Things to consider before configuring Commerce Enabled Portal on your WebSphere Commerce machine

After installing Commerce Enabled Portal on your WebSphere Commerce machine, you must configure Commerce Enabled Portal on your WebSphere Commerce machine.

Note: In order for Commerce Enabled Portal to work, you must complete installation and configuration on both the WebSphere Commerce node and the WebSphere Portal node. This chapter deals only with configuring Commerce Enabled Portal on WebSphere Commerce. For more information on the overall installation and configuration order, Installing and configuring Commerce Enabled Portal.

Prerequisites

Before configuring Commerce Enabled Portal on WebSphere Commerce, ensure you have completed the following:

  1. Meet the hardware and software requirements outlined in Pre-installation requirements.
  2. Although you are configuring on the WebSphere Commerce node, ensure that you have installed a WebSphere Portal Server and enabled LDAP on that server before continuing with the information in this chapter.
  3. Installed Commerce Enabled Portal on your WebSphere Commerce machine. For more information, see Installation steps.
  4. Ensure that an SSL certificate is set up on the HTTP server on the WebSphere Commerce machine. For more information, see Creating a new self-signed certificate for SSL and changing encryption. Then copy the certificate to the WebSphere Portal Server machine.
  5. Created a WebSphere Commerce instance on the WebSphere Commerce node. For more information, see the WebSphere Commerce Installation Guide. If you already have an existing WebSphere Commerce instance on the WebSphere Commerce node, you can choose to use that instance, or create a new one.
  6. AIXLinuxSun Solaris Operating EnvironmentWindows(Recommended) Started the database for the WebSphere Commerce node. For more information, see your database documentation.
  7. Ensure that the Web server is started. If you are using a Sun ONE Web server change the encryption to 40 bit. For more information, see Changing encryption.
    i5/OSEnsure that the Web server (for example, IBM HTTP Server) specific for your WebSphere Commerce instance is started.
  8. Map the WMM security roles to the application server security user, For example, uid=wpsbind,cn=users,dc=ibm,dc=com. Enable wmmApp. For more information, see your WebSphere Application Server documentation. There are 2 security roles for wmmApp. Map both to the LDAP Security User ID. Select Enterprise Applications>wmmApp>Map security roles to users/groups and do the following:
    • Select the check box for only Everyone security role.
    • Select the check box for only All authenticated.

    Important: If you can logon to WebSphere Application Server Administration Console using the LDAP Server User ID (for example, wpsbind) and password, your global security configuration is correct. After this, disable Websphere Application Server global security. For more information, see Disabling WebSphere Application Server security.
  9. Ensure that the LDAP server and database service specific to the LDAP server are started.
  10. If your LDAP server is SSL enabled, ensure that you have imported an SSL certificate from the LDAP server to the keystore on the WebSphere Application Server where WebSphere Commerce is running. For more information, see Setting up LDAP over SSL.
  11. If your WebSphere Commerce instance has not previously been configured with an LDAP server, but a site administrator user ID (for example, wcsadmin) exists on the LDAP server, delete the site administrator user ID on the LDAP server. You will be prompted to do so by configuration if you do not. When a user logs into WebSphere Commerce, WebSphere Commerce will synchronize the user IDs with the LDAP server. New user ID will be created if it does not exist on the LDAP server.
  12. If you have used non-default WebSphere Application Server keystore passwords, complete the following steps:

    Note: By default, Commerce Enabled Portal uses the default KeyStorePassword and TrusStorePassword. If you do not modify it, you can skip this step. For more information, see your WebSphere Application Server documentation.

    1. Open the following file in a text editor:
      WC_installdir/Portals/config/wpsconfig.properties
      
    2. Modify the KeyStorePassword= entry to match your password:
      KeyStorePassword=your_password
      
    3. Modify the TrustStorePassword= entry to match your password:
      TrustStorePassword=your_password
      
    4. Save the file and exit.

    Note: Ensure that you remove these passwords from the wpsconfig.properties file after you finish configuring your Commerce Enabled Portal machine.

Important issues to consider before configuring Commerce Enabled Portal on WebSphere Commerce

When you configure Commerce Enabled Portal on your WebSphere Commerce machine, the following occurs:

Enabling global security

When the WebSphere Application Server global security is enabled, all application servers require a user ID and password to stop the server. This user ID and password is specified in your authentication method settings (security user ID and password). As configuring Commerce Enabled Portal enables WebSphere Application Server global security, all applications affected by WebSphere Application Server will now require the security user ID and password you entered in the configuration steps, to stop the server.

Notes:

  1. The security user ID and password must exist on the LDAP server.
  2. If you experience problems with applications after enabling global security, ensure that you have assigned the security role correctly.

Multiple LDAP servers

Commerce Enabled Portal requires that both WebSphere Commerce and WebSphere Portal are configured with the same LDAP server.

If you already have an LDAP server configured with WebSphere Commerce and are adding WebSphere Portal, point WebSphere Portal to the existing LDAP server. Conversely, if you have an LDAP server configured with WebSphere Portal, point WebSphere Commerce to the existing LDAP server.

Lightweight Third Party Authentication (LTPA) and single sign on enablement

When you configure Commerce Enabled Portal on WebSphere Commerce, the LTPA token from the WebSphere Application Server is exported to the following file on the WebSphere Commerce machine:

When you install and configure Commerce Enabled Portal on WebSphere Portal you will manually copy the Miscellaneous folder from the WebSphere Commerce machine to the WebSphere Portal Server. Copy the Miscellaneous folder imports the LTPA token to the WebSphere Portal server.

However, if WebSphere Commerce is single sign on enabled with another application, you must manually import the LTPA token from the commerce server to the WebSphere Portal server. For more information, see the WebSphere Commerce information center, topic `Single sign-on.' If WebSphere Portal is single sign on enabled with another application, you must import the LTPA token from the WebSphere Portal server to the commerce server. For more information, see the WebSphere Portal information center.

If both WebSphere Commerce and WebSphere Portal are single sign on enabled with another application, see the WebSphere Application Server information center for instructions on chaining.

Changing WebSphere Commerce Payments before configuring

Before configuring Commerce Enabled Portal on WebSphere Commerce you must make the following changes to WebSphere Commerce Payments:

  1. Change the WebSphere Commerce Payments Administrator ID to match long DN of your commerce administrator as stored on your LDAP server.
    1. Open the following file in a text editor:
      1. AIXWC_installdir/instances/instance_name/xml/instance_name.xml
      2. i5/OSWC_userdir/instances/instance_name/xml/instance_name.xml
      3. LinuxWC_installdir/instances/instance_name/xml/instance_name.xml
      4. Sun Solaris Operating EnvironmentWC_installdir/instances/instance_name/xml/instance_name.xml
      5. WindowsWC_installdir/instances/instance_name/xml/instance_name.xml

      Note: For WebSphere Commerce Developer, open the file in WC_eardir/xml/config/wc-server.xml

    2. Locate the following text:
      PMAdminId="Site_Admin_ID"
      
      where Site_Admin_ID is the WebSphere Commerce Site Administrator ID.
    3. Change the text to:
      PMAdminId="Site_Admin_long_DN"
      
      where Site_Admin_long_DN is the full DN of the WebSphere Commerce Site Administrator ID,as it will exist on your LDAP server. Site_Admin_long_DN is composed of the site administrator user ID and the base distinguished name that you defined in . For IBM Directory Server,
      PMAdminId="uid=wcsadmin,dc=ibm,dc=com"
      
      . For IBM Lotus Domino Version 6 LDAP service
      PMAdminId="cn=wcsadmin,o=ibm"
      
  2. Stop WebSphere Commerce and WebSphere Commerce Payments.
  3. If you are using an Active Directory or Domino LDAP server, use the WebSphere Application Server Administration Console to manually add
     wpm_instance.LDAPUserIndicator 
    
    in the system properties.
    1. Start the WebSphere Application Server Administration Console.
    2. In the WebSphere Application Server Administration Console, select Servers >Application Servers > wpm_instance_Commerce_Payments_Server > Process Definition > Java Virtual Machine >Custom Properties, where
       wpm_instance
      
      is the name of the WebSphere Commerce Payments instance. For example, wpm.
    3. Click New. Add the following property:
       wpm_instance.LDAPUserIndicator, 
      
      where
       wpm_instance 
      
      is the name of the WebSphere Commerce Payments instance. For example, wpm.
    4. Give the property the following value:
      cn
      
      or
      uid
      
      depending on your LDAP implementation.

      Note: By default Active Directory and Domino LDAP use the cn value and the IBM Directory Server uses the

       uid 
      
      value.
    5. Click Apply and save your changes.
    6. Exit the WebSphere Application Server Administrative Console.
    7. Start WebSphere Commerce and WebSphere Commerce Payments. For more To start the Websphere Commerce Payment, see Issuing the IBMPayServer command
  4. To confirm that the payment has been set up correctly and is up and running, log on to the following URL using short name (for example, wcsadmin) and full DN name (for example, uid=wcsadmin,cn=users,dc=ibm,dc=com):
     https://hostname:5433/webapp/PaymentManager
    

    Note: Start up the WebSphere Commerce and Payment server. For more information, see to start the Payment server.

Feedback