To set up SSL redirect, enable SSL on the Web application
server, set your bootstrap preferences, update the base URL, and sign
out.
To set up SSL redirect:
- Enable SSL on the application server that runs Workplace XT. See your SSL
documentation for details.
- Optional: (WebSphere® Application
Server and JBoss Application Server only) If you have made
custom changes to your web.xml file, copy the web.xml file
from the deploy location back into the install location, install_path/IBM/FileNet/WebClient/WorkplaceXT/WEB_INF,
before editing for SSL redirect.
Option |
Description |
WebSphere Application
Server |
WAS_HOME/profiles/default/installedApps/node_name/WorkplaceXT.ear/web_client.war |
JBoss Application Server |
JBOSS_HOME/server/server_name/deploy/application_name.war
or .ear |
- Create a backup copy of your web.xml file.
- (WebSphere Application
Server only)
Modify the web.xml file in the install_path/IBM/FileNet/WebClient/WorkplaceXT/WEB_INF directory:
- Copy the <security_constraint> section
from your file (not from this document) and paste the new copied section
directly after the original.
- Make changes to the newly inserted <security_constraint> section
as follows (changes in bold):
Change from
<security-constraint>
<web-resource-collection>
<web-resource-name>action</web-resource-name>
<description>Define the container secured resource</description>
<url-pattern>/</url-pattern>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>All Authenticated</role-name>
</auth-constraint>
<user-data-constraint>
<description>User data constraints</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
to
<security-constraint>
<web-resource-collection>
<web-resource-name>action</web-resource-name>
<description>Define the container secured resource</description>
<url-pattern>/ ContainerLogin.jsp </url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>All Authenticated</role-name>
</auth-constraint>
<user-data-constraint>
<description>User data constraints</description>
<transport-guarantee> CONFIDENTIAL </transport-guarantee>
</user-data-constraint>
</security-constraint>
The change also removes
the second occurrence of this line:
<url-pattern>/*</url-pattern>
- Save your changes to the web.xml file.
- (WebLogic Server and JBoss Application Server only) Modify the web.xml file
in the install_path/IBM/FileNet/WebClient/WorkplaceXT/WEB_INF directory:
- In the <security_constraint> section,
change the parameter, as follows, from
<user-data-constraint>
<description>User data constraints</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
to
<user-data-constraint>
<description>User data constraints</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
- Save your changes to the web.xml file.
- Create your deployment files.
- (If you deployed as a WAR file only), In the install_path/IBM/FileNet/WebClient/deploy directory,
run create_web_client_war.sh or .bat file.
- (If you deployed as an EAR file only), In the install_path/IBM/FileNet/WebClient/deploy directory,
run create_web_client_war.sh or .bat file,
then create_web_client_ear.sh or .bat file.
- Redeploy the application.
- Sign in to Workplace XT:
- On any computer, open a browser and type the following
URL address: http://WorkplaceXTServerName:port#/WorkplaceXT
- Sign in as a user with Application Engine Administrator
access role privileges. For more information, see the IBM® FileNet® P8 help topic .
- (Applies only when using Application Integration) Set bootstrap
preferences:
- Navigate to .
- Set the Security info Site Preference SSL
Host:Port to identify the alias host name and port number.
Use the IP address of the Workplace XT server for the SSL Host
entry.
For more information, see Setting the bootstrap properties on first login.
- Click Apply to save your bootstrap
settings.
- Update the base URL:
- Navigate to .
- Enter the Workplace XT Base
URL value in the provided field. The URL must contain a
valid host name, and not contain "localhost" or an IP number.
For example, http://WorkplaceXTServerName:port#/WorkplaceXT.
For
more information, see the IBM FileNet P8 help
topic .
- Click Refresh to update the base
URL.
- Click Exit to close Site Preferences.
- Sign out of Workplace XT,
and close your browser.
- Test the SSL connection by signing into Workplace XT using the following URL:
http://WorkplaceXTServerName:non-SSLport#/WorkplaceXT
The login is redirected to the SSL-enabled port, then back
to the non-SSL enabled port after login is complete. A warning displays
that you are accessing pages over a secure connection, unless you
turned this dialog box off, then Workplace XT will open.