WebSphere brand IBM WebSphere XML Document Management Server, Version 7.0

Configuring the Aggregation Proxy TAI

Configure the Trust Association Interceptor (TAI) (com.ibm.glm.http.security.tai.HttpDigestTAI) for Aggregation Proxy so that it will pass proper credentials to IBM® XDMS.

Before you begin
Before you proceed, make sure that:
About this task
Perform the following steps to configure the TAI:
  1. Log in to the Integrated Solutions Console:
    1. Open a browser and navigate to the following URL: https://host_name:port/ibm/console.
      Where:
      • host_name is the fully qualified host name of the server where the application or the network deployment manager is deployed.
      • port is the secured port used to access the console. The default port is 9043.
      Note: The default unsecured port is 9060. If you use 9060, you must have "http" instead of "https" in the URL.
    2. Enter an administrator user ID and password. (Omit the password if security is not enabled.)
    3. Click Log in.
  2. Click Security > Global security.
    1. Under Authentication, expand Web and SIP security and click Trust association.
    2. Click Enable trust association.
    3. Under Additional Properties, click Interceptors.
    Note: If you are using WebSphere Application Server version 6.1.0.x, reach this window by clicking Security > Secure administration, applications, and infrastructure > Web Security > Trust Association > Interceptors.
  3. Click com.ibm.glm.http.security.tai.HttpDigestTAI.
  4. Click Custom properties.
  5. Configure the custom properties:
    Parameter: LdapAuthDn
    Example Value: cn=root
    Explanation: Pulled from configuration for a Stand-alone LDAP. Most implementations
    typically use cn=root but any user with root or superadmin access to all users
    defined in the LDAP can be used
    
    Parameter: LdapAuthPw
    Example Value: LDAPAUTH_PASSWORD 
    Explanation: LDAP password of the user specified by the LdapAuthDn parameter  
    
    Parameter: LdapBaseDn
    Example Value: dc=wasusers
    Explanation: Root entry for users matching the value specified by the LdapUserFilter
    parameter. In this example it is the root entry for which the entries of object type
    inetOrgPerson can be found
    
    Parameter: LdapHost
    Example Value: LDAP_HOST  
    Explanation: Host name of LDAP server
    
    Parameter: LdapPort
    Example Value: 389
    Explanation: The port on which the LDAP server is listening
    
    Parameter: LdapUserFilter
    Example Value: (&(uid=%v)(objectclass=inetOrgPerson))
    Explanation: Used to search for a specific user identified by the %v. In this case,
    it searches for a user with uid=%v and LDAP user entry type inetOrgperson
    
    Parameter: RetryCount
    Example Value: 3
    Explanation: Number of times a user is challenged for valid credentials before a
    401 Unauthorized response is returned. Note that session affinity must be configured
    for the retry count to be remembered for a user.
    
    Parameter: auth.int.enable
    Example Value: false
    Explanation: Specifies the auth-int quality of protection (QOP) for digest
    authentication. Digest authentication defines two types of QOP: auth and auth-int.
    By default False is set to indicate auth QOP. When this custom property is set to
    True, the highest level of protection is used, which is the auth-int QOP.
    
    Parameter: XCAPServerContextRoot
    Example Value: services
    Explanation: Defines the context root for which the digest authentication TAI will
    apply.  By default the context root is "services".  If you change the context root
    of the Aggregation Proxy, modify this property to match the new context root
    
    Parameter: HttpDigestRealm
    Example Value: http.digest.realm
    Explnation: Specifies the authentication realm. By default the digest realm is
    "http.digest.realm"
  6. Click Apply.
  7. Click Save to save changes to the master configuration.



Terms of use
(C) Copyright IBM Corporation 2009. All Rights Reserved.