Configure the Portal AJAX proxy to support authentication 

Configure the Portal AJAX Proxy to manage authentication for the IBM Connections portlets.


About this task

The Connections Portlets now use the Portal AJAX Proxy as the mechanism for forwarding security headers and cookies with each REST service call to authenticate the request with the Connections server. You can configure the AJAX Proxy to forward LTPA token as well as the appropriate headers for an environment behind a TAM or SiteMinder security proxy. The following instructions outline the steps to enable the default setting to forward the LTPA. For more information on configuring the Portal AJAX see the following articles in the IBM WebSphere Portal product documentation:


Procedure

  1. Open the following file from the directory where the Portal server is installed:

    • WebSphere Portal 6.1.5: <Portal_Root>\wp_profile\installedApps\<nodeName>\AJAX Proxy Configuration.ear\wp.proxy.config.war\WEB-INF\proxy-config.xml

    • WebSphere Portal 7: <Portal_Root>\wp_profile\config\cells\<nodeName>\applications\AJAX Proxy Configuration.ear\deployments\AJAX Proxy Configuration\wp.proxy.config.war\WEB-INF\proxy-config.xml

  2. Add a new policy to the proxy-config.xml file by adding the following lines:

      <proxy:policy url="<CONNECTIONS_SERVER_BASE_URL>/*" acf="none" basic-auth-support="true">
         <proxy:actions>
            <proxy:method>GET</proxy:method>
            <proxy:method>HEAD</proxy:method>
            <proxy:method>POST</proxy:method>
            <proxy:method>PUT</proxy:method>
            <proxy:method>DELETE</proxy:method>
         </proxy:actions>
         <proxy:cookies>
            <proxy:cookie>LTPA</proxy:cookie>
            <proxy:cookie>LTPA2</proxy:cookie>
            <proxy:cookie>LtpaToken</proxy:cookie>
            <proxy:cookie>LtpaToken2</proxy:cookie>
            <proxy:cookie>JSESSIONID</proxy:cookie>
         </proxy:cookies>
         <proxy:users>
            <proxy:user>AllAuthenticatedUsers</proxy:user>
         </proxy:users>
         <proxy:meta-data>
            <proxy:name>forward-http-errors</proxy:name>
            <proxy:value>true</proxy:value>
         </proxy:meta-data>
         <proxy:meta-data>
            <proxy:name>socket-timeout</proxy:name>
            <proxy:value><SOCKET_TIMEOUT_VALUE></proxy:value>
         </proxy:meta-data>
         <proxy:meta-data>
            <proxy:name>max-connections-per-host</proxy:name>
            <proxy:value><MAX_PER_HOST></proxy:value>
         </proxy:meta-data>
         <proxy:meta-data>
            <proxy:name>max-total-connections</proxy:name>
            <proxy:value><MAX_TOTAL_CONNECTIONS></proxy:value>
         </proxy:meta-data>
      </proxy:policy>

      Where:

        CONNECTIONS_SERVER_BASE_URL is the base url for your connections server. For example: https://connections.example.com.
        SOCKET_TIMEOUT_VALUE is the maximum wait time for open requests. We recommend setting this to 45000.
        MAX_PER_HOST is the maximum number of connections per host. We recommend setting this to 50.
        MAX_TOTAL_CONNECTIONS is the maximum number of connections allowed. We recommend setting this to 500.

      Note: If you are deploying on a cluster, make these changes on your deployment manager and your application server nodes and ensure you synchronize your application server nodes after you complete the changes.

  3. WebSphere Portal 7 only: Run the ConfigEngine task to set the new proxy configuration:

      <WP_Root>/ConfigEngine> ConfigEngine.bat checkin-wp-proxy-config -DProxyConfigFileName=<PATH_TO_UPDATED_proxy-config.xm.> -DWasUserId=<ADMIN_USERID> -DWasPassword=<ADMIN_PASSWORD>

      Note: If the path for the DProxyConfigFileName parameter contains spaces, as it does by default, enclose the path in quotes.

  4. Restart the AJAX Proxy application from the WAS admin console or restart the Portal server.


What to do next

Verify that the global proxy configurations are working in a non-SSO environment:

Verify that the global proxy configurations are working in an SSO environment:


Parent topic

IBM Connections Portlets for WebSphere Portal

+

Search Tips   |   Advanced Search