Enable locked domains

To enable locked domains in Connections, we specify an atrribute in LotusConnections-config.xml to ensure that only the ConnectionsCommon.ear application is mapped to the locked domain host.

Although no SSO tokens will be flowing from the host, this extra precaution limits exposure of the Connections infrastructure to potentially malicious gadgets.

1. Check out the Connections configuration files:
   cd $DMGR_PROFILE/bin
   ./ wsadmin tool -jython
   execfile("connectionsConfig.py")
   LCConfigService.checkOutConfig("/tmp", "C3DevCell")

2. vi /tmp/LotusConnections-config.xml

3. Add this attribute to LotusConnections-config.xml.

   <sloc:serviceReference bootstrapHost="myhost.myco.com" 
                          bootstrapPort="2809" 
                          clusterName="" 
                          enabled="true" 
                          serviceName="opensocialLocked" 
                          ssl_enabled="true">
   
           <sloc:href>
               <sloc:hrefPathPrefix>/connections/opensocial</sloc:hrefPathPrefix>
               <sloc:static href="http://myco.locked.com:9080" 
                            ssl_href="https://myhost.locked.com:9443"/>
               <sloc:interService href="https://myhost.myco.com:9443"/>
           </sloc:href>
   
   </sloc:serviceReference>
   

4. Save LotusConnections-config.xml.

5. Check in the files and deploy changes:
   LCConfigService.checkInConfig()
   synchAllNodes()

6. Restart the Connections server.

Parent topic:
Security

See also

Common Rendering Engine