FileNet P8 Workplace XT, Version 1.1.5       Application server:  WebSphere Application Server     

Editing web.xml for Single Sign On (SSO) on WebSphere Application Server

If you plan to use Workplace XT in an SSO environment, you must edit the web.xml file to create the appropriate settings.

SSO in an IBM® Tivoli® Access Manager environment might require additional configuration in WebSphere® Application Server. For more details, see your IBM product documentation.

For more detail regarding configuring SSO for Workplace XT refer to the following technote:

To edit web.xml for SSO:

  1. Make a backup copy of web.xml.

    install_path/IBM/FileNet/WebClient/WorkplaceXT/WEB-INF/web.xml

  2. Open web.xml for editing.
  3. Ensure that the challengeProxyEnabled parameter is set to false, as in the following example:
    <init-param> 
    <!--
     Set this parameter to false if deployment is on WebSphere 6, and see the 
    commented out sections at the bottom of this file for additional 
    configuration adjustments.
    -->
    <param-name>challengeProxyEnabled</param-name>
    <param-value>false</param-value>
    </init-param>
  4. Set the perimeterChallengeMode parameter to true, as in the following example:
    <init-param>
    <param-name>perimeterChallengeMode</param-name>
    <param-value>true</param-value>
    </init-param>
  5. Add the following security role element just after the security-constraint section:
    </security-constraint>
    - <!-- add login-config element
     -->
    <security-role>
    <description>everyone</description>
    <role-name>everyone</role-name>
    </security-role>
  6. At the end of web.xml, comment out the <login-config> element, as follows:
    <!-- 
    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>AE Workplace</realm-name>
    <form-login-config>
    <form-login-page>/ContainerLogin.jsp</form-login-page>
    <form-error-page>/ContainerError.jsp</form-error-page>
    </form-login-config>
    </login-config>
    -->
  7. Add the following entry:
    <login-config>
    <auth-method>CLIENT-CERT</auth-method>
    </login-config>
  8. As needed, set the ssoProxyContextPath, ssoProxyHost, ssoProxyPort, and ssoProxySSLPort parameters. These parameter values are used to modify one or more elements of the native URL that Workplace XT sees on a request. Wherever the value of an SSO proxy host element in the URL request is different from the equivalent information for the host where Workplace XT is deployed, then you must set the corresponding sso* parameter for that element in the URL to the value for the SSO proxy host in your environment. The following settings are an example of the default settings:
    <init-param>
    <param-name>ssoProxyContextPath</param-name>
    <param-value></param-value>
    </init-param>
    <init-param> 
    <param-name>ssoProxyHost</param-name>
    <param-value></param-value>
    </init-param>
    <init-param> 
    <param-name>ssoProxyPort</param-name>
    <param-value></param-value>
    </init-param>
    <init-param>
    <param-name>ssoProxySSLPort</param-name>
    <param-value></param-value>
    </init-param>
    In general, the init parameters above must be configured as follows:
    • ssoProxyContextPath: Set the value to the context path of the SSO proxy host URL. This is the path portion of the URL that appears after the server name, and which represents top-level access to the Workplace XT application. For example, if the Workplace XT deploy host URL is
      http://deploy_server:2809/WorkplaceXT
      and the SSO proxy host URL is
      http://sso_proxy_server.domain.com/WorkplaceXT
      then use the following:
      <param-name>ssoProxyContextPath</param-name>
      <param-value></param-value>
    • ssoProxyHost: Set the value to the SSO proxy host server name. Typically, this will be a full domain-qualified hostname. For example, if the host URL where Workplace XT is deployed is
      http://deploy_server/WorkplaceXT
      and the corresponding SSO proxy host URL is
      http://sso_proxy_server/WorkplaceXT
      then use the following:
      <param-name>ssoProxyHost</param-name>
      <param-value>sso_proxy_server</param-value>
    • ssoProxyPort: Set the value to the HTTP port on the SSO proxy host. For example:
      <param-name>ssoProxyPort</param-name>
      <param-value>80</param-value>
    • ssoProxySSLPort: Set the value to the HTTP port on the SSO proxy host, if defined or used to access Workplace XT pages. For example:
      <param-name>ssoProxySSLPort</param-name>
      <param-value>443</param-value>
  9. Save your changes to web.xml and close the file.


Feedback

Last updated: March 2013
wxtip017.htm

© Copyright IBM Corporation 2013.
This information center is powered by Eclipse technology. (http://www.eclipse.org)