Configure SSL only for the login process

You can encrypt only the login process to WebSphere Portal and then allow subsequent requests via HTTP.

Configure SSL only for the login process:

These steps only configure SSL for the login; if you want to configure SSL for other features such as themes and skins, you need to perform the steps in "Setting up SSL".

  1. Verify that the following parameters exist and are correctly set for installation in the WP ConfigService application:

    1. Log on to the IBM WAS administrative console in a standalone environment or on the Deployment Manager administrative console in a clustered environment.

    2. Navigate to Resources -> Resource Environment -> Resource Environment Providers.

    3. Click WP ConfigService.

    4. Click Custom Properties under the Additional Properties heading.

    5. Locate the redirect.login.ssl property and perform one of the following options:

        The redirect.login.ssl parameter determines the protocol used when you click the login button. If this parameter is set to true, https is used. If this parameter is set to false, http is used. This setting is not affected by the protocol used to access the main page.

        • If the property exists, click the property to modify it and change the value to true.

        • If the property does not exist, click New to create the property and enter the following information:

          • Name: redirect.login.ssl

          • Value: true

          • Type: java.lang.String

    6. Locate the host.port.https property and perform one of the following options:

      • If the property exists, click the property to modify it and change the value to alias_port_for_HTTPS.

      • If the property does not exist, click New to create the property and enter the following information:

        • Name: host.port.https

        • Value: 443

        • Type: java.lang.String

    7. Locate the host.port.http property and perform one of the following options:

        Set the host.port.http if you are using a port other than the default 80.

        • If the property exists, click the property to modify it and change the value to alias_port_for_HTTP.

        • If the property does not exist, click New to create the property and enter the following information:

          • Name: host.port.http

          • Value: 80

          • Type: java.lang.String

    8. Click Save to save the changes to the master configuration.

    9. Log out of the administrative console.

  2. To only encrypt the login process to WebSphere Portal and allow subsequent requests via HTTP:

      The Login portlet uses the UseSecureLoginActionUrl parameter to control the generation of the login action URL. Set this parameter to true to use a secure URL for login.

      1. Navigate to Administration -> Portlet Management -> Portlets.

      2. Search for Title start with = "Login".

      3. Select the Configure portlet icon.

      4. Edit the UseSecureLoginActionUrl parameter and set the parameter to true.

You can test the SSL login using the following unprotected URL: http://portalserver.com/wps/myportal and submitting credentials. You will notice that the URL does not change to https. Confirm the login was encrypted by monitoring the packets via a network utility such as Ethereal or by reviewing the source code of the login form when accessed through an unprotected HTTP URL. The login form should have an action URL that is secured, for example <form method="post" action="https://....">. Set browser to warn you when changing between secure and insecure modes to see the behavior on the client-side.


Parent

Configure SSL


Previous

Set up SSL


Next topic

Set up Client Certificate Authentication

 


+

Search Tips   |   Advanced Search