IBM Enterprise Records, Version 5.1.2   

Optionally adding support for SSO (WebSphere and WebLogic)

If you are using a WebSphere or WebLogic application server and your Application Engine or Workplace XTis configured for single sign-on (SSO), enable SSO.

About this task

Perform the following procedure to enable SSO for your IBM® Enterprise Records web application by updating its web.xml file.

Procedure

To enable SSO:

  1. Make a backup copy of the web.xml file. The default file location is: ier_install_path/RecordsManager/WEB-INF/web.xml
  2. Edit the web.xml file.
    1. Set the parameter perimeterChallengeMode to true, as in the following example:
      <init-param>
        <param-name>perimeterChallengeMode</param-name>
        <param-value>true</param-value>
      </init-param>
    2. As needed, set the ssoProxyContextPath, ssoProxyHost, ssoProxyPort, and ssoProxySSLPort parameters. These parameter values are used to modify one or more elements of the native URL that IBM Enterprise Records sees on a request. Where the value of an SSO proxy host element in the URL request is different from the equivalent information for the host of the IBM Enterprise Records web application, set the corresponding sso* parameter for that element. Set the value in the URL to the value for the SSO proxy host. The default settings are:
      <init-param>
        <param-name>ssoProxyContextPath</param-name>
        <param-value></param-value>
      </init-param>
      <init-param>
        <param-name>ssoProxyHost</param-name>
        <param-value></param-value>
      </init-param>
      <init-param>
        <param-name>ssoProxyPort</param-name>
        <param-value></param-value>
      </init-param>
      <init-param>
        <param-name>ssoProxySSLPort</param-name>
        <param-value></param-value>
      </init-param>
      In general, configure the initialization parameters shown in the earlier example as shown in the following sections:
      ssoProxyContextPath
      Set the value to the context path of the SSO proxy host URL. This value is the path portion of the URL that displays after the server name, which represents top-level access to the IBM Enterprise Records application. For example, if the IBM Enterprise Records deployment host URL is http://deploy_server:port#/EnterpriseRecords and the SSO proxy host URL is http://sso_proxy_server.domain.com/fn/EnterpriseRecords, then use the following strings:
      <param-name>ssoProxyContextPath</param-name>
      <param-value>/fn/EnterpriseRecords</param-value>
      ssoProxyHost
      Set the value to the SSO proxy host server name. Typically, this value is a full domain-qualified host name. For example, if the host URL where IBM Enterprise Records is deployed is http://deploy_server/EnterpriseRecords and the corresponding SSO proxy host URL is http://sso_proxy_server/EnterpriseRecords, then use the following strings:
      <param-name>ssoProxyHost</param-name>
      <param-value>sso_proxy_server</param-value>
      ssoProxyPort
      Set the value to the http port on the SSO proxy host. For example:
      <param-name>ssoProxyPort</param-name>
      <param-value>80</param-value>
      ssoProxySSLPort
      Set the value to the http port on the SSO proxy host. For example:
      <param-name>ssoProxyPort</param-name>
      <param-value>80</param-value>
      ssoProxySSLPort
      Set the value to the HTTPS port on the SSO proxy host, if defined or used to access IBM Enterprise Records pages. For example:
      <param-name>ssoProxySSLPort</param-name>
      <param-value>443</param-value>
  3. Comment out the <login-config> block at the end of the web.xml file. This block is not used in an SSO environment.
  4. Save your changes to web.xml and close the file.


Feedback

Last updated: November 2013
frmin001.htm

© Copyright IBM Corporation 2013