Home
Administering Connections 6.5
Welcome to the HCL Connections 6.5 documentation. HCL Connections is social networking software designed for the workplace. Its features help you to establish dynamic networks that connect you to the people and information you need to achieve your business goals.
Security
HCL Connections™ provides a flexible security infrastructure that supports an open, easily shareable data model.
Authentication with SAML
You can use the SAML (Security Assertion Markup Language) 2.0 web SSO redirection services support to implement user authentication and single sign-on (SSO). To establish your SAML environment, you must consider the following information to ensure that your system is a good candidate.
Configuring SAML redirection services for web SSO
To gain SAML support for all HCL Connections™ components that are accessed through a browser, set up SAML redirection services to use the default authenticator. This process replaces the web login page for Connections with your SAML Identity Provider (IdP) by using a redirect.
Verifying the WebSphere® Default Application is protected by SAML
Verify that the WebSphere® Default Application is protected by SAML and SAML authentication is functioning in your environment

Administering Connections 6.5
Welcome to the HCL Connections 6.5 documentation. HCL Connections is social networking software designed for the workplace. Its features help you to establish dynamic networks that connect you to the people and information you need to achieve your business goals.
- What's new in HCL Connections
  Find out about features that are new or updated in this release of HCL Connections.
- Product overview
  Learn how to deploy, customize, and administer the HCL Connections social networking product.
- Planning
  Before installing HCL Connections™, study the system requirements, deployment options, and documentation conventions.
- Installing
  To install HCL Connections™, you need to follow a detailed series of procedures.
- Uninstalling HCL Connections
  Uninstall HCL Connections.
- Migrating and updating
  Migrate HCL Connections™ and its supporting software to the latest release and then update the installation with the latest deployment, interim fixes, or Cumulative Refresh (CR).
- Administering
  Run administration and maintenance tasks to keep your environment up-to-date. For example, learn how to customize your deployment or how to use the wsadmin utility to edit configuration files. You can also schedule tasks, maintain application databases, moderate content, or manage users and their roles.
- Customizing
  Customize HCL Connections™ to fit your environment.
- Security
  HCL Connections™ provides a flexible security infrastructure that supports an open, easily shareable data model.
  - Federal Information Processing Standard (FIPS) 140-2 Compliance
    In HCL Connections™, FIPS compliance is managed through IBM® WebSphere® Application Server.
  - Allowing third-party applications access to data via the OAuth2 protocol
    Allow third-party applications to ask your HCL Connections users for access to their data.
  - Configuring single sign-on
    Set up single sign-on integration between HCL Connections™ and other HCL products and third-party security products.
  - Authentication with SAML
    You can use the SAML (Security Assertion Markup Language) 2.0 web SSO redirection services support to implement user authentication and single sign-on (SSO). To establish your SAML environment, you must consider the following information to ensure that your system is a good candidate.
    - Configuring SAML redirection services for web SSO
      To gain SAML support for all HCL Connections™ components that are accessed through a browser, set up SAML redirection services to use the default authenticator. This process replaces the web login page for Connections with your SAML Identity Provider (IdP) by using a redirect.
      - Configuring SAML for TFIM in WebSphere Application Server
        Configure SAML for IBM Tivoli Federated Identity Manager in IBM WebSphere Application Server by following the simplified steps in this topic.
      - Configuring SAML for ADFS in WebSphere Application Server
        Configure SAML for Microsoft Active Directory Federation Services in IBM WebSphere Application Server by following the simplified steps in this topic.
      - Installing the WebSphere Default Application
        Install the WebSphere Default Application (also known as Snoop) to validate the SAML environment prior to the deployment of HCL Connections™ on WebSphere.
      - Verifying the WebSphere® Default Application is protected by SAML
        Verify that the WebSphere® Default Application is protected by SAML and SAML authentication is functioning in your environment
      - Enabling single sign-on for SAML 2.0
        Configure HCL Connections™ if you want to use the SAML (Security Assertion Markup Language) 2.0 Web SSO redirection services support to implement user authentication and single sign-on (SSO).
      - Disabling SAML to validate fully functioning integration for third party servers
        HCL Connections™ can incorporate many services into Social Business Platform. It is necessary to isolate system-wide security features to validate whether third party servers, such as Cognos® or FileNet® servers, can be deployed properly as a fully functional integrated server with Connections prior to enabling the SAML protection.
  - Configuring the AJAX proxy
    By default, the HCL Connections™ AJAX proxy is configured to allow cookies, headers or mime types, and all HTTP actions to be exchanged among the Connections applications. If you want to change the traffic that is allowed from non-HCL Connections services, you must explicitly configure it.
  - Enabling locked domains
    Assuming that you have completed the server setup previously described, to enable locked domains in HCL Connections, specify an additional attribute in the LotusConnections-config.xml to ensure that only ConnectionsOpensocial application is mapped to the locked domain host.
  - Enabling virus scanning
    Edit configuration property settings to force the applications that handle uploaded files to scan all files for viruses.
  - Forcing traffic to be sent over an encrypted connection
    You can configure HCL Connections™ to force all traffic that passes between a Connections server and a user's web browser to be sent over an encrypted connection.
  - Forcing traffic to use TLS 1.2
    You can configure HCL Connections™ to force all traffic that passes between a Connections server and a user's web browser to be sent over TLS 1.2 to avoid security vulnerabilities in TLS 1.1 and earlier versions of SSL.
  - Forcing users to log in before they can access an application
    Change the access levels of members or groups to require them to provide credentials before they can access an HCL Connections™ application.
  - Securing applications from malicious attack
    HCL Connections™ provides security measures, such as an active content filter and content upload limits, that you can use to mitigate the risk of malicious attacks. Because these security measures can also limit the flexibility of the applications, you, as the system administrator, must evaluate the security of your network and determine whether or not you need to implement them.
  - Restricting domains used by the login page redirect parameter
    By default, the HCL Connections™ default login page allows redirecting to any destination. You can configure Connections to use a whitelist of domains to ensure login navigation to a secure page.
- Mobile
  See the HCL Connections™ Mobile documentation for Connections Cloud and Connections on-premises.
- Developing
  Get information about how to use the APIs provided with HCL Connections™ and how to use Connections Customizer to modify the Connections pages that are returned to users.
- Troubleshooting and support
  To isolate and resolve problems with your HCL products, you can use the troubleshooting and support information. This information contains instructions for using the problem-determination resources that are provided with your IBM® products, including HCL Connections™.

Verifying the WebSphere® Default Application is protected by SAML

Verify that the WebSphere® Default Application is protected by SAML and SAML authentication is functioning in your environment

Procedure

Protect Snoop with SAML as follows:
1. From the WebSphere® Application Server Integrated Solutions Console, navigate to Security > Global security > Trust association > Interceptors > com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor.
2. Under Custom properties, create the property sso_1.sp.filter and give it the value request-url^=/snoop
For more information about configuring the SAML TAI, refer to Enabling your system to use the SAML web single sign-on (SSO) feature.
Run Full Resynchronize for all nodes, and then stop all servers and the Dmgr.
Restart the Dmgr, the Node agent, and the server associated with the Default Application.
Ensure the system clocks on all systems are synchronized, especially that of the IdP server and the SP server.
Verify that Snoop is now protected by SAML. From the browser, enter https://websphere.example.com[:port]/snoop.
You are requested to accept the web-server signed certificate.
Accept the web-server signed certificate, and when prompted to enter a valid username/password, enter the Connections administrator username/password.
The Snoop Servlet - Request/Client Information form displays.
Continue to enable SAML protection for HCL Connections™ by completing Enabling single sign-on for SAML 2.0.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site.