Home
Forcing traffic to be sent over SSL
You can configure Lotus Connections to force all traffic that passes between a Lotus Connections server and a user's Web browser to be sent over the Secure Socket Layer (SSL).
Be sure that SSL is enabled in your environment before you perform this procedure. See Configuring the IBM HTTP Server for SSL in the Installing section of the Lotus Connections information center for more information.To edit configuration files, use the wsadmin client. See Start the wsadmin client for details.
To force traffic to be sent over SSL...
- Use the wsadmin client to access and check out the Lotus Connections configuration files.
- Access the Lotus Connections configuration file:
- Stand-alone deployment: execfile("connectionsConfig.py")
- Network deployment: execfile("WAS_HOME/profiles/Dmgr01/config/bin_lc_admin/connectionsConfig.py")If you are prompted to specify which server to connect to, type 1.
This information is not used by the wsadmin client when you are making configuration changes.
- Check out the Lotus Connections configuration files...
LCConfigService.checkOutConfig("<working_directory>","cell_name") where:
- <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied and are stored while you make changes to them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft Windows operating system.
- cell_name is the name of the WebSphere Application Server cell hosting the Lotus Connections feature. This argument is required even in stand-alone deployments. This argument is also case-sensitive, so type it with care. If you do not know the cell name, do one of the following to determine it:
- Stand-alone deployment: From the file system...
WAS_HOME\profiles\profile_name\config\cells\
- Network deployment: Type the following command while in the wsadmin command processor:
print AdminControl.getCell()
For example:
- AIX/Linux:
LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")
- Microsoft Windows:
LCConfigService.checkOutConfig("c:/temp","foo01Cell01")
- Enter the following command:
LCConfigService.updateConfig("force.conf.comm.enabled", "true")
- After making changes, check the configuration files back in and do so during the same wsadmin session in which you checked them out for the changes to take effect. See Applying common configuration property changes for information about how to save and apply your changes.
- Optional: To secure session cookies...
- Log in to the WAS admin console of the server hosting your Lotus Connections features as the administrator.
- Select Servers > Application servers.
- Click the server hosting Lotus Connections from the list of server names.
- Click Session Management, and then click Enable cookies.
- Select the Restrict cookies to HTTPS sessions check box.
- Click Apply, and then click OK.
- Optional: To secure LTPA tokens...
- From the WAS admin console, expand Security, and then click Secure administration, applications and infrastructure.
- Expand Web security, and then click single sign-on (SSO).
- Select the Requires SSL check box.
- Click Apply, and then click OK.
Perform some additional steps to force Files and Wikis API calls to be sent over HTTPS. See Forcing Files and Wikis authenticated API traffic to be sent over HTTPS for more details.
- Forcing Files and Wikis authenticated API traffic to be sent over HTTPS
The Files and Wikis APIs use J2EE declarative security, which does not support the redirection of basic authentication requests to HTTPS before requesting authentication credentials. You must take some steps to prevent credentials from being sent unencrypted in response to authentication challenges.
Securing access to external feeds
Related tasks
Change common configuration property values
Apply common configuration property changes
Configure IBM HTTP Server for SSL
Enable users to publish file attachments to Lotus Quickr
Forcing Files and Wikis authenticated API traffic to be sent over HTTPS