FileNet P8 Workplace XT, Version 1.1.5              

Setting up SSL redirect on a single Workplace XT server

To set up SSL redirect, enable SSL on the Web application server, set your bootstrap preferences, update the base URL, and sign out.

To set up SSL redirect:
  1. Enable SSL on the application server that runs Workplace XT. See your SSL documentation for details.
  2. Optional: (WebSphere® Application Server and JBoss Application Server only) If you have made custom changes to your web.xml file, copy the web.xml file from the deploy location back into the install location, install_path/IBM/FileNet/WebClient/WorkplaceXT/WEB_INF, before editing for SSL redirect.
    Option Description
    WebSphere Application Server WAS_HOME/profiles/default/installedApps/node_name/WorkplaceXT.ear/web_client.war
    JBoss Application Server JBOSS_HOME/server/server_name/deploy/application_name.war or .ear
  3. Create a backup copy of your web.xml file.
  4. (WebSphere Application Server only) Modify the web.xml file in the install_path/IBM/FileNet/WebClient/WorkplaceXT/WEB_INF directory:
    1. Copy the <security_constraint> section from your file (not from this document) and paste the new copied section directly after the original.
    2. Make changes to the newly inserted <security_constraint> section as follows (changes in bold):

      Change from

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>action</web-resource-name>
      <description>Define the container secured resource</description>
      <url-pattern>/</url-pattern>
      <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>All Authenticated</role-name>
      </auth-constraint>
      <user-data-constraint>
      <description>User data constraints</description>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      to

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>action</web-resource-name>
      <description>Define the container secured resource</description>
      <url-pattern>/ ContainerLogin.jsp </url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>All Authenticated</role-name>
      </auth-constraint>
      <user-data-constraint>
      <description>User data constraints</description>
      <transport-guarantee> CONFIDENTIAL </transport-guarantee>
      </user-data-constraint>
      </security-constraint>
      The change also removes the second occurrence of this line:
      <url-pattern>/*</url-pattern>
    3. Save your changes to the web.xml file.
  5. (WebLogic Server and JBoss Application Server only) Modify the web.xml file in the install_path/IBM/FileNet/WebClient/WorkplaceXT/WEB_INF directory:
    1. In the <security_constraint> section, change the parameter, as follows, from
      <user-data-constraint>
      <description>User data constraints</description>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>

      to

      <user-data-constraint>
      <description>User data constraints</description>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
    2. Save your changes to the web.xml file.
  6. Create your deployment files.
    • (If you deployed as a WAR file only), In the install_path/IBM/FileNet/WebClient/deploy directory, run create_web_client_war.sh or .bat file.
    • (If you deployed as an EAR file only), In the install_path/IBM/FileNet/WebClient/deploy directory, run create_web_client_war.sh or .bat file, then create_web_client_ear.sh or .bat file.
  7. Redeploy the application.
  8. Sign in to Workplace XT:
    1. On any computer, open a browser and type the following URL address: http://WorkplaceXTServerName:port#/WorkplaceXT
    2. Sign in as a user with Application Engine Administrator access role privileges. For more information, see the IBM® FileNet® P8 help topic User Help > Actions, preferences, and tools > Site preferences > Access Roles preferences.
  9. (Applies only when using Application Integration) Set bootstrap preferences:
    1. Navigate to Tools > Administration > Site Preferences > Bootstrap.
    2. Set the Security info Site Preference SSL Host:Port to identify the alias host name and port number.

      Use the IP address of the Workplace XT server for the SSL Host entry.

      For more information, see Setting the bootstrap properties on first login.

    3. Click Apply to save your bootstrap settings.
  10. Update the base URL:
    1. Navigate to Tools > Administration > Site Preferences > Refresh.
    2. Enter the Workplace XT Base URL value in the provided field. The URL must contain a valid host name, and not contain "localhost" or an IP number. For example, http://WorkplaceXTServerName:port#/WorkplaceXT.

      For more information, see the IBM FileNet P8 help topic User Help > Actions, preferences, and tools > Site preferences > Refresh preferences.

    3. Click Refresh to update the base URL.
    4. Click Exit to close Site Preferences.
  11. Sign out of Workplace XT, and close your browser.
  12. Test the SSL connection by signing into Workplace XT using the following URL: http://WorkplaceXTServerName:non-SSLport#/WorkplaceXT

    The login is redirected to the SSL-enabled port, then back to the non-SSL enabled port after login is complete. A warning displays that you are accessing pages over a secure connection, unless you turned this dialog box off, then Workplace XT will open.



Feedback

Last updated: March 2013
wxtip054.htm

© Copyright IBM Corporation 2013.
This information center is powered by Eclipse technology. (http://www.eclipse.org)