Configure the Portal AJAX proxy to support authentication 

Configure the Portal AJAX Proxy to manage authentication for the IBM Connections portlets.


About this task

The Connections Portlets now use the Portal AJAX Proxy as the mechanism for forwarding security headers and cookies with each REST service call to authenticate the request with the Connections server. You can configure the AJAX Proxy to forward LTPA token as well as the appropriate headers for an environment behind a TAM or SiteMinder security proxy. The following instructions outline the steps to enable the default setting to forward the LTPA. For more information on configuring the Portal AJAX see the following articles in the IBM WebSphere Portal product documentation:


Procedure

  1. Open the following file from the directory where the Portal server is installed:

    • WebSphere Portal 6.1.5: <Portal_Root>\wp_profile\installedApps\<nodeName>\AJAX Proxy Configuration.ear\wp.proxy.config.war\WEB-INF\proxy-config.xml

    • WebSphere Portal 7: <Portal_Root>\wp_profile\config\cells\<nodeName>\applications\AJAX Proxy Configuration.ear\deployments\AJAX Proxy Configuration\wp.proxy.config.war\WEB-INF\proxy-config.xml

  2. Add a new policy to the proxy-config.xml file by adding the following lines:

      <proxy:policy url="<CONNECTIONS_SERVER_BASE_URL>/*" acf="none" basic-auth-support="true">
         <proxy:actions>
            <proxy:method>GET</proxy:method>
            <proxy:method>HEAD</proxy:method>
            <proxy:method>POST</proxy:method>
            <proxy:method>PUT</proxy:method>
            <proxy:method>DELETE</proxy:method>
         </proxy:actions>
         <proxy:cookies>
            <proxy:cookie>LTPA</proxy:cookie>
            <proxy:cookie>LTPA2</proxy:cookie>
            <proxy:cookie>LtpaToken</proxy:cookie>
            <proxy:cookie>LtpaToken2</proxy:cookie>
            <proxy:cookie>JSESSIONID</proxy:cookie>
         </proxy:cookies>
         <proxy:users>
            <proxy:user>AllAuthenticatedUsers</proxy:user>
         </proxy:users>
         <proxy:meta-data>
            <proxy:name>forward-http-errors</proxy:name>
            <proxy:value>true</proxy:value>
         </proxy:meta-data>
         <proxy:meta-data>
            <proxy:name>socket-timeout</proxy:name>
            <proxy:value><SOCKET_TIMEOUT_VALUE></proxy:value>
         </proxy:meta-data>
         <proxy:meta-data>
            <proxy:name>max-connections-per-host</proxy:name>
            <proxy:value><MAX_PER_HOST></proxy:value>
         </proxy:meta-data>
         <proxy:meta-data>
            <proxy:name>max-total-connections</proxy:name>
            <proxy:value><MAX_TOTAL_CONNECTIONS></proxy:value>
         </proxy:meta-data>
      </proxy:policy>

      Where:

        CONNECTIONS_SERVER_BASE_URL is the base url for your connections server. For example: https://connections.example.com.
        SOCKET_TIMEOUT_VALUE is the maximum wait time for open requests. We recommend setting this to 45000.
        MAX_PER_HOST is the maximum number of connections per host. We recommend setting this to 50.
        MAX_TOTAL_CONNECTIONS is the maximum number of connections allowed. We recommend setting this to 500.

      Note: If you are deploying on a cluster, make these changes on your deployment manager and your application server nodes and ensure you synchronize your application server nodes after you complete the changes.

  3. WebSphere Portal 7 only: Run the ConfigEngine task to set the new proxy configuration:

      <WP_Root>/ConfigEngine> ConfigEngine.bat checkin-wp-proxy-config -DProxyConfigFileName=<PATH_TO_UPDATED_proxy-config.xm.> -DWasUserId=<ADMIN_USERID> -DWasPassword=<ADMIN_PASSWORD>

      Note: If the path for the DProxyConfigFileName parameter contains spaces, as it does by default, enclose the path in quotes.

  4. Restart the AJAX Proxy application from the WAS admin console or restart the Portal server.


What to do next

Verify that the global proxy configurations are working in a non-SSO environment:

Verify that the global proxy configurations are working in an SSO environment:


Parent topic

IBM Connections Portlets for WebSphere Portal


August 5, 2011 12:18:46 PM
   

 

Aug 5, 2011 12:18:46 PM 6 May 31, 2011 4:17:47 PM 5 May 24, 2011 8:02:31 AM 3 Apr 15, 2011 11:29:24 AM 2 Apr 15, 2011 11:26:17 AM 1 1 Apr 11, 2011 9:20:16 PM Submitted by Robert Farstad on Nov 21, 2011 6:55:08 PM

Re: Configuring the Portal AJAX proxy to support authentication

This information needs to be more spesific. I had huuuge issues with implementing this config. You must spesify which parameters in the proxy-config.xml which are new parameters and which ones that already exists, which you then only need to modify. For instance, the "socket-timeout", "max-connections-per-host" and the "max-total-connections" parameters already exists. If you add new ones by pasting in the entire config stated in this document, then it won't work.....

You should also specify where to put the new parameters in the existing proxy-config.xml file. Should they be on top, or on bottom, middle? I ended up putting them in the bottom, and it worked....

Submitted by Frank Putzky on Jun 30, 2011 8:55:09 AM

Re: Configuring the Portal AJAX proxy to support authentication : ic301

Experiences from my own installation

1. It is necessary to add policies for all servers, which are configured in IBM Connections as these servers use different ports. At the end it depends on the IBM Connections setup.

2. If using the suggested URL for verification of the AJAX Proxy configuration you will not have to enter user and password but will receive the IBM Connections profile starting page without any formatting and images shown.

Submitted by John McEvoy on Jun 15, 2011 7:18:11 AM

Re: Configuring the Portal AJAX proxy to support authentication : ic301

The command line for the ConfigEngine task is incorrect, a space should be removed, ie should be "-DWasUserId" instead of "- DWasUserId"

Submitted by Lamont Bowens on May 31, 2011 4:16:05 PM

Re: Configuring the Portal AJAX proxy to support authentication : ic301

There's some information left out of Step 2 for the new proxy policy to add to proxy-config.xml.

Below the text that specifies the new policy, please add the following:

Where:

* CONNECTIONS_SERVER_BASE_URL is the base url for your connections server. For example: https://connections.example.com.

* SOCKET_TIMEOUT_VALUE is the maximum wait time for open requests. We recommend setting this to 45000.

* MAX_PER_HOST is the maximum number of connections per host. We recommend setting this to 50.

* MAX_TOTAL_CONNECTIONS is the maximum number of connections allowed. We recommend setting this to 500

These describe the default settings for these parameters.

});