Configure SSL only for the login process

 

+
Search Tips   |   Advanced Search

 

Choose one of the following methods to only encrypt the login process to WebSphere Portal and allow subsequent requests via HTTP:

Before you configure SSL for the login process using the Login via Screen, complete the first three Setting up SSL steps.

• Follow these steps if using Login via Screen:
  1. Enable Login via Screen

  2. Verify that the property redirect.login.ssl is set to false in the Configuration Service.

  3. Verify that the Transport Security Constraint is still set to NONE for the wps.ear file.

     Edit...

     was_profile_root/installedApps/cellname/wps.ear/wps.war/WEB-INF/web.xml

     ...and set...

     <security-constraint id="SecurityConstraint_1">
         <transport-guarantee>NONE</transport-guarantee>
     </security-constraint>  
     

  4. Modify...

     ../wps_expanded/wps.war/screens/html/Login.jsp

     ...and set...

     <portal:urlcommand="LoginUser" ssl="true"/>

  5. If values are changed, redeploy wps.ear.

  6. Restart the following servers:
     • Open a command prompt and change to the following directory:

       • UNIX:

         was_profile_root/bin

       • Windows:

         was_profile_root\bin

       • i5/OS:

         app_server_root/bin

     • Enter the following command:

       • UNIX:

         ./startServer.sh server1

       • Windows:

         startServer.bat server1

       • i5/OS:

         startServer -profileName profile_root

         ...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.

       ...where server1 is the name of the WebSphere Application Server administrative server.

     • Enter the following command:

       • UNIX:

         ./startServer.sh WebSphere_Portal

       • Windows:

         startServer.bat WebSphere_Portal

       • i5/OS:

         startServer WebSphere_Portal -profileName profile_root

         ...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.

• Follow these steps if using the Login Portlet:
  1. The Login portlet uses the UseSecureLoginActionUrl parameter to control the generation of the login action URL. Set this parameter to true to use a secure URL for login.

  2. Use the Portlets administration portlet to do the following:
     • Go to Administration > Portlet Management > Portlets.

     • Search for Title start with = "Login".

     • Select the Configure portlet icon.

     • Edit parameter UseSecureLoginActionUrl and set the parameter to true.

We can test the SSL login using the unprotected following URL: http://portalserver.com/wps/myportal and submitting the credentials. You will notice that the URL does not change to https.

Confirm the login was encrypted by monitoring the packets via a network utility such as Ethereal or by reviewing the source code of the login form when accessed through an unprotected HTTP URL. The login form should have an action URL that is secured, for example <form method="post" action="https://....">. Set the browser to warn you when changing between secure and insecure modes to see the behavior on the client-side.

 

Parent Topic

Secure Socket Layer overview

 

---