IBM Enterprise Records, Version 5.1.+              

Optionally adding support for SSO (WebSphere and WebLogic)

If you are using a WebSphere or WebLogic application server and your Application Engine or Workplace XT has been configured for Single Sign On (SSO), perform the following procedure to enable SSO for your IBM® Enterprise Records web application by updating its web.xml file.

  1. Make a backup copy of the web.xml file. The default file location is: ier_install_path/RecordsManager/WEB-INF/web.xml
  2. Edit the web.xml file.
    1. Set the parameter perimeterChallengeMode to true, as in the following example:
      <init-param>
        <param-name>perimeterChallengeMode</param-name>
        <param-value>true</param-value>
      </init-param>
    2. As needed, set the ssoProxyContextPath, ssoProxyHost, ssoProxyPort, and ssoProxySSLPort parameters. These parameter values are used to modify one or more elements of the native URL that IBM Enterprise Records sees on a request. Wherever the value of an SSO proxy host element in the URL request is different from the equivalent information for the host where the IBM Enterprise Records web application is deployed, you must set the corresponding sso* parameter for that element in the URL to the value for the SSO proxy host. The default settings are:
      <init-param>
        <param-name>ssoProxyContextPath</param-name>
        <param-value></param-value>
      </init-param>
      <init-param>
        <param-name>ssoProxyHost</param-name>
        <param-value></param-value>
      </init-param>
      <init-param>
        <param-name>ssoProxyPort</param-name>
        <param-value></param-value>
      </init-param>
      <init-param>
        <param-name>ssoProxySSLPort</param-name>
        <param-value></param-value>
      </init-param>
      In general, the init parameters above should be configured as in the following sections:
      ssoProxyContextPath
      Set the value to the context path of the SSO proxy host URL. This is the path portion of the URL that appears after the server name, which represents top-level access to the IBM Enterprise Records application. For example, if the IBM Enterprise Records deploy host URL is http://deploy_server:port#/EnterpriseRecords and the SSO proxy host URL is http://sso_proxy_server.domain.com/fn/EnterpriseRecords, then use the following strings:
      <param-name>ssoProxyContextPath</param-name>
      <param-value>/fn/EnterpriseRecords</param-value>
      ssoProxyHost
      Set the value to the SSO proxy host server name. Typically, this is a full domain-qualified hostname. For example, if the host URL where IBM Enterprise Records is deployed is http://deploy_server/EnterpriseRecords and the corresponding SSO proxy host URL is http://sso_proxy_server/EnterpriseRecords, then use the following strings:
      <param-name>ssoProxyHost</param-name>
      <param-value>sso_proxy_server</param-value>
      ssoProxyPort
      Set the value to the http port on the SSO proxy host. For example:
      <param-name>ssoProxyPort</param-name>
      <param-value>80</param-value>
      ssoProxySSLPort
      Set the value to the http port on the SSO proxy host. For example:
      <param-name>ssoProxyPort</param-name>
      <param-value>80</param-value>
      ssoProxySSLPort
      Set the value to the HTTPS port on the SSO proxy host, if defined and/or used to access IBM Enterprise Records pages. For example:
      <param-name>ssoProxySSLPort</param-name>
      <param-value>443</param-value>
  3. Comment out the <login-config> block located at the end of the web.xml file. This block is not used in an SSO environment.
  4. Save your changes to web.xml and close the file.


Feedback

Last updated: August 2011


© Copyright IBM Corporation 2011.
This information center is powered by Eclipse technology. (http://www.eclipse.org)