Prepare for remote search service

Prepare for remote search service

SOAP

SOAP support for remote search services has been deprecated with WebSphere Portal v8.0. EJB is still supported.
If we use SOAP over a secure server, the SOAP service itself is not secure. If we use SOAP, you need to disable Java 2 security.

EJBs

Prepare security for remote search service in a single-signon domain (SSO).
Add the signer certification of the remote search service server into the portal search server.

From the WAS admin console of the portal search server, go to...
Security | SSL certificate and key management | Key stores and certificates | NodeDefaultTrustStore | Signer certificates | Retrieve from port

Enter the remote search service server host, its SOAP port and an alias.

Click OK.

Install the remote search service

Perform the following steps on the machine where to install the remote service, unless specified otherwise:
Copy the files WebScannerSoap.ear, WebScannerEjbEar.ear, and PseLibs.zip to...
PROFILE_ROOT/installableApps
...on the machine on which to install the remote search service. You find these files in the following locations of the portal installation:

The files WebScannerSoap.ear and WebScannerEjbEar.ear are located under...
PORTAL_HOME/search/prereq.webscanner/installableApps

The file PseLibs.zip is located under...
PORTAL_HOME/search/wp.search.libs/installableApps

On the remote server install either WebScannerEJbEar.ear or WebScannerSoap.ear.

From the WAS admin console click...
Applications | WebSphere Enterprise Application | Install | [WebScannerEjbEar.ear | WebScannerSoap.ear] | Next

On the following panels accept the default settings.

A message confirms that the application PSEStandalone (EJB) or the application WebScannerEar (SOAP) was installed successfully.

Click Save to Master Configuration.

Click Save.

If we use Document Conversion Services.

Install remote document conversion services on the remote server.
You do not need to delegate all conversion tasks from the WebSphere Portal to the remote server.

From the WAS admin console, select...
Environment | Shared Libraries

Create a new shared library named PSE with a classpath as follows:
$(APP_INSTALL_ROOT)/cell_name/dcs_war.ear/dcs.war/WEB-INF/lib/convertors.jar
$(APP_INSTALL_ROOT)/cell_name/dcs_war.ear/dcs.war/WEB-INF/lib/Export.jar

...where cell_name is the IBM WAS cell name where DCS is installed.

Save the changes...
Apply | Save | Save

Extract the Portal Search libraries to the remote server and add them to the classpath on the remote server...

Copy libs into place...
PROFILE_HOME=/usr/WebSphere/AppServer/profiles/profile_name
cd $PROFILE_HOME/installableApps
mkdir $PROFILE_HOME/installableApps/extract
cp PseLibs.zip extract

Open the WAS admin console and select...
Environment > Shared Libraries

Create or modify the new shared library names PSE.
Check the option...
Use an isolated class loader for this shared library

Add libraries to the classpath by adding a new line to the classpath and providing the full path...
PROFILE_ROOT/installableApps/extract/lib .

For z/OS this can be:
/WebSphere/VR1M0/AppServer/profiles/default

Save changes

Add a reference from the application WebScannerEJbEar.ear to the shared library.
From the WAS admin console of the remote server, go to...
Websphere enterprise applications | [PSEStandalone | WebScannerEar ] | Shared library references | [PSEStandalone | WebScannerEar] | Reference shared library | PSE

PSEStandalone is for EJB. WebScannerEar is for SOAP
Save the configuration and then restart you rapplication.

On the WAS admin console, determine the required values for configuring the portlet parameters...

For EJB, determine the value for the port under...
Servers | Application Servers | YourAppServer1 | Communications | Ports | BOOTSTRAP_ADDRESS

For SOAP, determine the value for the port number for the SOAP URL parameter.
The appropriate port number for the SOAP URL parameter is the port on which the application server runs, in other words, the HTTP transport on which the remote server is configured to run. Determine the correct port number from...
Servers | Application servers | server1 | Ports | WC_defaulthost

The WC_defaulthost value is 10014; therefore, if you did not change the default, we can use this value. Make sure that the port number set in the following file matches this port:
PROFILE_ROOT/installedApps/cell/WebScannerEar.ear/WebScannerSoap.war/wsdl/com/ibm/hrl/portlets/WsPSE/WebScannerLiteServerSOAPService.wsdl

Replace the variables as follows:

PROFILE_ROOT is the profile directory of the WAS installation.
For example, this can be:
/usr/WebSphere/AppServer/profiles/profile_name

For z/OS this can be:
/WebSphere/VR1M0/AppServer/profiles/default

cell is the cell name of the remote search machine.

WebScannerEar.ear is the name that you gave to the Enterprise Application when you installed the WebScannerSoap.war file.

Edit the file and look for the port given in the value for the SOAP address location. Example:
<soap: address location="http://localhost:your_port_no/WebScannerSOAP/servlet/rpcrouter"/> .

In the example the port is your_port_no. The default value for the WC_defaulthost is 10014.
In the WAS admin console, under...
Resources > Asynchronous beans > Work managers

Name: PSEWorkManager JNDI Name: wps/searchIndexWM Minimum Number of Threads: 20 Maximum number of Threads: 60 Growable = True (Ensure that the Growable check box is selected.) Service Names: Application Profiling Service, WorkArea, Security, Internationalization
Save changes

Start the application....
Applications | Application Types | WebSphere enterprise applications | [PSEStandalone | WebScannerEar] | Start

If you work with EJB on a secure server, set the search user ID.

If you disabled security or set the search user ID by one of the optional previous steps, restart WAS appservers.

In the portal server enable CSIv2 identity assertion:

Enable CSIv2 Identity Assertion on the outbound connection:

Access the WAS admin console of the portal server and select...
Security | Global Security | RMI/IIOP security | CSIv2 outbound communications | Use identity assertion

Sestart the portal server.

Enable CSIv2 Identity Assertion on the inbound connection:

From WAS admin console of the remote server, select...
Security | Global Security | RMI/IIOP security | CSIv2 inbound communications | Use identity assertion

Under Trusted identities, enter either an asterisk ( * ) or the identity of the portal server.

When we are done, restart the remote server.
On the portal server configure HTTPs for the Seedlist servlet. The Seedlist servlet requires HTTPs by default. Therefore, when you access the servlet via HTTP, then WAS redirects you to HTTPs:
Open the following file with an editor: PortalServer_root/search/wp.search.servlets/seedlist/servletEAR/installableApps/wp.search.seedlist.ear/wp.search.servlets.seedlist.war/WEB-INF/web.xml
Update the following code:
<user-data-constraint>          
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
Replace it by the code following here:
<user-data-constraint>          
    <transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
Save the file.

Run the following portal ConfigEngine script:
./ConfigEngine.sh action-update-ear-wp.search.servlets/seedlist/servletEAR

Restart the portal server for your updates to take effect.
Back on the portal, configure Portal Search for remote search service.
Parent: Use remote search service
Related: Replace the search administrator user ID
Prepare security for remote search service in a single-signon domain
Set the search user ID
Configure Portal Search for remote search service
Configure a remote Document Conversion Service
WAS information center