Configuring client certificate authentication for ClearQuest Web

Update the Rational ClearQuest® Web deployment descriptor to configure client certificate authentication.

Before you begin

See Technote 1616504 to learn about additional smart card configuration changes for the web.xml deployment descriptor file.

About this task

The following variables are used in path names in this topic:
WAS-home
Directory where WebSphere Application Server is installed
cqweb_profile
Name of the Rational ClearQuest Web profile

Procedure

  1. Copy the ClearQuest Web deployment descriptor file, web.xml, to a working directory and rename the file. The web.xml file is located in the following directory:
    On Windows:
    WAS-home\profiles\cqweb_profile\installedApps\dfltCell\TeamEAR.ear\cqweb.war\WEB-INF\web.xml
    On the UNIX system and Linux:
    WAS-home/profiles/cqweb_profile/installedApps/dfltCell/TeamEAR.ear/cqweb.war/WEB-INF/web.xml
    Important: If ClearQuest is installed on the Solaris platform, the default WebSphere Application Server cell directory is <srv>Node01Cell . Use this value in place of dfltCell, which is the default directory on Windows, the UNIX system, and Linux platforms.

    For illustrative purposes, the steps in this topic assume that you have renamed the web.xml file that you copied to a working directory to web-client-cert.xml.

  2. Edit the web-client-cert.xml file by removing the comment characters <!-- and --> that precede and follow the security elements sections <security-constraint>, <login-config>, and <security-role>:
    <security-constraint>
    	<web-resource-collection>
    		<web-resource-name>secure</web-resource-name>
    			<url-pattern>/*</url-pattern>
    		</web-resource-collection>
    
    		<auth-constraint>
    				<role-name>ClearQuestUsers</role-name>
    		</auth-constraint>
    
    		<user-data-constraint>
    				<transport-guarantee>CONFIDENTIAL</transport-guarantee>
    		</user-data-constraint>
    </security-constraint>
    
    <login-conf>
    	<auth-method>CLIENT-CERT</auth-method>
    </login-conf>
    
    <security-role>
    	<role-name>ClearQuestUsers</role-name>
    </security-role>
  3. Use the WebSphere® Application Server wsadmin utility to apply the deployment descriptor changes:
    1. Change to the working directory where the web-client-cert.xml file resides.
    2. Start the wsadmin utility in a command prompt window:
      On Windows:
      "WAS-home\profiles\cqweb_profile\bin\wsadmin"
      On the UNIX system and Linux:
      WAS-home/profiles/cqweb_profile/bin/wsadmin
    3. Run the following commands:

      wsadmin> $AdminApp update TeamEAR file {-operation update -contents web-client-cert.xml -contenturi cqweb.war/WEB-INF/web.xml}

      wsadmin> $AdminConfig save

      wsadmin> exit


Feedback