Securing your help server

You can make your help server accessible only when logged on to the help server or enable remote access to the help server. When you enable remote access, you can create passwords for users to secure your help server.

Creating users for the help server

Before you begin

The first time you access the Help Administration page, you must access it locally from the server that the help is running on. If you are not able to log on to the server locally, you can change the settings to remote by editing the config.ini file for the application server.
To change the help server settings to remote by editing the config.ini file:
  1. Stop the application server.
  2. Open the <application_server_installation>/<web_application_directory>/help/WEB-INF/configuration/config.ini file.
  3. Add the following lines to the config.ini:
    help.type.default=remote
    help.war.security=remote
  4. Clear the cache on the web server.
  5. Restart the application server.

Procedure

  1. In a browser, open the Help Administration page by typing a URL that is in this format: http://server:port/help-name/updater/admin.jsp
    Important: If you are completing this task for the first time, you must log into the help server and access the local server Help Administration page in a browser. Example: http://127.0.0.1:8080/help-name/updater/admin.jsp

    If you have already been added as a user with role based security, you can access the Help Administration page through a browser remotely without logging into the help server. Example: http://server.ibm.com:8080/help-name/updater/admin.jsp

  2. Click the Administrative Access Management tab. The default user is warupdateadmin and uses the password warupdateadmin.
  3. Select an authentication type:
    • Local access only: All users must be logged on to the help server can update the help content.
    • Role based security: All users can log in to the Help Administration page remotely.
  4. Optional: To add a new user, click Add.
    1. Enter a confirm a password for that user. You cannot customize the user name.
    2. Click OK.
  5. To give a user the ability to create other users for help server administration, select the User Administration option. If the User Administration option is not selected, the user can update the help content, but cannot create help server users. The changes you make are automatically saved.

Setting security type preferences

You can set Eclipse and help system security type preferences in your Eclipse workspace

Before you begin

The security preferences might already be configured for your product. Check your product_customization.ini to see whether the values were configured for you.

About this task

Table 1. Eclipse and help system security preferences
Preference Description
com.ibm.ut.help.common.sslcontexts Help server security preference
Example values:
  • SSL
  • SSLv2
  • SSLv3
  • TLS
  • TLSv1
  • TLSv1.1
org.eclipse.help.base.sslcontexts Eclipse security preference
Example values:
  • SSL
  • SSLv2
  • SSLv3
  • TLS
  • TLSv1
  • TLSv1.1

Procedure

To set the security preferences in the user workspace:

  1. Open the following files with a text editor:
    • <application_server_workspace>\.metadata\.plugins\org.eclipse.core.runtime\.settings\org.eclipse.help.base.prefs
    • <application_server_workspace>\.metadata\.plugins\org.eclipse.core.runtime\.settings\com.ibm.ut.help.common.prefs

    Apache Tomcat example: <tomcat_installation_directory>\work\Catalina\server\help\eclipse\workspace\.metadata\.plugins\org.eclipse.core.runtime\.settings\com.ibm.ut.help.common.prefs

  2. Specify both preferences in each .prefs file. You can list more than one SSL type by separating them with commas. When more than one type is specified, each one is tested until the correct type is found. Specify the same values for both preferences.
    Example:
    com.ibm.ut.help.common.sslcontexts=TLS,TLSv1
    org.eclipse.help.base.sslcontexts=TLS,TLSv1
  3. Save the changes to both .prefs files.

Feedback