPath</param-name>
<param-value>/fn/EnterpriseRecords</param-value>
- ssoProxyHost
- Set the value to the SSO proxy host server name. Typically, this
value is a full domain-qualified host name. For example, if the host
URL where IBM Enterprise
Records is
deployed is http://deploy_server/EnterpriseRecords and the corresponding SSO proxy host URL is http://sso_proxy_server/EnterpriseRecords, then use the following strings:
<param-name>ssoProxyHost</param-name>
<param-value>sso_proxy_server</param-value>
- ssoProxyPort
- Set the value to the http port on the SSO proxy host. For example:
<param-name>ssoProxyPort</param-name>
<param-value>80</param-value>
- ssoProxySSLPort
- Set the value to the http port on the SSO proxy host. For example:
<param-name>ssoProxyPort</param-name>
<param-value>80</param-value>
- ssoProxySSLPort
- Set the value to the HTTPS port on the SSO proxy host, if defined
or used to access IBM Enterprise
Records pages. For example:
<param-name>ssoProxySSLPort</param-name>
<param-value>443</param-value>
- Comment out the <login-config> block
at the end of the web.xml file. This block is
not used in an SSO environment.
- Save your changes to web.xml and close
the file.