Configuring Profile and Community membership lookups for FileNet®

You must deploy both IBM® FileNet® and IBM® Connections with the same WebSphere® federated repositories. In other words, the IBM® Connections cell security configuration must be pointing to the same LDAP directory that your IBM® FileNet® is configured to use, with identical configuration options.

About this task

If you use an existing FileNet® server, you must ensure the directory configuration for FileNet® uses IBM® Connections and then perform the following steps to configure FileNet® to use your Connections server for directory information. You must use the new IBM® Connections option during directory configuration of your FileNet® domain.

Note: If you had created your domain using a prior version of FileNet® configured with IBM® Virtual Member Manager using the -Dibm.filenet.security.vmmProvider.waltzImpl=true option, then installing FileNet® Content Platform Engine 5.2 Fix Pack 1 or later automatically upgrades your system to the new IBM® Connections option for directory configuration (you can check the installation's upgrade status at: http://hostname/FileNet/AutomaticUpgradeStatus). If your FileNet® domain's directory configuration still is "IBM® Virtual Member Manager," this is a permissible configuration as long as the -Dibm.filenet.security.vmmProvider.waltzImpl=true JVM argument is in place. All other directory configurations are not valid for Connections integration.

Procedure

  1. Cross-certify the two domains/cells for SSO by configuring LTPA / SSO between the Connections and FileNet® domains as described in Configuring Single Sign On.
    Note: Ensure that the same domain name is configured for both domains.
    In addition, exchange LTPA keys by exporting from the Connections cell to the FileNet® cell as described in the WebSphere® Application Server knowledge center Settings topic LTPA.
    Note: Exporting LTPA keys is done from the WebSphere® Integrated Solutions Console for Connections, while importing LTPA keys is done on the WebSphere® Integrated Solutions Console for FileNet®.
    Note: Ensure that for both cells, the interoperability mode and LTPA V1 and V2 cookie names are the same. You can find these values using WebSphere® Integrated Solutions Console to navigate to Security > Global security > Web and SIP security > Single sign-on (SSO) .
  2. Configure JVM properties on the FileNet® server as follows:
    1. Log into WebSphere® Integrated Solutions console that hosts your existing FileNet® Content Platform Engine server.
    2. Check your login properties in Security > Global security > Federated repositories > your_LDAP_Name.
    3. Make note of the first value from the login properties field, such as uid. This value will be used later in setting a JVM argument.
    4. Click Application Servers > Server Name > Process definition > Java Virtual Machine .
    5. In the generic JVM arguments field, add the following code if it is not present already:
      -DenableWaltzIdConversion=true
      -Dibm.filenet.security.vmmProvider.waltzImpl=true 
      -Dcom.ibm.connections.directory.services.j2ee.security.principal=<first_LDAP_login_property>
      -Dibm.filenet.security.connectionsProvider.disableRecursiveParentCall=true
      Note: If the login properties contains multiple values, such as uid;mail, only the first value should be used from the list.
      Note: first_LDAP_login_property comes from the setup of the federated LDAP repository and its login properties for Connections. If you are unaware of the login properties settings, from the application server's administrative console navigate to Security > Global security > Federated repositories > your_LDAP_Name > Federated repository properties for login to find the settings or contact your administrator.
    6. Click OK to save the changes. Repeat sub-steps d through f on every server in your FileNet® cluster.
  3. Configure Waltz and Sonata on the FileNet® WebSphere® cell.
    This step will configure directory.services.xml, directory.services.xsd, sonata.services.xml, and sonata.services.xsd, and create a J2C authentication alias to allow FileNet® to connect to Connections for directory information. In Windows or Linux, unzip the waltz.zip/tar file to your FileNet® server and follow the Readme.txt file to configure Waltz and Sonata on your FileNet® cell.
    Note: These tasks should be run with the same user as the WebSphere® process is run with. The WebSphere® environment, and the Deployment Manager in particular, needs access to read this file.
    If you receive the warning message, validating the connection to FileNet, you still can continue with the installation.
  4. Restart the Deployment Manager and the FileNet® application server.