Configure the AJAX proxy to work with a pass-through proxy
If your organization has a pass-through proxy required for Internet access, configure the AJAX proxy to send requests to it. Otherwise, your connections to the Internet will not work. The AJAX proxy supports Basic authentication.
About this task
If the AJAX proxy needs to go through a border firewall before accessing the network, configure the AJAX proxy configuration file to connect to a pass-through proxy before accessing the network.The AJAX proxy configuration file is stored in the LotusConnections-config directory. A common proxy configuration file, proxy-config.tpl, is shared by all the applications.
To configure the AJAX proxy to work with a pass-through proxy...
Procedure
- To access the common AJAX proxy configuration template file:
- From the dmgr host, go to...:
app_server_root>\profiles\<dm_profile_root>\bin
where <app_server_root> is the WAS installation directory and <dm_profile_root> is the dmgr profile directory, typically dmgr01. For example, on Windows:
C:\Program Files\IBM\WebSphere\AppServer\profiles\Dmgr01\binAttention: You must run the following command to start the wsadmin client from this specific directory because the Jython files for the product are stored here. If you try to start the client from a different directory, then the execfile() command that you subsequently call to initialize the administration environment for an IBM Connections component does not work correctly.
- Enter the following command to start the wsadmin client:
- AIX or Linux:
./wsadmin.sh -lang jython -user <admin_user_id> -password <admin_password> -port <SOAP_CONNECTOR_ADDRESS Port>
- Microsoft Windows:
wsadmin -lang jython -user <admin_user_id> -password <admin_password> -port <SOAP_CONNECTOR_ADDRESS Port>
where:
- <admin_user_id> is the user name of a person in the Administrator role on the IBM WAS.
- <admin_password> is the password of the WAS administrator.
- <SOAP_CONNECTOR_ADDRESS Port> is the SOAP port for the WAS. The default value of the SOAP port is 8879. If you are using the default port value, you do not need to specify this parameter. If you are not using the default and you do not know the port number, you can look up its value in the WAS Integrated Solution Console. To look up the SOAP port number, perform the following steps:
- Open the WAS Integrated Solution Console for the deployment manager, and then select System Administration -> dmgr.
- In the Additional properties section expand Ports, and then look for the SOAP_CONNECTOR_ADDRESS port entry to find the port number.
For example:
- AIX or Linux:
./wsadmin.sh -lang jython -username primaryAdmin -password p@assword -port 8879
- Microsoft Windows:
wsadmin -lang jython -username primaryAdmin -password p@assword -port 8879
- Enter the following command to access the IBM Connections configuration files:
execfile("connectionsConfig.py")
- Check out the configuration file using the following command:
LCConfigService.checkOutProxyConfig("<temp_directory>", "<cell_name>")
where <temp_directory> is a temporary directory of your choice, and <cell_name> is the name of the cell where the IBM Connections application that uses the global proxy template file is located.
- From the temporary directory to which you checked out the configuration files, open proxy-config.tpl in a text editor.
- Add a <proxy:meta-data> element containing each of the following parameters:
passthru_host
The address at which the proxy is listening. In most cases, accessing the host and port from a browser causes an authentication request popup to be displayed. Required.
passthru_password
Password that corresponds with the passthru_username value. Required. If you do not provide a user name and password, all other parameters are ignored.
passthru_port
The port at which the proxy is listening. If not specified, then a default value of port 80 is used. Required.
passthru_realm
User credential pairs are associated with realms, not URLs. This allows the same authorization information to be used for multiple URLs or whole URL trees. When a server sends back an unauthorized error, it includes the name of the realm that the requested URL belongs to. The client can then look and see whether it has stored a username and password for the realm, and if so, it supplies that information without having to prompt the user again. If a user name and password are needed for the proxy, you can specify the realm for the proxy so that the credentials do not get sent to any proxy. If you do not specify this parameter, then the credentials are sent for all authentication attempts. In the example below, Subversion User Authentication is specified as the passthru_realm. As a result, all authentication requests from this realm on the SVN server will be provided the given username and password. Optional. Specify the passthru_realm parameter in a production environment to prevent the user name and password information from being presented for all authentication requests.
passthru_username
User name for authenticating with the pass-through proxy. In the example below, any username which has read access to the subversion server will be sufficient when a GET request is sent to get authorization. Required. If you do not provide a user name and password, all other parameters are ignored.
The following example shows the configuration for a fictitious proxy firewall.
<proxy:meta-data><proxy:name>passthru_host</proxy:name> <proxy:value>9.17.237.132</proxy:value> </proxy:meta-data> <proxy:meta-data> <proxy:name>passthru_port</proxy:name> <proxy:value>3128</proxy:value> </proxy:meta-data> <proxy:meta-data> <proxy:name>passthru_realm</proxy:name> <proxy:value>Subversion User Authentication</proxy:value> </proxy:meta-data> <proxy:meta-data> <proxy:name>passthru_username</proxy:name> <proxy:value>adamsmith</proxy:value> </proxy:meta-data> <proxy:meta-data> <proxy:name>passthru_password</proxy:name> <proxy:value>password123</proxy:value> </proxy:meta-data>
- Save and close the file.
- Check in proxy-config.tpl during the same session in which you checked it out:
LCConfigService.checkInProxyConfig("<temp_directory>", "<cell_name>")
where <temp_directory> is the temporary directory to which you checked out the configuration files, and <cell_name> is the name of the cell where the application that uses the common proxy-config.tpl file is located.
- Restart the application server hosting IBM Connections.
Parent topic
Configure the AJAX proxy