Configuring client certificate authentication for HCL Compass Web
Update the HCL Compass Web deployment descriptor to configure client certificate authentication.
About this task
The following variables are used in path names:
- WAShome
- Directory where WebSphere® Application Server is installed
- cqwebProfile
- Name of the HCL Compass Web profile
Procedure
- Copy the HCL Compass Web
deployment descriptor file, web.xml, to a working
directory and rename the file. The web.xml file
is located in the following directory:
- WAShome\profiles\cqwebProfile\installedApps\dfltCell\TeamEAR.ear\cqweb.war\WEB-INF\web.xml
- WAShome/profiles/cqwebProfile/installedApps/dfltCell/TeamEAR.ear/cqweb.war/WEB-INF/web.xml
Note:If HCL Compass is installed on the Solaris operating system, the default WebSphere® Application Server cell directory is srvNode01Cell. Use this value in place of dfltCell, which is the default directory on Windows™, UNIX™, and Linux™ systems.
For illustrative purposes, the steps in this topic assume that you renamed the web.xml file that you copied to a working directory to web-client-cert.xml.
- Edit the web-client-cert.xml file
by removing the comment characters
<!--
and-->
that precede and follow the security elements sections<security-constraint>
,<login-config>
, and<security-role>
:<security-constraint> <web-resource-collection> <web-resource-name>secure</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>CompassUsers</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-conf> <auth-method>CLIENT-CERT</auth-method> </login-conf> <security-role> <role-name>HCL CompassUsers</role-name> </security-role>
- Save and close the file.
- Use the WebSphere® Application
Server wsadmin utility to apply the deployment
descriptor changes: