Support Lotus Quickr authenticated feeds 

By default, the IBM Connections proxy is configured to allow cookies, headers or mime types, and all HTTP actions to be exchanged among the IBM Connections applications. It also prevents HTTP GET requests from non-IBM Connections services and prevents all cookies or headers from being directed to the applications.

Before starting

To edit configuration files, use the IBM WAS wsadmin client. See Starting the wsadmin client for details.

About this task

If you want to make changes to the traffic that is allowed from other services, for example, to enable trusted feeds from the IBM Lotus Quickr server for Communities, explicitly configure it. Feeds for private communities in Lotus Quickr Domino and all feeds in Lotus Quickr Portal require authentication. By default, IBM Connections won't pass cookies and authorization-related headers to and from external servers for feeds.

The following policy allows GET requests to be passed to any web address. If you want to allow your users to have access to all web sites, remove the comments from around this policy. For example, users who add a feed to a community will see a 403 error where the feed results should be displayed unless you perform this step. Be sure that the policy is listed as the last policy in the configuration file.

<!--proxy:policy url="*" acf="none">
   <proxy:actions>
      <proxy:method>GET</proxy:method>
   <proxy:headers/>
   <proxy:cookies/>
</proxy:policy-->

When uncommented, this policy specifies that feeds can exchange GET methods with non-IBM Connections hosts. The empty <proxy:cookies/> and <proxy:headers/> elements mean that cookies and headers are not allowed. If you want to allow a host to exchange cookies or headers, or to perform PUT, POST, or DELETE methods, add a new policy that supports this.

To create a policy that provides support for Lotus Quickr authenticated feeds...

Procedure

1. From the dmgr host:
   cd $DMGR_PROFILE/bin
   ./wsadmin.sh -jython
   execfile("<$WAS_HOME>/profiles/<DMGR>/bin/connectionsConfig.py")
   execfile("<$WAS_HOME>/profiles/<DMGR>/bin/communitiesAdmin.py")

2. Check out the proxy configuration file using the following command:
   

   LCConfigService.checkOutProxyConfig("<working-directory>", "<cell-name>")

   where:
   

   • <working-directory> is the temporary working directory to which the configuration TPL and XSD files are copied. The files are kept in this working directory while you make changes to them.
     AIX and Linux only: The directory must grant write permissions or the command will not run successfully.
     

   • <cell-name> is the name of the WAS cell hosting the IBM Connections application. This argument is required. It is also case-sensitive, so type it with care.

3. Open proxy-config.tpl in a text editor.

4. Add the following <proxy:policy> entry before the default policy, replacing <quickrserver.yourcompany.com> with the host name of your Lotus Quickr server and replacing <port_number> with the port number for your server. Be sure to insert the custom policy earlier in the code than the default policy, if one exists.
   

   <proxy:policy url="http://<quickrserver.yourcompany.com>:<port_number>/*" acf="none">
     <proxy:actions>
      <proxy:method>GET</proxy:method>
     </proxy:actions>
     <proxy:headers>
      <proxy:header>User-Agent</proxy:header>
      <proxy:header>Accept*</proxy:header>
      <proxy:header>Content*</proxy:header>
      <proxy:header>Authorization*</proxy:header>
     </proxy:headers>
     <proxy:cookies>
      <proxy:cookie>JSESSIONID</proxy:cookie>
      <proxy:cookie>LtpaToken</proxy:cookie>
      <proxy:cookie>LtpaToken2</proxy:cookie>
     </proxy:cookies>
   </proxy:policy>

   You should also include an HTTPS policy to allow for users who choose to use or are forced to use an SSL connection.

   For example:

   <proxy:policy url="https://<quickrserver.yourcompany.com>:<port_number>/*" acf="none">
     <proxy:actions>
      <proxy:method>GET</proxy:method>
     </proxy:actions>
     <proxy:headers>
      <proxy:header>User-Agent</proxy:header>
      <proxy:header>Accept*</proxy:header>
      <proxy:header>Content*</proxy:header>
      <proxy:header>Authorization*</proxy:header>
     </proxy:headers>
     <proxy:cookies>
      <proxy:cookie>JSESSIONID</proxy:cookie>
      <proxy:cookie>LtpaToken</proxy:cookie>
      <proxy:cookie>LtpaToken2</proxy:cookie>
     </proxy:cookies>
   </proxy:policy>

   Depending on your configuration, the <proxy:policy> section might require more or less detail. The following table lists some common cookies and headers that might be required under different configurations.

   Table 1. Common cookies or headers

   Cookie/Header	Description
   SMSESSION	SiteMinder session cookie that passes SiteMinder credentials to Lotus Quickr.
   PD-H-SESSION-ID	Non-secure Tivoli Access Manager session cookie that passes Tivoli Access Manager credentials to Lotus Quickr.
   PD-S-SESSION-ID	Secure Tivoli Access Manager session cookie that passes the secure version of the Tivoli Access Manager cookie to Lotus Quickr.
   WWW-AUTHENTICATE	Secure socket layer (SSL) header that passes SSL authentication when connecting to a secure Lotus Quickr deployment.

   
   

5. After making your changes, save and close proxy-config.tpl.

6. To check in proxy-config.tpl, use the following command:
   

   LCConfigService.checkInProxyConfig("<working-directory>", "<cell-name>")

   
   

7. To exit the wsadmin client, type exit at the prompt.

8. Stop and restart the application servers hosting IBM Connections.
   

Parent topic

IBM Connections Connector for Lotus Quickr

Related tasks

Configure the AJAX proxy
Starting the wsadmin client
Apply property changes in Communities
Use the Lotus Quickr connector installation wizard

   

 

});

+

Search Tips   |   Advanced Search