Configuring the web deployment descriptor file for client certificate authentication of OSLC calls
You can configure the HCL Compass Web deployment descriptor file, web.xml, to enforce client certificate authentication for OSLC URL patterns.
Before you begin
Verify that all OSLC (Open Services for Lifecycle Collaboration) consumers that access the server can be configured to use client certificates when the consumers log in to the target providers.
About this task
The HCL Compass Web application includes a web deployment descriptor file, web.xml. The descriptor file includes a commented section with instructions about how to include rules that enable client certificate authentication. These rules contain explicit exemptions for OSLC URL patterns that allow OSLC integrations to operate by using the standard HCL Compass authentication algorithm. You can refine the list of URL exemptions in the web.xml file to configure client certificate authentication for OSLC integrations.
The configuration changes affect all OSLC integrations for the HCL Compass Web server. It is not possible to selectively specify that some OSLC consumers use standard authentication while others use client certificates.
- WAS-home
- Directory where WebSphere® Application Server is installed
- cqweb_profile
- Name of the HCL Compass Web profile
Procedure
- Copy the HCL Compass Web
deployment descriptor file, web.xml, to a working
directory and rename the file. The web.xml file
is in the following directory:
- WAS-home\profiles\cqweb_profile\installedApps\dfltCell\TeamEAR.ear\cqweb.war\WEB-INF\web.xml
- WAS-home/profiles/cqweb_profile/installedApps/dfltCell/TeamEAR.ear/cqweb.war/WEB-INF/web.xml
Important:If HCL Compass is installed on the Solaris operating system, the default WebSphere® Application Server cell directory is srvNode01Cell. Use this value in place of dfltCell, which is the default directory on Windows™, UNIX™, and Linux™ systems.
For illustrative purposes, the steps assume that you renamed the web.xml file that you copied to a working directory to web-client-cert.xml.
- Edit the web-client-cert.xml file
by removing the comment characters
<!--
and-->
that precede and follow the<security-constraint>
security element section. Replace the<security-constraint>
element for<web-resource-name>CQBridge</web-resource-name>
with the following security rules:<security-constraint> <web-resource-collection> <web-resource-name>CQBridge</web-resource-name> <url-pattern>/html/*</url-pattern> <url-pattern>oauth-request-consumer/*</url-pattern> <url-pattern>oauth-access-token/*</url-pattern> <url-pattern>oauth-request-token/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>
- Save the changes.
- Complete the steps in Configuring client certificate authentication for HCL Compass Web, starting at step 2.