Configuring client certificate authentication for ClearQuest Web

Update the ClearQuest® Web deployment descriptor to configure client certificate authentication.

Procedure

  1. Copy the ClearQuest Web deployment descriptor file, web.xml, to a working directory and rename the file. The web.xml file is located in the following directory:
    On Windows®:
    %RATIONAL_COMMON%\CM\profiles\cmprofile\installedApps\dfltCell\TeamEAR.ear\cqweb.war\WEB-INF\web.xml
    On the UNIX® system and Linux®:
    $RATIONAL_COMMON/CM/profiles/cmprofile/installedApps/dfltCell/TeamEAR.ear/cqweb.war/WEB-INF/web.xml

    For illustrative purposes, the steps in this topic assume that you have renamed the web.xml file that you copied to a working directory to web-client-cert.xml.

  2. Edit the web-client-cert.xml file by removing the comment characters <!-- and --> that precede and follow the security elements sections <security-constraint>, <login-config>, and <security-role>:
    <security-constraint>
    	<web-resource-collection>
    		<web-resource-name>secure</web-resource-name>
    			<url-pattern>/*</url-pattern>
    		</web-resource-collection>
    
    		<auth-constraint>
    				<role-name>ClearQuestUsers</role-name>
    		</auth-constraint>
    
    		<user-data-constraint>
    				<transport-guarantee>CONFIDENTIAL</transport-guarantee>
    		</user-data-constraint>
    </security-constraint>
    
    <login-conf>
    	<auth-method>CLIENT-CERT</auth-method>
    </login-conf>
    
    <security-role>
    	<role-name>ClearQuestUsers</role-name>
    </security-role>
  3. Use the WebSphere® Application Server wsadmin utility to apply the deployment descriptor changes:
    1. Change to the working directory where the web-client-cert.xml file resides.
    2. Start the wsadmin utility in a command prompt window:
      On Windows:
      "%RATIONAL_COMMON%\cm\profiles\cmprofile\bin\wsadmin"
      On the UNIX system and Linux:
      $RATIONAL_COMMON/cm/profiles/cmprofile/bin/wsadmin
    3. Run the following commands:

      wsadmin> $AdminApp update TeamEAR file {-operation update -contents web-client-cert.xml -contenturi cqweb.war/WEB-INF/web.xml}

      wsadmin> $AdminConfig save

      wsadmin> exit


Feedback