Home
HCL Digital Experience Product Documentation
Welcome to the product documentation for HCL Digital Experience. Find information about how to install, configure, maintain, and use HCL Web Content Manager and HCL Portal Server, Enable, and Extend solutions.
HCL Digital Experience 8.5
Learn how to install, configure, troubleshoot, maintain, and use Version 8.5 of HCL Web Content Manager and HCL Portal Server, Enable, and Extend.
Developing
This section includes developer documentation on extending applications and development assets for HCL Portal and HCL Web Content Manager.
Developing portlets
Get an overview of the process of creating portlets, learn about the concepts of the APIs used to develop portlets, and view the samples to get you started. Also, learn about integrating features such as single sign-on, cooperative sharing of information using the property broker, and migrating Struts applications to the portlet environment.
Web 2.0 user interface features
Learn about portal features that pertain to the Web 2.0 generation type of Web user interface.
Outbound HTTP connection
Applications in your HCL Portal and the related user activities can require outbound HTTP connections to remote computer systems. The outbound HTTP connection service provides an administration infrastructure with a central point of administration for all outbound HTTP connections that are defined in the portal environment.
Authenticating outbound HTTP connections
You can protect the access to the remote host by an authentication mechanism.
Establishing SSO connections through SAML 2.0 tokens
It is possible to establish outbound HTTP connections to remote resources that are authenticated by using the SAML 2.0 protocol. Outbound HTTP connections take care of the communication with the Identity provider (IDP) to get an authenticated connection by using SAML tokens. The SAML Authentication handler uses the HTTP POST binding protocol of the SAML specification. Therefore, it is required that both the Identity Provider and the Service Provider support the HTTP POST binding, if they are used by Outbound HTTP Connections for authentication.
Configuration settings for SAML authenticated connections
To enable a connection policy for SAML-based authentication, the following settings must be defined in the metadata section of the policy, the policy mapping, or the default mapping.
Configuration settings for Tivoli Federated Identity Manager (TFIM)
Learn about establishing an SAML-based SSO connection for Tivoli Federated Identity Manager. Tivoli Federated Identity Manager must be installed and operational before an SSO connection can be established.
Adding the Java Authentication and Authorization Service (JAAS) login module to the Tivoli Federated Identity Manager (TFIM) server
The Java Authentication and Authorization Service (JAAS) login module is available as a plug-in. This plug-in sets the email address of the logged in user within the security context so that the email address can be used within Tivoli Federated Identity Manager.
Tivoli Federated Identity Manager (TFIM) mapping for the Java Authentication and Authorization Service (JAAS) login module
By default, the JAAS plug-in reads a user's email address from the VMM attribute with the name mail. The JAAS plug-in sets the mail attribute in the security context. If you change the name of the attribute in the security context, update the following mapping rule accordingly.

HCL Digital Experience Product Documentation
Welcome to the product documentation for HCL Digital Experience. Find information about how to install, configure, maintain, and use HCL Web Content Manager and HCL Portal Server, Enable, and Extend solutions.
- HCL Digital Experience 9.5
- HCL Digital Experience 9.5 [Legacy Content]
- HCL Digital Experience 9.0
  Learn how to install, configure, troubleshoot, maintain, and use Version 9.0 of HCL Web Content Manager and HCL Portal Server, Enable, and Extend.
- HCL Digital Experience 8.5
  Learn how to install, configure, troubleshoot, maintain, and use Version 8.5 of HCL Web Content Manager and HCL Portal Server, Enable, and Extend.
  - Overview
    HCL Digital Experience (formerly IBM WebSphere Portal and IBM Web Content Manager) empowers you to create, manage, and deliver engaging omnichannel digital experiences to virtually all audiences with responsive content, targeted offers, seamlessly integrated applications, and consistent branding across channels (web, mobile. and hybrid mobile/web applications and more).
  - Roadmaps to deploy your system
    Review the roadmaps to understand the common deployment, configuration, migration, and integration patterns.
  - Roadmaps to create your website
    Review the roadmaps to understand how to create your website.
  - Online Help
    This Online Help is made available in the HCL Digital Experience Help Center for quick references on how to install, configure, maintain, and use HCL Digital Experience.
  - Installing
    HCL Digital Experience provides flexible deployment options that range from proof-of-concept where you can examine and test functionality to a highly available and scalable production environment. Review the planning information to learn more about hardware and software requirements, high availability, scalability, supported topologies, and much more. Select your operating system and then select the installation pattern that most reflects your business needs.
  - Configuring
    Run the following tasks after you install and deploy HCL Digital Experience. They address tasks that are typically run one time and have a global effect. Some configuration changes are made more frequently or do not have a global effect. These tasks are addressed in the Administering section.
  - Backup and restore
    Backup and recovery of data files and databases is an essential operation for any business system, particularly for data and applications that run in production environments. Create and follow a plan for backing up and recovering data on all tiers of your HCL Digital Experience deployment. IBM Installation Manager must also be included in backup and recovery planning. If you back up the HCL Portal file structure and then install a fix pack, your HCL Digital Experience and IBM Installation Manager become out of sync after you restore the HCL Portal file system. This condition is not recoverable.
  - Migrating
    Successful migration requires significant planning and preparation, understanding the tools that are involved, and careful execution of the appropriate steps in the order provided.
  - Integrating
    Integrate HCL Digital Experience with software such as HCL Sametime to enable your users to collaborate more easily. You can also use the unified task list portlet to integrate HCL with your backend business process software, such as IBM Process Server.
  - Administering
    Use the administration tools that are provided with the portal to do various day-to-day administration tasks. There are two methods for editing portal setup: using the administration portlets or the XML configuration interface. The administration portlets are a convenient way to make real-time updates to the portal's configuration. While the XML configuration interface is suited to more advanced administration, including batch processing of updates.
  - Securing
    Security tasks include setting up property extension databases and custom user repositories, configuring and activating SSL, and configuring authentication. In addition, tasks such as activating Federal Information Processing Standards (FIPS) and NIST SP800-131a security modules and configuring external security managers such as Security Access Manager might be required to secure your portal environment.
  - Monitoring
    HCL Portal includes tools and features to help you monitor the portal site.
  - Setting up a website
    Setting up a website includes, creating pages, adding navigation, setting up search, and adding content to the site. Themes are used to customize the portal's look-and-feel. Out-of-the-box templates and the site wizard can help you set up your portal site faster. You can add wikis and blogs to your site and let users tag and rate content on your site.
  - Staging to production
    During portal solution development, the solution is initially developed, tested, and refined on one server or a limited number of servers. The solution is deployed later on live systems, referred to as the production environment. The process of moving the solution from the development environment to the production environment is called staging.
  - Developing
    This section includes developer documentation on extending applications and development assets for HCL Portal and HCL Web Content Manager.
    - Changing to a developer mode environment
      Install HCL Digital Experience and then immediately change to a developer mode environment. Use this environment when you develop applications, themes, portals, and portlets. Startup performance is improved within a developer mode environment.
    - Dojo and HCL Digital Experience
      HCL Digital Experience contains an instance of the Dojo Toolkit, a JavaScript library that is based on the Dojo Toolkit. When you develop components that use Dojo, you must be aware of how the portal uses Dojo, and the tips and restrictions when you use Dojo.
    - Extending HCL Portal class path
    - Developing themes and skins
      You can create themes using modules to contribute to separate areas of pages to provide flexibility, enhance the user experience, and maximize performance. To optimize themes on your website, use the theme optimization module framework. The framework separates feature-specific logic and capabilities from the theme code.
    - URL generation in HCL Portal
      Generating Portal URLs correctly is one of the most important tasks in programming an HCL Portal based application. There are several programming tools and techniques available for generating HCL Portal URLs in custom code. The following section introduces the programming tools available and discusses when it is most appropriate to use each of the tools.
    - Model SPI overview
      Models provide information that is needed by HCL Digital Experience to perform tasks such as content aggregation or building navigation to browse the aggregated content. The information that is aggregated is represented through models that can be accessed programmatically by using the Model SPI (read-only). The information of a model is usually persistent (stored in a database) but can also be transient (computed and stored only in memory). Models can be represented by using a tree structure (nodes have a parent-child relationship), a list structure, or a selection structure (a selected element in a tree structure).
    - Controller SPI
      You can use the Controller SPI for portal administration. It allows you to modify portal resources. It enhances the read-only portal Model SPI by adding writable aspects.
    - User and group management
      The Portal User Management Architecture (PUMA) System programming interface (SPI) provides interfaces for accessing the profiles of a portal User or Group.
    - Portal Access Control interfaces
      Portal Access Control provides interfaces for retrieving and modifying and access control information of portal resources, such as portlets or pages.
    - Developing portlets
      Get an overview of the process of creating portlets, learn about the concepts of the APIs used to develop portlets, and view the samples to get you started. Also, learn about integrating features such as single sign-on, cooperative sharing of information using the property broker, and migrating Struts applications to the portlet environment.
      - Portlet concepts
        Learn about portlets from a user's and an application developer's perspective. View a brief comparison between a portlet and a servlet and understand basic portlet concepts; know the effect of Java 2 security enablement on the operation of portlets that rely on certain privileges for processing.
      - Creating a simple portlet
        To create a simple portlet, you must write the portlet code, compile Java source, create the JAR file, write the portlet descriptors, set up the WAR file directory structure, and package and deploy the portlets.
      - Standard portlet API
        The Java Portlet Specification addresses the requirements of aggregation, personalization, presentation, and security for portlets running in a portal environment.
      - Portlet services
        Portlet services are used to provide common functionality to portlets. Each portlet service has its own service-specific interface for the functionality that it offers.
      - Struts Portlet Framework
        Struts are no longer supported in HCL Digital Experience
      - Web 2.0 user interface features
        Learn about portal features that pertain to the Web 2.0 generation type of Web user interface.
        The client side portlet programming model
        You can use the client side programming model to make use of AJAX techniques in your standard API portlets.
        Outbound HTTP connection
        Applications in your HCL Portal and the related user activities can require outbound HTTP connections to remote computer systems. The outbound HTTP connection service provides an administration infrastructure with a central point of administration for all outbound HTTP connections that are defined in the portal environment.
        The programming model for the outbound HTTP connection service
        The outbound HTTP connection service can be used from the context of a servlet request service or from the context of a portlet request service. Here are some code examples.
        HTTP proxy for Ajax applications, also known as Ajax Proxy
        One of the basic technologies that emerged in the context of the next generation web user interface is Ajax (Asynchronous JavaScript and XML). Using Ajax can increase the responsiveness and usability of your web applications.
        Configuring outbound HTTP connections
        In HCL Portal Version 8.0 and earlier versions, outbound HTTP connections were accessible through the Ajax Proxy service. The Ajax Proxy service was configured by a configuration document named proxy-config.xml. You find this document in the /WEB-INF directory of the web module that uses the Ajax Proxy service. Starting with HCL Portal Version 8.5 and the new outbound connection service, the configuration of outbound HTTP connections is now part of the standard datastore-based portal configuration.
        Authenticating outbound HTTP connections
        You can protect the access to the remote host by an authentication mechanism.
        Providing user credentials for authenticated connections
        Several authentication handlers require that user credentials are presented in the authentication process. For example, the HTTP basic authentication handler requires such user credentials. Before the outbound connection can be used, these user credentials are set in the Credential Vault.
        Establishing a basic authenticated HTTP connection
        To establish an HTTP connection with basic authentication, you enable an outbound connection policy for HTTP basic authentication.
        Establishing a digest authenticated HTTP connection
        To establish an HTTP connection with digest authentication, you enable an outbound connection policy for HTTP digest authentication.
        Establishing a form-based authenticated HTTP connection
        To establish an HTTP connection with form-based authentication, you enable an outbound connection policy for form-based authentication.
        Establishing SSO connections through LTPA token
        To establish a Single Sign-On (SSO) connection through LTPA token, you enable an outbound connection policy for the SSO connection through LTPA token.
        Establishing SSO connections through SPNEGO token
        To establish a Single Sign-On (SSO) connection through SPNEGO token, you enable an outbound connection policy for the SSO connection through SPNEGO token.
        Establishing SSO connections through SAML 2.0 tokens
        It is possible to establish outbound HTTP connections to remote resources that are authenticated by using the SAML 2.0 protocol. Outbound HTTP connections take care of the communication with the Identity provider (IDP) to get an authenticated connection by using SAML tokens. The SAML Authentication handler uses the HTTP POST binding protocol of the SAML specification. Therefore, it is required that both the Identity Provider and the Service Provider support the HTTP POST binding, if they are used by Outbound HTTP Connections for authentication.
        Configuration settings for SAML authenticated connections
        To enable a connection policy for SAML-based authentication, the following settings must be defined in the metadata section of the policy, the policy mapping, or the default mapping.
        Configuration settings for Tivoli Federated Identity Manager (TFIM)
        Learn about establishing an SAML-based SSO connection for Tivoli Federated Identity Manager. Tivoli Federated Identity Manager must be installed and operational before an SSO connection can be established.
        Finding the Identity Provider login URL and the Partner URL (TFIM)
        In order to establish an SSO connection through Tivoli Federated Identity Manager, you must specify the Identity Provider login URL and the Partner URL. Learn how to find these values from the Tivoli Federated Identity Manager configuration if you do not already know them. If you know these values already, skip this step.
        Creating Identity Provider settings at the Outbound Connection Service configuration (TFIM)
        Certain metadata settings such as the Identity Provider URL and the Partner URL are required to use Tivoli Federated Identity Manager Identity Provider for SSO connections through SAML 2.0 authentication protocol.
        Defining policy rules for the remote connection (TFIM)
        Learn about how to create a policy rule for the SSO connection. Creating a policy rule is required to use the SSO connection for the Identity Provider that you registered.
        Adding the Java Authentication and Authorization Service (JAAS) login module to the Tivoli Federated Identity Manager (TFIM) server
        The Java Authentication and Authorization Service (JAAS) login module is available as a plug-in. This plug-in sets the email address of the logged in user within the security context so that the email address can be used within Tivoli Federated Identity Manager.
        Configuring the Java Authentication and Authorization Service (JAAS) login module
        The behavior of the JAAS login module is configurable. If you change the attribute name for the security context, make sure to adjust the mapping rule accordingly.
        Tivoli Federated Identity Manager (TFIM) mapping for the Java Authentication and Authorization Service (JAAS) login module
        By default, the JAAS plug-in reads a user's email address from the VMM attribute with the name mail. The JAAS plug-in sets the mail attribute in the security context. If you change the name of the attribute in the security context, update the following mapping rule accordingly.
        Configuration settings for Active Directory Federation Services (ADFS)
        Learn about establishing a single-sign on (SSO) connection for Active Directory Federation Services (ADFS).
        Adding or changing endpoint URL settings
        Sometimes a URL needs to include query parameters or POST forms data that isn’t known or cannot be known at the client site. For example, an API key for a REST service, or an application code such as a Google maps key. The URL transformation feature of the outbound connection services can handle this requirement.
        Establish OAuth 2.0 authenticated connections
        The Outbound HTTP Connection services support the connection of remote sites, such as Twitter, Dropbox, or Facebook, which are protected with a OAuth 2.0 authentication protocol. This section describes ways to configure Outbound HTTP connections to access resources which are protected.
        Using dynamic elements in outbound HTTP connection settings
        In some cases, it is useful to control configuration settings at run time. For example, an administrator might want to have the program decide at run time which policy rule is applied. In another scenario, parts of a policy rule configuration that are known only at run time must be included in the configuration.
        Using programmatic extensions for outbound HTTP connections
        To extend the functions of an outbound connection, portal administrators can implement a custom outbound service filter.
        Migration
        HCL Portal Version 8.5 provides a migration process for the change from the Ajax proxy of previous portal versions to the new outbound HTTP connection.
        Live text for click-to-action
        HCL Digital Experience supports a live text API for user controlled data transfer between components. With live text, a component on a page can declare sources and targets for data transfer. For example, this can be a portlet or a navigation element. When the user clicks on a source element, the portal displays a menu listing targets that match the selected source. When a menu item is selected, the portal invokes the corresponding target passing it the source data. This process is called Click-to-Action (C2A).
      - Client-side aggregation reference
        Refer to programming model guidelines for client-side mode or server-side mode.
      - Portlet communication
        HCL Digital Experience supports multiple ways for portlets to exchange or share information.
      - Dynamic user interfaces
        Learn about dynamic user interfaces that include dynamic pages, dynamic portlets, dynamic UI configuration, dynamic UI properties, and shared dynamic UIs. Get an overview of how to develop a dynamic UI configuration.
      - Collaborative Services API and the person tag
        Collaborative Services are a set of methods and JavaServer Page tags that allow developers who are writing portlets for HCL Portal or other application servers to add Lotus collaborative functionality to their portlets. The services can be used to develop new custom portlets, or to add collaborative functionality (for example, menus or person links indicating online status) to existing portlets.
      - Portlet API
        The Portlet API is no longer supported starting with HCL Portal Version 8.5.0. You must convert portlets based on the Portlet API to the Standard Portlet API. Learn how to convert HCL DX Portlets to Standard API portlets.
      - Portlet development reference
        View important information and concepts related to portlet development.
      - Predefined public render parameters
        HCL Portal defines a set of portal-specific public render parameters, which can be used to work with portal-specific state information within portlets.
      - Sample portlets
        Learn about the sample portlets included with HCL Digital Experience and view the steps to import these samples into IBM Rational Application Developer.
    - HCL DX Portlet Bridge support for JavaServer Faces 2.2
      HCL Digital Experience 8.5 and 9.5 includes the HCL Portlet 2.0 Bridge for JSF 2.2. The bridge provides customers an interface to developing and running JSF Portlets.
    - Web Developer Toolkit for HCL Digital Experience
      Learn more about what you can do with the Web Developer Toolkit for HCL Digital Experience.
    - The Script Application
      The Script Application enables script developers to create portlets for HCL Digital Experience with HTML, JavaScript, and CSS.
    - The HCL Web Content Manager API
      You can use the Web Content Manager API to extend functions of HCL Web Content Manager.
    - Search REST API specification
      The following document describes the API call to search HCL Digital Experience. You can search HCL Digital Experience to find content that contains a specific text string in its title or content, or is tagged with a specific tag.
    - Extending tagging and rating by using service APIs
      Developers can enhance and extend the tagging and rating features of the portal. For this purpose the portal tagging and rating feature provides service APIs that you can use to enhance tagging and rating by your requirements.
    - How to create a custom launch page
      You can configure an authoring portlet to use a launch page of your own design instead of the default user interface.
    - How to create a custom HTML editor integration
      You can use custom HTML editors in all HTML fields of the authoring interface or specific HTML elements that are defined in an authoring template. Custom HTML fields are used to integrate third-party editors into the authoring interface.
    - How to use remote actions
      Remote actions are used to trigger actions from the HCL Web Content Manager application.
    - How to create custom plug-ins
      A custom plug-in is a reusable Java class that you create to run a task. You can create custom plug-ins such as custom workflow actions, plug-ins to run when a page is rendered, plug-ins to store multi-locale text strings and plug-ins to run when a file is uploaded.
    - Digital Data Connector (DDC) for HCL Portal
      You can use the Digital Data Connector (DDC) for HCL Portal framework to integrate data from external data sources on your portal pages by using HCL Web Content Manager presentation components. External data means that the data does not need to be stored directly in HCL Web Content Manager. For example, you can use DDC to render social data that you have on your HCL Connections server or on other social platforms in the context of your portal pages. Other possible data sources include news feeds, task lists, product catalog information, to name just a few.
    - Determining the current web content context
      To determine the current web content context of a portal page or Web Content Viewer portlet, you can use the WCM Page Context Service. This service provides the ID of the currently rendered item of a page or portlet.
    - REST service for Web Content Manager
      Application developers can use Representational State Transfer (REST) services to work with Web Content Manager. The REST service for Web Content Manager provides authoring access to content items and elements. The service follows the Atom Publication Protocol, and Atom feeds, and entries are accessible in XML (application/atom+xml) and JSON (application/json) format.
    - Digital Experience Version 2 REST APIs (Beta)
      The API design for version 2.0 of the DX REST API is intended to facilitate the creation of HCL Web Content Manager assets.
    - How to display data from external sources
      You display data from external sources, such as SQL databases, by using the same methods as you would when you create a website.
    - Instrumenting web content for Active Site Analytics
      You can collect information from web content for Active Site Analytics.
    - Java messaging services for web content
      Web Content Manager supports for the notification of events such as item state changes, or services starting and stopping. These notifications can be delivered as messages to the Java messaging service.
    - Reference documents
      Reference copy of API, SPI, Javadoc, and more, for HCL Digital Experience 8.5 and 9.0.
    - Developing basic PAA file applications
      Solution developers can create their own Portal Application Archive (PAA) files. The developers can then use the Configuration Wizard to add on their applications to their HCL Digital Experience environment.
    - Developing advanced PAA file applications
      Developers can create their own advanced Portal Application Archive (PAA) file. The advanced PAA file contains custom content. The developers can then use the Configuration Wizard to add on their applications to their HCL Digital Experience environment.
    - HCL UX Screen Flow Manager
      The HCL UX Screen Flow Manager helps operators, developers, and dialog modelers develop fine-granular, small split portlets. Learn to configure the sequence, transitions, and workflow of a set of screens.
  - Troubleshooting
    This section helps you resolve problems, use diagnostic tools and tracing to capture HCL Digital Experience system errors.
  - Reference
    View information that can help you use the Digital Experience Help Center including directory conventions, terms of use, trademarks, a glossary, and more.
  - Glossary
    This glossary includes terms and definitions for HCL Digital Experience.
  - Content Template Catalog 4.4
    The Content Template (CTC) is a set of templates that accelerate the process of building a website.

Tivoli Federated Identity Manager (TFIM) mapping for the Java Authentication and Authorization Service (JAAS) login module | HCL Digital Experience

By default, the JAAS plug-in reads a user's email address from the VMM attribute with the name mail. The JAAS plug-in sets the mail attribute in the security context. If you change the name of the attribute in the security context, update the following mapping rule accordingly.

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
version="1.0"
xmlns:mapping-ext="com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils"
extension-element-prefixes="mapping-ext"
xmlns:stsuuser="urn:ibm:names:ITFIM:1.0:stsuuser">
        <xsl:strip-space elements="*" />
        <xsl:output method="xml" version="1.0" encoding="utf-8" indent="yes" />
        <!-- Initially we start with a copy of the document. -->
        <xsl:template match="@* | node()">
            <xsl:copy>
               <xsl:apply-templates select="@* | node()" />
            </xsl:copy>
        </xsl:template>

        <!-- This will replace the principal name with the user's email. -->
        <xsl:template
        match="//stsuuser:Principal/stsuuser:Attribute[@name='name']">
            <stsuuser:Attribute name="name" type="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
            <stsuuser:Value>
               <xsl:value-of select="//stsuuser:AttributeList/stsuuser:Attribute[@name='mail']/stsuuser:Value"/>
            </stsuuser:Value>
            </stsuuser:Attribute>
        </xsl:template>
</xsl:stylesheet>