Configure Profile and Community membership lookups for FileNet

You must deploy both IBM FileNet and Connections with the same WebSphere federated repositories. In other words, the Connections cell security configuration must be pointing to the same LDAP directory the IBM FileNet is configured to use, with identical configuration options.

If we use an existing FileNet server, ensure the directory configuration for FileNet uses IBM Connections, and then perform the following steps to configure FileNet to use the Connections server for directory information. We must use the new IBM Connections option during directory configuration of the FileNet domain.

If we had created the domain using a prior version of FileNet configured with IBM Virtual Member Manager using the -Dibm.filenet.security.vmmProvider.waltzImpl=true option, then installing FileNet Content Platform Engine 5.2 Fix Pack 1 or later automatically upgrades the system to the new IBM Connections option for directory configuration. If the FileNet domain’s directory configuration still is “IBM Virtual Member Manager”, this is a permissible configuration as long as the -Dibm.filenet.security.vmmProvider.waltzImpl=true JVM argument is in place. All other directory configurations are not valid for Connections integration.

1. Cross-certify the two domains/cells for SSO by configuring LTPA / SSO between the Connections, and FileNet domains as described in Configure Single Sign On.

   Ensure the same domain name is configured for both domains. In addition, exchange LTPA keys by exporting from the Connections cell to the FileNet cell as described here.

   Exporting LTPA keys is done from the WebSphere WAS console for Connections, while importing LTPA keys is done on the WebSphere WAS console for FileNet.

   Ensure that for both cells, the interoperability mode and LTPA V1 and V2 cookie names are the same. We can find these values using WebSphere WAS console to navigate to...

   Security | Global security | Web and SIP security | Single sign-on (SSO)

2. Configure JVM properties on the FileNet server:

   1. Log into WebSphere Integrated Solutions console hosting the existing FileNet Content Platform Engine server.

   2. Check the login properties in Global security > Federated repositories > <your_LDAP_Name>.

   3. Make note of the first value from the login properties field, such as uid. This value will be used later in setting a JVM argument.

   4. Click Application Servers > <Server Name> > Process definition > Java Virtual Machine .

   5. In the generic JVM arguments field, add the following code if it is not present already:

      -DenableWaltzIdConversion=true
      -Dibm.filenet.security.vmmProvider.waltzImpl=true 
      -Dcom.ibm.connections.directory.services.j2ee.security.principal=<login_property_value_from_previous_step>
      -Dibm.filenet.security.connectionsProvider.disableRecursiveParentCall=true

      If the login properties contains multiple values, such as uid;mail, only the first value should be used from the list.

   6. Click OK to save the changes. Repeat sub-steps d through f on every server in the FileNet cluster.

3. Configure Waltz and Sonata on the FileNet WebSphere cell. This step will configure directory.services.xml, directory.services.xsd, sonata.services.xml, and sonata.services.xsd, and create a J2C authentication alias to allow FileNet to connect to Connections for directory information. Unzip the waltz.zip/tar file to your FileNet server and follow the Readme.txt file to configure Waltz and Sonata on the FileNet cell.

   • For Windows: connections_root\addons\ccm\waltz\waltz.jar

   • For Linux: connections_root/addons/ccm/waltz.tar

4. Restart DM and the FileNet application server.

Parent topic:
Configure Connections Content Manager with an existing FileNet deployment