Configuring client certificate authentication for HCL Compass Web

Update the HCL Compass Web deployment descriptor to configure client certificate authentication.

About this task

The following variables are used in path names:
WAShome
Directory where WebSphere® Application Server is installed
cqwebProfile
Name of the HCL Compass Web profile

Procedure

  1. Copy the HCL Compass Web deployment descriptor file, web.xml, to a working directory and rename the file. The web.xml file is located in the following directory:
    Windows
    WAShome\profiles\cqwebProfile\installedApps\dfltCell\TeamEAR.ear\cqweb.war\WEB-INF\web.xml
    UNIX Linux
    WAShome/profiles/cqwebProfile/installedApps/dfltCell/TeamEAR.ear/cqweb.war/WEB-INF/web.xml
    Note: Solaris If HCL Compass is installed on the Solaris operating system, the default WebSphere Application Server cell directory is srvNode01Cell. Use this value in place of dfltCell, which is the default directory on Windows™, UNIX™, and Linux™ systems.

    For illustrative purposes, the steps in this topic assume that you renamed the web.xml file that you copied to a working directory to web-client-cert.xml.

  2. Edit the web-client-cert.xml file by removing the comment characters <!-- and --> that precede and follow the security elements sections <security-constraint>, <login-config>, and <security-role>:
    <security-constraint>
	  <web-resource-collection>
		   <web-resource-name>secure</web-resource-name>
			    <url-pattern>/*</url-pattern>
	  </web-resource-collection>

		<auth-constraint>
		   <role-name>CompassUsers</role-name>
		</auth-constraint>

		<user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
		</user-data-constraint>
</security-constraint>

<login-conf>
	<auth-method>CLIENT-CERT</auth-method>
</login-conf>

<security-role>
	<role-name>HCL CompassUsers</role-name>
</security-role>
  3. Save and close the file.
  4. Use the WebSphere Application Server wsadmin utility to apply the deployment descriptor changes:
    1. Change to the working directory where the web-client-cert.xml file resides.
    2. Start the wsadmin utility in a command prompt window:
      Windows
      "WAShome\profiles\cqwebProfile\bin\wsadmin"
      UNIX Linux
      WAShome/profiles/cqwebProfile/bin/wsadmin
    3. Run the following commands:

      wsadmin> $AdminApp update TeamEAR file {-operation update -contents web-client-cert.xml -contenturi cqweb.war/WEB-INF/web.xml}

      wsadmin> $AdminConfig save

      wsadmin> exit