Prepare for remote search service


Overview

For SOAP...

  1. If you use SOAP over a secure server, the SOAP service itself is not secure.
  2. If you use SOAP, you need to disable Java 2 security.

For EJB, to prepare security for remote search service in a single-signon domain, add the signer certification of the remote search service server into the portal search server....

  1. Access the administrative console of the portal search server and go to...

  2. Enter the remote search service server host, its SOAP port and an alias.

  3. Click OK.

Consider disabling security before working with the remote search service for development or evaluation purposes. Disable global security on which you install the remote search before enabling the remote search service for the portal...

  1. Access the WAS administrative console.

      Security | Global security

  2. Clear...

      Enable application security

Add the RECOVERY_BACKUP_LOCATION parameter to the portal search service; otherwise, deleting a collection will fail.


Install and enable the remote search service

On the machine where you want to install the remote service...

  1. Copy the files WebScannerSoap.ear, WebScannerEjbEar.ear, and PseLibs.zip to...

    .on the machine on which you want to install the remote search service.

    You find these files in the following locations of the portal installation:

    • The files WebScannerSoap.ear and WebScannerEjbEar.ear are located under...

        $PORTAL_HOME/search/prereq.webscanner/installableApps

    • The file PseLibs.zip is located under...

        $PORTAL_HOME/search/wp.search.libs/installableApps

  2. Depending on the requirements of environment, install one of the two applications WebScannerEJbEar.ear or WebScannerSoap.ear on a remote server, for example server1 .

      Proceed by the following steps:

      1. Access the WAS administrative console and go to...

          Applications | WebSphere Enterprise Application

      2. Browse and select WebScannerEjbEar.ear or WebScannerSoap.ear, depending on whether you are using EJB or web service via SOAP.

      3. Click Next.

      4. On the following panels accept the default settings.

      5. A message confirms that the application PSEStandalone (for EJB) or the application WebScannerEar (for SOAP) was installed successfully.

      6. Click Save to Master Configuration.

      7. Click Save.

  3. Required:This step is required if you use Document Conversion Services.

    1. Install remote document conversion services on the remote server. You do not need to delegate all conversion tasks from the WebSphere Portal to the remote server. You only need to install the remote conversion services.

        For more information refer to the topic about Enable remote document conversion.

    2. Invoke the IBM WAS console and select Environment -> Shared Libraries. Create a new shared library named PSE with a classpath as follows: 

             $(APP_INSTALL_ROOT)/cell_name/dcs_war.ear/dcs.war/WEB-INF/lib/convertors.jar
     $(APP_INSTALL_ROOT)/cell_name/dcs_war.ear/dcs.war/WEB-INF/lib/Export.jar

        where cell_name is the IBM WAS cell name where DCS is installed.

    3. Click Apply -> Save -> Save to save changes.

  4. Extract the Portal Search libraries to the remote server and add them to the classpath on remote server...

    1. Create a directory with the name extract under the directory installableApps.

    2. Locate the file PseLibs.zip in the directory installableApps and extract its content into the directory extract that you created in the previous step.

    3. Open the administrative console.

    4. Click Environment -> Shared Libraries.

    5. Create or modify the new shared library names PSE.

    6. Add the libraries extract/lib to the classpath by adding a new line to the classpath and giving the full path: was_profile_root/installableApps/extract/lib .

        was_profile_root}}} is the profile directory of WAS installation. For example, this can be: 

              /usr/WebSphere/AppServer(/profiles/profile_name)

    7. Click Apply -> Save to save changes to the configuration.

  5. For SOAP only: Define a new Classloader for remote server...

    1. Access the WAS administrative console.

    2. Click Servers -> Server types -> WebSphere application servers.

    3. Click server1.

    4. Under Server Infrastructure -> Java and Process Management, click Classloaders.

    5. Click New and then Apply.

    6. Under Additional Properties, click Libraries, then click Add.

    7. Select the Library Name PSE from the drop-down list and click OK.

    8. Save changes to the configuration.

  6. For EJB only: Add a reference from the application WebScannerEJbEar.ear to the shared library...

    1. Access the WAS administrative console of the remote server.

    2. Navigate to Websphere enterprise applications.

    3. Click the application PSEStandalone -> Shared library references.

    4. On the window that opens up click the checkbox for PSEStandalone, then click the button Reference shared library.

    5. From the Available list select PSE.

    6. Click the left-to-right arrow so that PSE appears in the Selected list.

    7. Click OK -> OK.

    8. Save the configuration.

    9. Restart the application PSEStandalone.

  7. For EJB only: Enable CSIv2 identity assertion...

    1. Enable CSIv2 Identity Assertion on the outbound connection:

      1. Access the WAS administrative console of the portal server.

      2. Navigate to Security -> Global Security -> RMI/IIOP security -> CSIv2 outbound communications.

      3. Check Use identity assertion.

      4. When you are done, restart the portal server.

    2. Enable CSIv2 Identity Assertion on the inbound connection:

      1. Access the WAS administrative console of the remote server.

      2. Navigate to Security -> Global Security -> RMI/IIOP security -> CSIv2 inbound communications.

      3. Check Use identity assertion.

      4. Under Trusted identities, either enter an asterisk ( * ), or enter the identity of the portal server.

      5. When you are done, restart the remote server.

        For more detailed information refer to the WAS information center.

  8. On the administrative console, determine the required values for configuring the portlet parameters, depending on whether you are using EJB or web service via SOAP:

    • For EJB: Determine the value for the port under Servers -> Application Servers -> YourAppServer1 -> Communications -> Ports -> BOOTSTRAP_ADDRESS.

    • For SOAP: Determine the value for the port number for the SOAP URL parameter. The appropriate port number for the SOAP URL parameter is the port on which the application server runs, in other words, the HTTP transport on which the remote server is configured to run. Determine the correct port number from Application servers -> server1 -> Ports -> WC_defaulthost. The WC_defaulthost value is 10000; therefore, if you did not change the default, you can use this value. Make sure that the port number that is set in the following file matches this port:

        [[Directory structure wp7|was_profile_root]]/installedApps/cell/WebScannerEar.ear/WebScannerSoap.war/ wsdl/com/ibm/hrl/portlets/WsPSE/WebScannerLiteServerSOAPService.wsdl

        Replace the variables as follows:

        • was_profile_root}}} is the profile directory of WAS installation. For example, this can be: 

                  /usr/WebSphere/AppServer(/profiles/profile_name)

        • cell is the cell name of remote search machine.

        • WebScannerEar.ear is the name that you gave to the Enterprise Application when you installed the WebScannerSoap.war file.

        Edit the file and look for the port given in the value for the SOAP address location. Example: 

          <soap: address location="http://localhost:your_port_no/WebScannerSOAP/servlet/rpcrouter"/> .

        In the example the port is your_port_no . The default value for the WC_defaulthost is 10000.

  9. In the administrative console, under Resources -> Asynchronous beans -> Work managers, create a new Work manager named PSEWorkManager with the following attributes: 

         Name:                       PSEWorkManager
   JNDI Name:                  wps/searchIndexWM
   Minimum Number of Threads:  20
   Maximum number of Threads:  60
   Growable =                  True (Ensure that the Growable check box is selected.) 
   Service Names:              Application Profiling Service, WorkArea, Security, Internationalization

  10. Click Apply -> Save to save changes to the configuration.

  11. Start the application:

    1. Open the WAS administrative console.

    2. Click Applications -> Application Types -> WebSphere enterprise applications.

    3. Scroll to PSEStandalone or WebScannerEar. You can use the filter feature to search for these names.

    4. Click the check box and click Start.

        A message confirms that the application started successfully.

  12. Required:  This step is required only if you work with EJB on a secure server: Set the search user ID.

  13. Required: This step is required only if you disabled security or set the search user ID by one of the optional previous steps: Restart the WAS.

  14. Configure HTTPs for the Seedlist servlet.

      The Seedlist servlet requires HTTPs by default. Therefore, when you access the servlet via HTTP, then WAS redirects you to HTTPs.


      Notes:

      1. This step is relevant for portal and WCM content, but not for regular web crawling.

      2. When cluster is configured with web server SSL disabled, disable HTTPs redirection.

      3. For all steps given in the following verify you enter the commands with the parameters on one line.

      Proceed by the following steps:

      1. On the Portal primary node

          cd WP_PROFILE/ConfigEngine

        : Run the following command:

          ConfigEngine action-remove-ear-wp.search.servlets/seedlist/servletEAR

      2. On the Portal primary node edit the web.xml located in...

          $PORTAL_HOME/PortalServer/search/wp.search.servlets/seedlist/servletEAR/installableApps/wp.search.seedlist.ear/wp.search.servlets.seedlist.war/WEB-INF/web.xml

          Change the following configuration parameter: 

          <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
</user-data-constraint>

          to the following: 

          <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee> 

</user-data-constraint>

          Save changes.

      3. On the Portal primary node change to the wp_profile/ConfigEngine:

          Run the following command to redeploy the wp.search.seedlist.ear to the cluster:

          ConfigEngine action-create-ear-wp.search.servlets/seedlist/servletEAR

      4. Synchronize the updated configuration to all nodes in the cluster.

      5. Restart the portal cluster.

  15. Check that remote search configuration works correctly.
  16. Optional: If required, re-enable security on the WAS.
  17. Back on the portal, configure Portal Search for remote search service.


Parent

Use remote search service


Related tasks


Prepare security for remote search service in a single-signon domain
Set the search user ID
Configure Portal Search for remote search service
Configure the Search and Browse portlet for local or remote search
Configure a remote Document Conversion Service

WAS information center


+

Search Tips   |   Advanced Search