+

Search Tips   |   Advanced Search

Configuration Service


Overview

The portal Configuration Service collects the most essential configuration data of the IBM WebSphere Portal engine.

In the WAS console, the portal Configuration Service is listed as WP ConfigService. Many of the properties listed here are set by the installation procedure. Therefore, plan well ahead and apply special care when modifying. WebSphere Portal and the WAS console also provide a CP Configuration Service; this service has properties for tagging and rating only. The Configuration Service also includes the configuration properties for WSRP services.


Configuration Service Properties

    was.home = (${WAS_INSTALL_ROOT})
    Absolute path to the install directory of WAS.

    wps.home = (${WPS_INSTALL_ROOT})
    Home directory of the WebSphere Portal.

    command.sessionvalidator = (SessionValidatorAuth)
    Session validator command.

    command.login = (LoginUserAuth)
    Login command.

    command.logout = (LogoutUserAuth)
    Logout command.

    redirect.login = (true)
    Turn on user-defined redirection after successful login. If a URL has been specified under redirect.login.url listed later, that URL is used as the URL for the redirection. If no URL is specified, the portal determines the default page for the current user and sends a redirect to that page in the protected portal area.

    redirect.login.ssl = (false)
    Turn on SSL in the system-defined redirection after successful login. If no URL is specified for the property redirect.login.url listed in the following, the redirect URL uses HTTPS for the protocol.

    redirect.login.url [optional] = <none>
    URL for redirection after successful login. If no URL is specified, the portal determines the default page for the current user and sends a redirect to that page in the protected portal area. This setting does not affect implicit logins, such as single sign-on with LTPA token or through an external security manager.

    redirect.login.authenticated.url [optional] = <none>
    URL for redirection after the first access to a protected page when the user has already been authenticated by an external security manager (TAI) and a portal session does not exist yet. If no URL is specified, the portal either displays the protected page originally requested, or, if session resume is enabled, the last page the user had accessed in the previous session.

    redirect.logout = (false)
    Turn on user-defined redirection after successful logout. If a URL has been specified under redirect.logout.url listed later, that URL is used as the URL for the redirection. If no URL is specified, the portal determines the default page in the public portal area and sends a redirect to that page.

    redirect.logout.ssl = (false)
    Turn on SSL in system-defined redirection after successful logout. If no URL is specified, the redirect URL uses HTTPS.

    redirect.logout.url = <none>
    URL for redirection after successful logout. If no URL is specified, the portal determines the default page in the public portal area and sends a redirect to that page.

    ldapserviceattributename.attribute [optional] = (uid)
    Determine that portal workflow integration uses a dedicated user attribute when identifying individual users on WebSphere Process Server. Set this property to the user attribute used by WebSphere Process Server during task authorization. WebSphere Process Server uses the J2EE principal name for this purpose. By default the J2EE principal name maps to the uid user attribute in most LDAP servers, except for Domino servers. Domino LDAP servers use the cn attribute by default, therefore for such a configuration set the ldapserviceattributename.attribute to the value cn. Optional.

    multiple.realms.enabled = (false)
    Multiple Realms Support properties to allow login with uid@realm.

    multiple.realms.login.default.realm = <none>
    Multiple Realms Support properties to allow login with uid@realm.

    multiple.realms.user.dn.template = <none>
    Multiple Realms Support properties to allow login with uid@realm.

    host.name = <none>
    The default is that no value exists for host.name. In this case, portal URLs start with the host name of the incoming request. The host name in URLs be static, we enter a host name here. For example, in case of a cluster installation we can enter the name of the network traffic dispatcher here. If a host name is entered, this entry is used to create the portal URLs.

    host.port.http = <none>
    The HTTP port (normally 80).

    host.port.https = <none>
    The HTTP-SSL port (normally 443).

    security.css.protection = (true)
    Whether Cross-Site-Scripting security protection is turned on. The default is true for enabling the protection.

    redirect.commands = (false)
    A portal command is followed with an HTTP redirect. This way URLs can be bookmarked. Using this feature results in a certain performance overhead. Therefore it should only be used if needed.

    uri.context.path = (/wps)
    The context path under which the portal is running.

    uri.context.path.facade = (/wsrp)
    The context path for the additional WAR file used as a facade web application for the WSRP implementation. This enables us to use with Client Authentication for WSRP and simultaneously use other means of authentication for the portal, for example form based authentication. This separation is required as J2EE allows only for one authentication mechanism per WAR file.

    uri.home.public = (/portal)
    The servlet context of the portal engine for public (or anonymous) pages, i. e. pages that users can view without entering a user ID or password.

    uri.home.protected = (/myportal)
    The servlet context portal engine for protected (or personal) pages. i. e. pages that users can only view by entering a user ID and password.

    uri.home.doc = (/doc)
    The servlet context of the portal engine for the documentation area.

    uri.home.substitution = (false)
    Determines whether a public URL should be translated to a protected URL if a user session exists.

    To preserve the original behavior and design assumptions of WebSphere Portal URLs, IBM strongly recommends setting the value of the uri.home.substitution property to true.

    Uri.home.substitution controls the behavior of WebSphere Portal when a user who is already logged on to the WAS environment on which WebSphere Portal is running uses a /portal URL to access WebSphere Portal.

    The original default behavior of WebSphere Portal when a logged-in user made a /portal request and the uri.home.substitution property was either not set or set to false was to log the user out and redirect them to the login page. Setting the uri.home.substitution property to true changes the behavior so that WebSphere Portal translates the public URL to a protected URL by redirecting the user to a /myportal URL version of the same request without logging out the user. This is how most users want WebSphere Portal to function.

    A setting in WAS security, called use available authentication, affected the behavior of WebSphere Portal URLs. The use available authentication setting is now set to true by default in WAS. When set to true, this setting directs WAS to build a security context for requests to unprotected URLs, specifically the /portal URL, if possible. More specifically, WAS builds this security context when valid credentials such as an LtpaToken are recognized on the inbound request. In this case, a request to the /portal URL by a logged in user does not automatically log out the user and redirect them to the login page. Instead, the request is processed, but in an inconsistent manner. Many things appear to work properly as if the user was recognized as logged in. However, some subtle functional errors might occur, specifically when the rendering of the response embeds secondary requests to the WebSphere Portal contenthandler function. Therefore, to achieve the most correct operation, set the uri.home.substitution property in the WP ConfigService Resource Environment Provider to true.

    Set the uri.home.substitution property to true ensures that even when a request to the /portal URL is forwarded by WAS with a security context, WebSphere Portal still redirects the user to a /myportal version of that same URL. This behavior maintains the original design assumption of using two URL entry points into WebSphere Portal, one for anonymous access and one for authenticated access.

    To preserve the original behavior of WebSphere Portal when uri.home.substitution is not set or is set to false, see the property logout.user.onpublic and the following technote, Default triggers for implicit logouts changed in WebSphere Portal v8.

    wsrp.resourceproxy.basic.auth.credentialslot = <none>
    On a WSRP Consumer portal use this property to specify a credential vault slot containing the user ID and password credentials. The resource proxy servlet will use the credentials from the credential vault slot when fetching resources that are protected by HTTP basic authentication. The user ID and password will be sent to all remote resources referenced in the markup of the remote WSRP portlet.

    wsrp.resourceproxy.no.header.forwarding = <none>
    On a WSRP Consumer portal use this property to specify the list of HTTP headers that are not forwarded from the client request in addition to the host header and cookie headers. The host header and cookie headers are never forwarded independent of how this property is set.

    Persistent session properties
    Use these properties to configure session persistence for users. For more details about persistent session state and its possible options see the topics about Configuring user session persistence.

      persistent.session.level = (0)
      Determines the level on which the persistent session should operate. If we set this property to a value of 3 , this setting does not affect implicit logins, such as single sign-on with LTPA token or through an external security manager.

      persistent.session.option = (0)
      Determines whether the user gets the option to resume the session. If we set this property to 0, the level setting for the property persistent.session.level is applied during login, and the user has no choice whether to resume the previous session or not. If we give users the resume option by setting this property to 1, we should configure the persistent session preservation level by setting the property persistent.session.level to 1 or 2.

      timeout.resume.session = (false)
      Determines whether resuming the session after a session timeout requires user authentication. Default is false. If false and the user tries to continue working after a session timeout, the portal shows an error message stating the session has timed out and the user has to log in again. If true, the portal ignores the session timeout and does not show the error message. The user can resume the previous session without authentication and continue to work. In both cases the previous session is resumed according to the setting of the persisted.session.level property.

    session.security.use.errorcode = (true)
    Whether the portal performs a redirect or displays an HTTP error, if session security support is enabled for the portal server and the user in the session does not correspond to the authenticated user in the request. Session security support is a hardening feature of WAS. We can activate it for each application server in the WAS console under the Web Container Settings > Session Management section. If this session security support is active, the application server checks for each authenticated request whether the user who owns the current session matches the user who originated the request. For example, this can be determined by the LTPA token. The portal service configuration property only specifies how the portal behaves, if it detects a mismatch between the session user and the authenticated user.

    If true, the portal returns the HTTP error code defined by the property session.security.errorcode listed later. This typically results in an appropriate error message being displayed.

    If false, we can specify a redirect URL using the property session.security.redirecturl listed later. For example, we can redirect to a specific error page which is then displayed to the user.

    By default this property is set to true.

    For further information about session security support in general refer to the appropriate version of the WAS information center for the installation.

    session.security.errorcode = (409)
    HTTP error code returned if all of the following conditions apply:

    1. Session security support is enabled in the WAS.

    2. The property session.security.use.errorcode listed earlier is set to true.

    3. A mismatch of the user in the session and the authenticated user is detected.
    We must specify a valid HTTP error code. The default is error code 409.

    session.security.redirecturl = <none>
    Redirect URL to which portal redirects if all of the following conditions apply:

    1. Session security support is enabled in the WAS.

    2. The property session.security.use.errorcode listed earlier is set to false.

    3. A mismatch of the user in the session and the authenticated user is detected.
    If the property session.security.use.errorcode listed earlier is set to false, specify a value for this property. This property has no default.

    portal.session.protection = (true)
    Specify that, for each authenticated portal request, portal checks whether the user in the portal session matches the calling user of the current request. If this results in a mismatch, the portal invalidates the existing session and creates a new one for the calling user to make sure that both identities match. The portal provides this hardening feature, which is independent of the session security support provided by WAS. By default this property is set to true, therefore by default the portal performs this check.

    portal.enable.filtering = (true)
    Whether the portal should use Portal Filtering or not. The default is true.

    portlet.url.find = <none>
    URL used for find and set in global settings portlet.

    portlets.unauthorized.visible = (false)
    Determines what a user sees if they are not authorized to view a portlet.

    portletcontainer.std.custom.windowStates = <none>
    This property defines custom window states that are handled by the portal. This allows portlets to specify custom window states as defined in the Java Portlet Specification 1.0. The portal allows portlets to generate URLs and consequently invoke other portlets with a custom window state if both of the following preconditions apply:

    • The invoked portlet specifies a custom window state in its deployment descriptor ( portlet.xml ).

    • That window state is registered using this property.

    The property value is a comma separated list of custom window states. An example is: portletcontainer.std.custom.windowStates = winState1, myWinState .

    allow.derived.titles = (true)
    Determines if the title and description of derived pages can be redefined by users. If the value is set to false, titles and description of pages can only be changed on non-derived pages.

    wps.mappingurl.portal_url_identifier = (/!ut/p)
    Identifier for Portal URLs. For the specification of the format of this property refer to the topic about URL mapping.

    With WebSphere Portal v8.5, URL mappings are deprecated.

    wps.mappingurl.enabled = (true)
    Whether URL mapping is enabled or not. Possible values are true to enable URL mapping, or false to disable URL mapping. Default is true.

    • With WebSphere Portal v8.5, URL mappings are deprecated.

    • When creating a URL mapping or create or modify a page, make sure that URL mappings and friendly URLs in the portal do not match, partially overlap, or otherwise interfere with each other. For example, do not use strings such as home, ibm, ibm.com, and do not use strings that have been used as URL mappings or friendly URLs in the portal already. Otherwise infinite browser redirect loops might occur, sometimes without an error message. To determine such strings, create an export from the portal using the XML configuration interface and scan the exported XML result output file for the string to use for the URL mapping or for the friendly URL.

    wps.mappingurl.invalid = (false)
    How the portal responds to a URL mapping containing path information. Specify one of the following two values:

      true
      If true and the portal gets a request for a URL mapping containing path information, the portal returns either an HTTP 404 error or redirects the user to the default portal page.

      false
      Default value. If false and the portal gets a request for a URL mapping containing path information, the portal responds as defined by the property friendly.pathinfo.enabled.

    • With WebSphere Portal v8.5, URL mappings are deprecated.

    • The property friendly.pathinfo.enabled applies to both friendly URLs and URL mappings.

    • The property state.decoding.fallback is not applied to URLs the portal interprets as URL mappings or friendly URLs. If we use friendly URLs or URL mappings, consider setting the parameters state.decoding.fallback, wps.mappingurl.invalid, and friendly.pathinfo.invalid in a consistent way. This can help provide a consistent user experience. Example: If we set state.decoding.fallback = false, consider setting wps.mappingurl.invalid = true and friendly.pathinfo.invalid = true.

    navigation.portletmenu.mode = (0)
    Define how portlet menus are integrated in the overall portal navigation menu structure. Portlet menus are navigation parts provided by the portlet itself. They can be added as a subtree to the navigation menu item that references the page in which the portlet resides. This property has the following three options:

    0 Disabled: Portlet Menus are not displayed in the navigation menu at all. Default value.

    1 Current selection: Only the portlet menus of the portlets that reside on the currently selected page are added under the navigation menu item for that page.

    2 Everything: The portlet menus of all portlets on all pages are added under the appropriate navigation menu items in the navigation tree.

    navigation.expansion.defaultstate = (false)
    This determines whether the nodes in the navigation tree are expanded or collapsed by default. The default is false, which means the nodes are collapsed. Some exceptions apply; for example, the Portal Administration navigation tree is expanded by default.

    Setting this to true does not affect Web 2.0 themes, as the expansion state is not returned from the portal REST service.

    page.reload.interval = (0)
    Page reload interval for unauthenticated users. Specify the interval in minutes after which the portal page hierarchy should be reloaded for an unauthenticated user. The reload respects the most current access control settings for that user. If this value is set to zero, no automatic reload occurs during the session.

    wsrp.caching.enabled = (true)
    Enable or disable WSRP markup caching. Default is true. This means that WSRP markup caching is enabled, if no value is specified for this property. See the topic about WSRP Markup Caching.

    friendly.enabled = (true)
    Whether friendly URL names can be set for portal pages in the Manage Pages portlet. Default is true. If true, we can add friendly URLs for portal pages in the Manage Pages portlet. "Friendly" means that use a name that is concise and easy to remember to address a specific portal page. To add a friendly URL for a portal page, click the Edit Page Properties icon for the page for which to add a friendly URL. We can then give the portal users that URL, and they can access that page by entering the URL in the Address field of their browser.

    When creating a URL mapping or create or modify a page, make sure that URL mappings and friendly URLs in the portal do not match, partially overlap, or otherwise interfere with each other. For example, do not use strings such as home, ibm, ibm.com, and do not use strings that have been used as URL mappings or friendly URLs in the portal already. Otherwise infinite browser redirect loops might occur, sometimes without an error message. To determine such strings, create an export from the portal using the XML configuration interface and scan the exported XML result output file for the string to use for the URL mapping or for the friendly URL.

    If true, use the property friendly.redirect.enabled listed later to determine whether a redirect should be sent if the incoming URL did not contain the friendly URL prefix of the addressed page.

    friendly.redirect.enabled = (true)
    Determine whether or not a redirect should be sent if the incoming URL did not contain the friendly URL prefix of the addressed page. This property does not take any effect if friendly URLs have been disabled by setting the property friendly.enabled to false. Valid values for this property are as follows:

      true
      Set this property to true if we use an External Security Manager in the portal deployment configured to protect URLs based on their prefixes. Default value of this property.

      false
      If false, no redirect is sent in the case previously described.

    friendly.pathinfo.invalid = (false)
    How the portal responds to a friendly URL containing path information. Specify one of the following two values:

      true
      If true and the portal gets a request for a friendly URL containing path information, the portal returns either an HTTP 404 error or redirects the user to the default portal page. The portal response depends on the setting of the property state.decoding.fallback.

      false
      Default value. If false and the portal gets a request for a friendly URL containing path information, the portal responds as defined by the property friendly.pathinfo.enabled.

    The property state.decoding.fallback is not applied to URLs the portal interprets as URL mappings or friendly URLs. If we use friendly URLs or URL mappings, consider setting the parameters state.decoding.fallback, wps.mappingurl.invalid, and friendly.pathinfo.invalid in a consistent way. This can help provide a consistent user experience. Example: If we set state.decoding.fallback = false, consider setting wps.mappingurl.invalid = true and friendly.pathinfo.invalid = true.

    friendly.pathinfo.enabled = (true)
    Whether URL mappings and friendly URLs can contain path information to a content item as part of the URL. Specify one of the following two values:

      true
      Default value. If true and the portal gets a request for a URL containing path information, the portal respects that path information and takes the user to the specified portal page.

      The property friendly.pathinfo.enabled applies to both friendly URLs and URL mappings.
      Support for path information in friendly URLs also requires the property friendly.enabled is set to true and the property friendly.pathinfo.invalid is set to false.
      Support for path information in URL mappings also requires the property wps.mappingurl.enabled is set to true and the property wps.mappingurl.invalid is set to false.

      false
      If false and the portal gets a request for a URL containing path information, the portal ignores the path information and only takes the user to the requested page.

    friendlyname.uniqueness.enforcement = (true)
    Whether the portal enforces that new friendly names are unique across existing non-private sibling nodes. Default is true. The enforcement does not include derived pages with an inherited friendly name and siblings that are moved in by a personalization rule.

    com.ibm.wps.resolver.servlet.AbstractServlet.enableWebDAV[optional]=(true)
    Whether or not the WebDAV feature is enabled in WebSphere Portal. By default, this is set to the value true, by which WebDAV is enabled. To disable WebDAV, specify the value false. To re-enable WebDAV, specify the value true.

    portlet.iwidget.markup.prefetching = (true)
    Whether the markup of portlets on pages in Client-side rendering mode should be loaded together with the markup for the portal page. Default is true. This property defines the default markup prefetching behavior for pages that are configured to use the Client-side rendering mode. The default behavior can be overridden on a per portlet basis by declaring the same property as a portlet init property in the deployment descriptor file ( portlet.xml ) of the portlet. To disable portlet markup prefetching by default, set the value of this property to false. In this case the markup of portlets on pages in Client-side rendering mode is fetched using separate HTTP requests.

    portlet.enable.transcoding = (true)
    Determines whether transcoding is enabled.

    portlet.automaximize = (false)
    If true, the portlet window is maximized when a portlet is set into edit, configure or help mode.

    proxy.enable.app.config = (false)
    If true, the Ajax proxy ignores all proxy-config.xml files inside portlets.

    content.topology.writelock.timeout = milliseconds (default=25000)
    Maximum wait time to obtain a writable model before issuing a timeout warning. To add or change the settings, open Resource Environment Providers in the WAS console. Restart the portal server after making the changes.

    content.topology.writelock.dump = true|false (default=false)
    Control if a Java core dump is written in case of a timeout event for debugging. To add or change the settings, open Resource Environment Providers in the WAS console. Restart the portal server after making the changes.

    com.ibm.wps.filestore.JCRWebdavTreeModelFactory.cacheClearOnRestart = true|false (default=true)
    Define whether the file cache content is invalidated and fetched again after server startup or not. Default is true.

    actual.SSO.tokenUrl = your_URL_for_SAP_integration (no default)
    Optional. Specify a referenced property of SAP integration. Change the property name according to the chosen reference in the SAP integration page properties. Specify the URL for SAP integration as the value.

    enable.default.social.object.resolution.mode.request.param = (true)|false
    Optional. The default setting is true. If false, the parameter ibm.portal.default.social.object.resolution.mode is disabled. This setting influences how social object links in social lists are resolved. For more information see Configure globally how social object links are resolved.

    content.topology.writelock.dump = true|false (default=false)
    Control if a Java core dump is written in case of a timeout event for debugging. To add or change the settings, open Resource Environment Providers in the WAS administrative console. Restart the Portal Server after making the changes.

    com.ibm.wps.filestore.JCRWebdavTreeModelFactory.cacheClearOnRestart = true|false (default=true)
    Define whether the file cache content is invalidated and fetched again after server startup or not. Default is true.

    proxy.cv.slot.regex = the regular expression with allowed slot IDs
    Optional. Use it to define a subset of available slots in the Credential vault to which to limit the access of outbound HTTP connections. For details, read Authenticating outbound HTTP connections.

    state.decoding.fallback [=true]
    Control how the portal responds to requests for URLs that it cannot decode. Set it to one of the following two values:

      true
      Default value. If true, the portal renders the default or home page. The user friendly fallback solution in scenarios with portal site visitors.

      false
      If false, then the portal serves an HTTP 404 error to requests that it cannot decode. This can be the preferred solution for other scenarios.

    The property state.decoding.fallback is not applied to URLs the portal interprets as URL mappings or friendly URLs. If we use friendly URLs or URL mappings, consider setting the parameters state.decoding.fallback, wps.mappingurl.invalid, and friendly.pathinfo.invalid in a consistent way. This can help provide a consistent user experience. Example: If we set state.decoding.fallback = false, consider setting wps.mappingurl.invalid = true and friendly.pathinfo.invalid = true.

    x-method-override.enabled = (false)
    Whether to have PUT and DELETE requests simulated by tunneling, that is using POST requests instead. To enable this type of tunneling, set this property to true. If we set the property x-method-override.enabled to true, then the Config Service considers the x-method-override request header, when a request comes in. Whether or not to send this header is a decision of the HTTP client. By default, this property is set to false, and tunneling is disabled.

    wcm.pages.enabled = (true)
    Whether web content pages are enabled. Default is true.

    wcm.config.seedlist.version = (1.0)
    Version of the search seedlist format being used by the portal. Search seedlist format 1.0 is the only supported search seedlist format, so the default and only supported value is 1.0.

    wcm.config.seedlist.servletpath = (/seedlist)
    The path to the servlet that generates the search seedlist. The default value is /seedlist.

    delete.empty.portlet.locales = (false)
    Whether the portal deletes the localedata element for a portlet after set the locale to an empty value.


Parent Portal service configuration

Related tasks:

Configure globally how social object links are resolved
Authenticating outbound HTTP connections