Security considerations for IBM Rational Connector for SAP Solution Manager

You can take actions to ensure that your installation is secure, customize your security settings, and set up user access controls. You can also ensure that you know about any security limitations that you might encounter with this application.

Enabling security during the installation process

The Rational® Connector application runs on an application server and security is enabled on that server. Security is turned on by default for Apache Tomcat but you must configure the SSL authentication. For more information about configuring the SSL authentication, see Configuring the SSL certificates. You use the WebSphere® Application Server administrative console to enable security for WebSphere Application Server. For more information about enabling security for WebSphere Application Server, see Extracting and importing SSL certificates.

The Rational Connector application uses LDAP. You can edit the server.xml file to configure LDAP for Apache Tomcat. You use the WebSphere Application Server administrative console to configure LDAP authentication. For more information about configuring LDAP, see Enabling LDAP on WebSphere Application Server.

The Rational Connector application uses a database. For evaluation purposes, Derby, which is only accessible on the server system, is supported but not otherwise secured. Database administrators enable security for their production databases.

Enabling secure communication between multiple applications

You can secure communication between the Rational Connector and CLM applications. You use SSL and SAML authentication between the Rational Connector and SAP Solution Manager. For more information about configuring the SSL authentication on Apache Tomcat, seeConfiguring the SSL certificates. For more information about enabling security for WebSphere Application Server, see Extracting and importing SSL certificates. For more information about SAML authentication, see Setting up the SAML authentication.

You can manage users access between CLM and SAP Solution Manager by assigning application roles. For more information about the roles that are required for SAP Solution Manager integration, see Setting up the Rational Connector to work with the SAP Solution Manager. For more information about functional identities and how the Rational Connector uses those identities to access CLM servers, see Creating a Rational Connector Configuration.

Ports, protocols, and services

You use the Rational Connector administration page to configure the connector to work with a CLM server, see Creating a Rational Connector Configuration and to set up connector projects to work with CLM projects and an SAP Solution Manager project, see Creating a Rational Connector Project.

Ports are configured by administrators of the connector. The HTTP and HTTPS protocols are used but HTTPS is recommended.

Customizing your security settings

During installation of the connector, you can change the default user ID and password for the Apache Tomcat server, see Installing from IBM Installation Manager. You can also edit the tomcat_user.xml file to change the default user ID and password, see Granting access to the administrative console.

You can find information about user login attempts in the access logs for Apache Tomcat or WebSphere Application Server.

Setting up user roles and access

You can add and delete users and set their access levels by editing the tomcat-users.xml file or by using the administrative console from WebSphere Application Server.

You can create groups of users and assign them privileges by using the administrative console from WebSphere Application Server, see Granting access to the administrative console.

Password rules are set by using LDAP on WebSphere Application Server. For more information about LDAP, see Enabling LDAP on WebSphere Application Server.

Privacy policy considerations

This software offering does not use cookies or other technologies to collect personally identifiable information. For more information about cookies, see Notices for IBM Rational Connector for SAP Solution Manager.


Feedback