Configure the Trust Association Interceptor (TAI)
(com.ibm.glm.http.security.tai.HttpDigestTAI)
for Aggregation Proxy so
that it will pass proper credentials to IBM® XDMS.
Before you begin
Before you proceed, make sure that:
- The file AggProxyTai.jar is located in the
following directory: was_root/lib/ext.
Note: was_root is
the installation root directory for
WebSphere® Application Server
Network Deployment.
By default, this directory is:
/usr/IBM/WebSphere/AppServer
/opt/IBM/WebSphere/AppServer
- WebSphere Application Server
Network Deployment security
is properly configured as either standalone or federated IBM Directory Server on a separate standalone
machine.
About this task
Perform the following steps to configure the TAI:
- Log in to the Integrated Solutions Console:
- Open a browser and navigate to the following
URL: https://host_name:port/ibm/console.
Where:
- host_name is the fully qualified host name
of the server where the application or the network deployment manager
is deployed.
- port is the secured port used to access the
console. The default port is 9043.
Note: The default unsecured port is 9060.
If you use 9060, you must have "http" instead of "https" in the URL.
- Enter an administrator user ID and password. (Omit the password if security is
not enabled.)
- Click Log in.
- Click .
- Under Authentication, expand Web and SIP
security and click Trust association.
- Click Enable trust association.
- Under Additional Properties, click Interceptors.
Note: If you are using WebSphere Application Server version 6.1.0.x, reach
this window by clicking .
- Click com.ibm.glm.http.security.tai.HttpDigestTAI.
- Click Custom properties.
- Configure the custom properties:
Parameter: LdapAuthDn
Example Value: cn=root
Explanation: Pulled from configuration for a Stand-alone LDAP. Most implementations
typically use cn=root but any user with root or superadmin access to all users
defined in the LDAP can be used
Parameter: LdapAuthPw
Example Value: LDAPAUTH_PASSWORD
Explanation: LDAP password of the user specified by the LdapAuthDn parameter
Parameter: LdapBaseDn
Example Value: dc=wasusers
Explanation: Root entry for users matching the value specified by the LdapUserFilter
parameter. In this example it is the root entry for which the entries of object type
inetOrgPerson can be found
Parameter: LdapHost
Example Value: LDAP_HOST
Explanation: Host name of LDAP server
Parameter: LdapPort
Example Value: 389
Explanation: The port on which the LDAP server is listening
Parameter: LdapUserFilter
Example Value: (&(uid=%v)(objectclass=inetOrgPerson))
Explanation: Used to search for a specific user identified by the %v. In this case,
it searches for a user with uid=%v and LDAP user entry type inetOrgperson
Parameter: RetryCount
Example Value: 3
Explanation: Number of times a user is challenged for valid credentials before a
401 Unauthorized response is returned. Note that session affinity must be configured
for the retry count to be remembered for a user.
Parameter: auth.int.enable
Example Value: false
Explanation: Specifies the auth-int quality of protection (QOP) for digest
authentication. Digest authentication defines two types of QOP: auth and auth-int.
By default False is set to indicate auth QOP. When this custom property is set to
True, the highest level of protection is used, which is the auth-int QOP.
Parameter: XCAPServerContextRoot
Example Value: services
Explanation: Defines the context root for which the digest authentication TAI will
apply. By default the context root is "services". If you change the context root
of the Aggregation Proxy, modify this property to match the new context root
Parameter: HttpDigestRealm
Example Value: http.digest.realm
Explnation: Specifies the authentication realm. By default the digest realm is
"http.digest.realm"
- Click Apply.
- Click Save to
save changes to the master configuration.