Configure the Portal AJAX proxy to support authentication
Configure the Portal AJAX Proxy to manage authentication for the IBM Connections portlets.
About this task
The Connections Portlets now use the Portal AJAX Proxy as the mechanism for forwarding security headers and cookies with each REST service call to authenticate the request with the Connections server. You can configure the AJAX Proxy to forward LTPA token as well as the appropriate headers for an environment behind a TAM or SiteMinder security proxy. The following instructions outline the steps to enable the default setting to forward the LTPA. For more information on configuring the Portal AJAX see the following articles in the IBM WebSphere Portal product documentation:
- WebSphere Portal 7: http://www-10.lotus.com/ldd/portalwiki.nsf/dx/AJAX_proxy_configuration_wp7
- WebSphere Portal 6.1.5: http://publib.boulder.ibm.com/infocenter/wpdoc/v6r1/index.jsp?topic=/com.ibm.wp.ent.doc_v615/dev/ajax_proxy_cfg.html
Procedure
- Open the following file from the directory where the Portal server is installed:
- WebSphere Portal 6.1.5: <Portal_Root>\wp_profile\installedApps\<nodeName>\AJAX Proxy Configuration.ear\wp.proxy.config.war\WEB-INF\proxy-config.xml
- WebSphere Portal 7: <Portal_Root>\wp_profile\config\cells\<nodeName>\applications\AJAX Proxy Configuration.ear\deployments\AJAX Proxy Configuration\wp.proxy.config.war\WEB-INF\proxy-config.xml
- Add a new policy to the proxy-config.xml file by adding the following lines:
<proxy:policy url="<CONNECTIONS_SERVER_BASE_URL>/*" acf="none" basic-auth-support="true"> <proxy:actions> <proxy:method>GET</proxy:method> <proxy:method>HEAD</proxy:method> <proxy:method>POST</proxy:method> <proxy:method>PUT</proxy:method> <proxy:method>DELETE</proxy:method> </proxy:actions> <proxy:cookies> <proxy:cookie>LTPA</proxy:cookie> <proxy:cookie>LTPA2</proxy:cookie> <proxy:cookie>LtpaToken</proxy:cookie> <proxy:cookie>LtpaToken2</proxy:cookie> <proxy:cookie>JSESSIONID</proxy:cookie> </proxy:cookies> <proxy:users> <proxy:user>AllAuthenticatedUsers</proxy:user> </proxy:users> <proxy:meta-data> <proxy:name>forward-http-errors</proxy:name> <proxy:value>true</proxy:value> </proxy:meta-data> <proxy:meta-data> <proxy:name>socket-timeout</proxy:name> <proxy:value><SOCKET_TIMEOUT_VALUE></proxy:value> </proxy:meta-data> <proxy:meta-data> <proxy:name>max-connections-per-host</proxy:name> <proxy:value><MAX_PER_HOST></proxy:value> </proxy:meta-data> <proxy:meta-data> <proxy:name>max-total-connections</proxy:name> <proxy:value><MAX_TOTAL_CONNECTIONS></proxy:value> </proxy:meta-data> </proxy:policy>Where:
CONNECTIONS_SERVER_BASE_URL is the base url for your connections server. For example: https://connections.example.com.
SOCKET_TIMEOUT_VALUE is the maximum wait time for open requests. We recommend setting this to 45000.
MAX_PER_HOST is the maximum number of connections per host. We recommend setting this to 50.
MAX_TOTAL_CONNECTIONS is the maximum number of connections allowed. We recommend setting this to 500.
Note: If you are deploying on a cluster, make these changes on your deployment manager and your application server nodes and ensure you synchronize your application server nodes after you complete the changes.
- WebSphere Portal 7 only: Run the ConfigEngine task to set the new proxy configuration:
<WP_Root>/ConfigEngine> ConfigEngine.bat checkin-wp-proxy-config -DProxyConfigFileName=<PATH_TO_UPDATED_proxy-config.xm.> -DWasUserId=<ADMIN_USERID> -DWasPassword=<ADMIN_PASSWORD>Note: If the path for the DProxyConfigFileName parameter contains spaces, as it does by default, enclose the path in quotes.
- Restart the AJAX Proxy application from the WAS admin console or restart the Portal server.
What to do next
Verify that the global proxy configurations are working in a non-SSO environment:
- Open a new browser window and enter one of the following URLs:
If you have a web server configured for Portal as well as Connections, use:
- http://<WP_Server>/wps/proxy/https/<CONNECTIONS_SERVER_BASE_URL>/profiles/profileservice.do?lang=en
For example http://myportalwebserver/wps/proxy/https/myconnectionswebserver/profiles/profileservice.do?lang=en
If you have a web server configured for Connections but not for Portal, use:
- http://<WP_Server:Port>/wps/proxy/https/<CONNECTIONS_SERVER_BASE_URL>/profiles/profileservice.do?lang=en
For example http://myportalserver:10400/wps/proxy/https/myconnectionswebserver/profiles/profileservice.do?lang=en
If you do not have web servers configured for either Portal or Connections, use:
- http://<WP_Server:Port>/wps/proxy/https/<CONNECTIONS_SERVER_BASE_URL>%3port/profiles/profileservice.do?lang=en
For example http://myportalserver:10400/wps/proxy/https/myconnectionsserver:9444/profiles/profileservice.do?lang=en
- Enter the user name and password of a Connections user.
- If you are prompted to save or open a document, then the proxy has been properly configured.
- If you receive a 403 error in response then the proxy is not properly configured.
- If you receive a 500 or any other response code, this means the proxy was properly configured but something else is not working.
Verify that the global proxy configurations are working in an SSO environment:
- Open a new browser window and enter one of the following test URLs:
If you have a web server configured for Portal as well as Connections, use:
- http://<WP_Server>/wps/proxy/https/<CONNECTIONS_SERVER_BASE_URL>/profiles/profileservice.do?lang=en
For example http://myportalwebserver/wps/proxy/https/myconnectionswebserver/profiles/profileservice.do?lang=en
If you have a web server configured for Connections but not for Portal, use:
- http://<WP_Server:Port>/wps/proxy/https/<CONNECTIONS_SERVER_BASE_URL>/profiles/profileservice.do?lang=en
For example http://myportalserver:10400/wps/proxy/https/myconnectionswebserver/profiles/profileservice.do?lang=en
If you do not have web servers configured for either Portal or Connections, use:
- http://<WP_Server:Port>/wps/proxy/https/<CONNECTIONS_SERVER_BASE_URL>%3port/profiles/profileservice.do?lang=en
For example http://myportalserver:10400/wps/proxy/https/myconnectionsserver:9444/profiles/profileservice.do?lang=en
- Enter the user name and password of a Connections user.
- If you are prompted to save or open a document, then the proxy has been properly configured.
- If you are prompted to enter a user name and password, then the proxy has been properly configured but SSO is not enabled.
- If you receive a 403 error in response then the proxy is not properly configured.
- If you receive a 500 or any other response code, this means the proxy was properly configured but something else is not working.
Parent topic
IBM Connections Portlets for WebSphere Portal