Configure SSL only for the login process
Choose one of the following methods to only encrypt the login process to WebSphere Portal and allow subsequent requests via HTTP:
Before you configure SSL for the login process using the Login via Screen, complete the first three Setting up SSL steps.
- Follow these steps if using Login via Screen:
- Enable Login via Screen
- Verify that the property redirect.login.ssl is set to false in the Configuration Service.
- Verify that the Transport Security Constraint is still set to NONE for the wps.ear file.
Edit...
was_profile_root/installedApps/cellname/wps.ear/wps.war/WEB-INF/web.xml...and set...
<security-constraint id="SecurityConstraint_1"> <transport-guarantee>NONE</transport-guarantee> </security-constraint>
- Modify...
../wps_expanded/wps.war/screens/html/Login.jsp...and set...<portal:urlcommand="LoginUser" ssl="true"/>
- If values are changed, redeploy wps.ear.
- Restart the following servers:
- Open a command prompt and change to the following directory:
UNIX:
was_profile_root/bin
Windows:
was_profile_root\bin
i5/OS:
app_server_root/bin
- Enter the following command:
UNIX:
./startServer.sh server1
Windows:
startServer.bat server1
i5/OS:
startServer -profileName profile_root
...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.
...where server1 is the name of the WebSphere Application Server administrative server.
- Enter the following command:
UNIX:
./startServer.sh WebSphere_Portal
Windows:
startServer.bat WebSphere_Portal
i5/OS:
startServer WebSphere_Portal -profileName profile_root
...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.
- Follow these steps if using the Login Portlet:
- The Login portlet uses the UseSecureLoginActionUrl parameter to control the generation of the login action URL. Set this parameter to true to use a secure URL for login.
- Use the Portlets administration portlet to do the following:
- Go to Administration > Portlet Management > Portlets.
- Search for Title start with = "Login".
- Select the Configure portlet icon.
- Edit parameter UseSecureLoginActionUrl and set the parameter to true.
We can test the SSL login using the unprotected following URL: http://portalserver.com/wps/myportal and submitting the credentials. You will notice that the URL does not change to https.
Confirm the login was encrypted by monitoring the packets via a network utility such as Ethereal or by reviewing the source code of the login form when accessed through an unprotected HTTP URL. The login form should have an action URL that is secured, for example <form method="post" action="https://....">. Set the browser to warn you when changing between secure and insecure modes to see the behavior on the client-side.
Parent Topic
Secure Socket Layer overview