If you plan to use Workplace XT in
an SSO environment, you must edit the web.xml file
to create the appropriate settings.
SSO in an IBM® Tivoli® Access Manager environment
might require additional configuration in WebSphere® Application
Server. For more details, see
your IBM product documentation.
For
more detail regarding configuring SSO for
Workplace XT refer to the following
technote:
To edit web.xml for SSO:
- Make a backup copy of web.xml.
install_path/IBM/FileNet/WebClient/WorkplaceXT/WEB-INF/web.xml
- Open web.xml for editing.
- Ensure that the challengeProxyEnabled parameter
is set to false, as in the following example:
<init-param>
<!--
Set this parameter to false if deployment is on WebSphere 6, and see the
commented out sections at the bottom of this file for additional
configuration adjustments.
-->
<param-name>challengeProxyEnabled</param-name>
<param-value>false</param-value>
</init-param>
- Set the perimeterChallengeMode parameter
to true, as in the following example:
<init-param>
<param-name>perimeterChallengeMode</param-name>
<param-value>true</param-value>
</init-param>
- Add the following security role element just after the security-constraint section:
</security-constraint>
- <!-- add login-config element
-->
<security-role>
<description>everyone</description>
<role-name>everyone</role-name>
</security-role>
- At the end of web.xml, comment out
the <login-config> element, as follows:
<!--
<login-config>
<auth-method>FORM</auth-method>
<realm-name>AE Workplace</realm-name>
<form-login-config>
<form-login-page>/ContainerLogin.jsp</form-login-page>
<form-error-page>/ContainerError.jsp</form-error-page>
</form-login-config>
</login-config>
-->
- Add the following entry:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
- As needed, set the ssoProxyContextPath, ssoProxyHost, ssoProxyPort,
and ssoProxySSLPort parameters. These
parameter values are used to modify one or more elements of the native
URL that Workplace XT sees
on a request. Wherever the value of an SSO proxy host element in the
URL request is different from the equivalent information for the host
where Workplace XT is deployed,
then you must set the corresponding sso* parameter for that element
in the URL to the value for the SSO proxy host in your environment.
The following settings are an example of the default settings:
<init-param>
<param-name>ssoProxyContextPath</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>ssoProxyHost</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>ssoProxyPort</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>ssoProxySSLPort</param-name>
<param-value></param-value>
</init-param>
In general, the
init parameters
above must be configured as follows:
- ssoProxyContextPath: Set the value to the
context path of the SSO proxy host URL. This is the path portion of
the URL that appears after the server name, and which represents top-level
access to the Workplace XT application.
For example, if the Workplace XT deploy
host URL is
http://deploy_server:2809/WorkplaceXT
and
the SSO proxy host URL is http://sso_proxy_server.domain.com/WorkplaceXT
then
use the following:<param-name>ssoProxyContextPath</param-name>
<param-value></param-value>
- ssoProxyHost: Set the value to the SSO proxy
host server name. Typically, this will be a full domain-qualified
hostname. For example, if the host URL where Workplace XT is deployed is
http://deploy_server/WorkplaceXT
and
the corresponding SSO proxy host URL is http://sso_proxy_server/WorkplaceXT
then
use the following:<param-name>ssoProxyHost</param-name>
<param-value>sso_proxy_server</param-value>
- ssoProxyPort: Set the value to the HTTP port
on the SSO proxy host. For example:
<param-name>ssoProxyPort</param-name>
<param-value>80</param-value>
- ssoProxySSLPort: Set the value to the HTTP
port on the SSO proxy host, if defined or used to access Workplace XT pages. For example:
<param-name>ssoProxySSLPort</param-name>
<param-value>443</param-value>
- Save your changes to web.xml and close
the file.