WebSphere brand IBM WebSphere Presence Server, Version 7.0

Installing the Trust Association Interceptor security component

The Trust Association Interceptor (TAI) is installed from the WebSphere® IMS™ Connector CD onto the server where WebSphere Application Server is installed. After installation, it exists in the IMS trusted domain to intercept HTTP and SIP traffic.

Before you begin
Before installing the TAI, do the following:
  • Unpack DHAImsConnectorInstallPackage_6.2.0.tar on the server where WebSphere Application Server is installed. (For details, refer to the topic Preparing the installation files.)
  • Verify that DHAIMSConnectorTai.jar, which contains TAI code for both HTTP (HttpInterceptor) and SIP (SipInterceptor), is installed in the directory was_root/lib/ext.
Note: was_root is the installation root directory for WebSphere Application Server Network Deployment. By default, this directory is:
  • AIX /usr/IBM/WebSphere/AppServer
  • Linux /opt/IBM/WebSphere/AppServer
About this task
Perform the following steps to install the interceptor:
  1. Log in to the Integrated Solutions Console:
    1. Open a browser and navigate to the following URL: https://host_name:port/ibm/console.
      Where:
      • host_name is the fully qualified host name of the server where the application or the network deployment manager is deployed.
      • port is the secured port used to access the console. The default port is 9043.
      Note: The default unsecured port is 9060. If you use 9060, you must have "http" instead of "https" in the URL.
    2. Enter an administrator user ID and password.
    3. Click Log in.
  2. Click Security > Global security to display the Global security window, and enable both administrative security and application security.
    Note: If you are using WebSphere Application Server version 6.1.0.x, reach this window by clicking Security > Secure administration, applications, and infrastructure.
    Note: Enable single sign-on, and make sure that Java™ 2 security is disabled.

    For detailed instructions about enabling security, refer to the topic Securing applications and their environment in the WebSphere Application Server Information Center.

  3. Configure general security settings:
    1. In the Global security window, under Authentication, click Web and SIP security > General settings.
      Note: If you are using WebSphere Application Server version 6.1.0.x, reach this window by clicking Web security > General settings.
    2. Select Authenticate only when the URI is protected and Use available authentication data when an unprotected URI is accessed.
    3. Click OK, then click Save to save changes to the master configuration.
  4. Configure the interceptor:
    1. In the Global security window, under Authentication, click Web and SIP security > Trust association.
      Note: If you are using WebSphere Application Server version 6.1.0.x, reach this window by clicking Web security > Trust association.
    2. Click Enable trust association.
    3. Under Additional Properties, click Interceptors.
    4. Delete the default interceptors by selecting their check boxes and clicking Delete. If you need any of the default interceptors, you can add them back after you have added the WebSphere TAI. This ensures that the WebSphere TAI will be invoked first.
    5. Click New and type the class name com.ibm.imsconnector.tai.HttpInterceptor
    6. Click Apply.
    7. Click OK, then click Save to save changes to the master configuration.
  5. Configure custom properties for the HTTP interceptor:
    1. In the Global security window, click Custom properties.
    2. Click New to add a new custom property.
    3. Define the allowedSenderList property:
      • Name: allowedSenderList
      • Value: A comma-delimited list of one or more hosts that the interceptor considers trusted. You can specify host names or IP addresses, and you can use the wildcard character *. For example: localhost, *@us.example.com, 192.0.2.21
      • Description (optional): TAI trusted hosts
    4. Click Apply.
    5. Return to the Custom properties window.
    6. Add additional custom properties as needed. For a list of custom properties and their descriptions, refer to the HTTP properties table in the topic Configuring the Trust Association Interceptor.
    7. Click OK, then click Save to save changes to the master configuration.
  6. Configure a new SIP interceptor:
    1. In the Global security window, under Authentication, click Web and SIP security > Trust association.
      Note: If you are using WebSphere Application Server version 6.1.0.x, reach this window by clicking Web security > Trust association.
    2. Under Additional Properties, click Interceptors.
    3. Click New and type the class name com.ibm.imsconnector.tai.SipInterceptor
    4. Click OK, then click Save to save changes to the master configuration.
  7. Configure custom properties for the SIP interceptor:
    1. In the Global security window, click Custom properties.
    2. Click New to add a new custom property.
    3. Define the allowedSenderList property:
      • Name: allowedSenderList
      • Value: A comma-delimited list of one or more hosts that the interceptor considers trusted. You can specify host names or IP addresses, and you can use the wildcard character *. For example: localhost, *@us.example.com, 192.0.2.21
      • Description (optional): TAI trusted hosts
    4. Click Apply.
    5. Return to the Custom properties window.
    6. Add additional custom properties as needed. For a list of custom properties and their descriptions, refer to the SIP properties table in the topic Configuring the Trust Association Interceptor.
    7. Click OK, then click Save to save changes to the master configuration.
  8. Optional: If you require any of the default interceptors that you deleted in step 4, add them.
  9. Restart the server.



Terms of use
(C) Copyright IBM Corporation 2009. All Rights Reserved.