Home

 

Supporting Lotus Quickr authenticated feeds

Overview

By default, the IBM Lotus Connections proxy is configured to allow cookies, headers or mime.types, and all HTTP actions to be exchanged among the Lotus Connections features. From non-Lotus Connections services it only allows HTTP GET requests and it prevents all cookies or headers from being directed to the features. To make changes to the traffic that is allowed from other services, for example, to enable trusted feeds from the IBM Lotus Quickr server for Communities, explicitly configure it.

Feeds for private communities in Lotus Quickr Domino and all feeds in Lotus Quickr Portal require authentication. By default, Lotus Connections won't pass cookies and authorization-related headers to and from external servers for feeds. When Lotus Connections is installed, the default policy in the proxy-config.tpl file looks as follows:

<proxy:policy url="*" acf="none">
   <proxy:actions>
      <proxy:method>GET</proxy:method>
   <proxy:headers/>
   <proxy:cookies/>
</proxy:policy>

This policy specifies that feeds can only exchange GET methods with non-Lotus Connections hosts. The empty <proxy:cookies/> and <proxy:headers/> elements mean that cookies and headers are not allowed. When you want to allow a host to exchange cookies or headers, or to perform PUT, POST, or DELETE methods, you need to add a new policy that supports this. You can configure support for Lotus Quickr authenticated feeds by creating a feature-specific version of the template file that contains the proxy policy for that feature.

Create a policy that supports Lotus Quickr authenticated feeds

1. Use the wsadmin client to access the Lotus Connections configuration files:

   • Stand-alone deployment:
     execfile("communitiesAdmin.py")

   • Network deployment:
     execfile("WAS_HOME/profiles/Dmgr01/config/bin_lc_admin/communitiesAdmin.py")

2. Check out the proxy configuration file...

   • If the proxy-communities-config.tpl file does not already exist and you want to check out and customize proxy-config.tpl:
     LCConfigService.checkOutProxyConfig("<working-directory>", "<cell-name>")

   • If the proxy-communities-config.tpl file already exists:
     CommunitiesConfigService.checkOutProxyConfig("<working-directory>", "<cell-name>")

   ...where...

   • <working-directory> is the temporary working directory to which the configuration TPL and XSD files are copied. The files are kept in this working while you make changes to them.

   • <cell-name> is the name of the WebSphere Application Server cell hosting the Lotus Connections feature. This argument is required even in stand-alone deployments. This argument is also case-sensitive, so type it with care.

3. Copy the proxy-config.tpl file and rename it as proxy-communities-config.tpl.

   If the proxy-communities-config.tpl file already exists, skip to the next step.

4. Open the proxy-communities-config.tpl file in a text editor.

5. Add the following <proxy:policy> entry before the default policy, replacing <quickrserver.yourcompany.com> with the host name of your Lotus Quickr server and replacing <port_number> with the port number for your server. Be sure to insert the custom policy earlier in the code than the default policy.

   <proxy:policy url="http://<quickrserver.yourcompany.com>:<port_number>/*" acf="none">
     <proxy:actions>
      <proxy:method>GET</proxy:method>
     </proxy:actions>
     <proxy:headers>
      <proxy:header>User-Agent</proxy:header>
      <proxy:header>Accept*</proxy:header>
      <proxy:header>Content*</proxy:header>
      <proxy:header>Authorization*</proxy:header>
     </proxy:headers>
     <proxy:cookies>
      <proxy:cookie>JSESSIONID</proxy:cookie>
      <proxy:cookie>LtpaToken</proxy:cookie>
      <proxy:cookie>LtpaToken2</proxy:cookie>
     </proxy:cookies>
   </proxy:policy>
   

   You should also include an HTTPS policy to allow for users who choose to use or are forced to use an SSL connection.

   For example:

   <proxy:policy url="https://<quickrserver.yourcompany.com>:<port_number>/*" acf="none">
     <proxy:actions>
      <proxy:method>GET</proxy:method>
     </proxy:actions>
     <proxy:headers>
      <proxy:header>User-Agent</proxy:header>
      <proxy:header>Accept*</proxy:header>
      <proxy:header>Content*</proxy:header>
      <proxy:header>Authorization*</proxy:header>
     </proxy:headers>
     <proxy:cookies>
      <proxy:cookie>JSESSIONID</proxy:cookie>
      <proxy:cookie>LtpaToken</proxy:cookie>
      <proxy:cookie>LtpaToken2</proxy:cookie>
     </proxy:cookies>
   </proxy:policy>
   

   Depending on your configuration, the <proxy:policy> section might require more or less detail. The following table lists some common cookies and headers that might be required under different configurations.

   Cookie/Header	Description
   SMSESSION	SiteMinder session cookie that passes SiteMinder credentials to Lotus Quickr.
   PD-H-SESSION-ID	Non-secure Tivoli Access Manager session cookie that passes Tivoli Access Manager credentials to Lotus Quickr.
   PD-S-SESSION-ID	Secure Tivoli Access Manager session cookie that passes the secure version of the Tivoli Access Manager cookie to Lotus Quickr.
   WWW-AUTHENTICATE	SSL header that passes SSL authentication when connecting to a secure Lotus Quickr deployment.

6. After making your changes, save and close the proxy-communities-config.tpl file.

7. To check in the proxy-communities-config.tpl file...
   CommunitiesConfigService.checkInProxyConfig("<working-directory>", "<cell-name>")

8. To exit the wsadmin client, type

   exit

   at the prompt.

9. Stop and restart the Communities server.

IBM Lotus Connections Connector for Lotus Quickr

 

Related tasks

Configure the AJAX proxy

Start the wsadmin client

Apply property changes

Using the Lotus Quickr connector installation wizard

---

+

Search Tips   |   Advanced Search