Step of 9: Configure the Credential Mapper Servlet: Part I

Recall that Host On-Demand provides an out-of-the-box CMS for three network security applications:

• IBM Tivoli Access Manager for e-business V4.1
• Netegrity Siteminder V5.5
• Microsoft Active Directory (Windows Domain)
  

In this scenario, the administrator is using Tivoli Access Manager. If you have a different network security application, you will need to customize your own version of the CMS. For more information about how to do this, refer to Customizing Web Express Logon.

Take the following steps to begin configuring the CMS:

1. Locate the WAR file on the Host On-Demand V8 CD.
2. Copy the WAR file to your machine and view the contents.
3. Become familiar with the three default INIT parameters in the web.xml file.

1. Locate the WAR file on the Host On-Demand V8 CD.

The three CMS WAR files that correspond to the three supported network security applications are located in the cdimage\apps\wel subdirectory on the Host On-Demand V8 CD:

• IBM Tivoli Access Manager: amcms.war
• Netegrity Siteminder: smcms.war
• Microsoft Active Directory (Windows Domain): wincms.war

Since the administrator in this scenario is using Tivoli Access Manager, he chooses the amcms.war file.

Back to top

2. Copy the WAR file to your machine and view the contents.

Right-click the WAR file, and select Copy. Then paste it to a location on your local machine. Unzip the amcms.war file and views its contents. In addition to several CLASS files, the WAR file contains the following four files:

• web.xml
• DCAS.xml
• Vault.xml
• was.policy

The web.xml file is the servlet configuration file that you will edit in future steps. The other two XML files (DCAS.xml and Vault.xml) are sample files that Host On-Demand provides to help you better understand DCAS and Vault parameters and their values. These two XML files can also serve as a valuable reference when you edit the web.xml file. Finally, the was.policy file is for IBM WebSphere Application Server only. It contains the required permissions for the CMS when Java 2 security is enabled. For more information, refer to Troubleshooting Web Express Logon.

Back to top

3. Become familiar with the three default INIT parameters in the web.xml file.

In addition to the parameters needed for Host On-Demand to identify the CMS, the web.xml file for Tivoli Access Manager contains three default INIT parameters specifically coded to adapt the CMS to your environment.

• Network Security plug-in: The name of the parameter is CMPINetworkSecurity, and the parameter value is the full path name of the class that handles the CMS interface into the network security application, which is Tivoli Access Manager in this scenario.
  
  <init-param>
   <param-name>CMPINetworkSecurity</param-name>
   <param-value>com.ibm.eNetwork.security.sso.cms.CMNPIAccessManager</param-value>
</init-param>




The Network Security plug-in does not apply to Microsoft Active Directory XML file (wincms.xml) since the Windows login ID is used as the network ID.



• Host Credential Mapper (HCM) plug-in: The name of the parameter is CMPICredentialMappers, and the parameter value is a compound value that contains the list of all available HCMs, for example, CMPIDCASPlugin and CMPIVaultPlugin. Currently, the value is echo, but you will eventually replace this with the name of your HCM plug-in.
  
  <init-param>
   <param-name>CMPICredentialMappers</param-name>
   <param-value>echo</param-value>
</init-param>


• echo plug-in: The name of this INIT parameter (echo) is the same as the value for the HCM plug-in. In a future step, you will replace echo with the name of your HCM.
  
  Host On-Demand provides this optional echo plug-in in case you want to confirm that you are able to deploy the CMS correctly before you begin editing the web.xml file. For example, after you deploy your CMS to a Web server, you can test it by entering the following syntax in a PC's browser address bar: https://web_application_server_name/context_root/CredMapper, where web_application_server_name is the name of the Web application server, context_root is the name of the context root that you specified when deploying the CMS, and CredMapper is the name of the CMS itself.

  Some Web application server products allow you to deploy the servlet first and then edit the XML file. Other products, such as WebSphere Application Server V5, work best when you deploy the servlet after you edit the XML code. Refer to your product's documentation for details.

  
  <init-param>
   <param-name>echo</param-name>
   <param-value>com.ibm.eNetwork.security.sso.cms.CMPINetEcho,AuthType_All,*</param-value>
</init-param>


Back to top

Click Next to continue configuring the CMS.