Home
HCL Digital Experience 9.5 [Legacy content]
Developing
This section includes developer documentation on extending applications and development assets for HCL Portal and HCL Web Content Manager.
Developing portlets
Get an overview of the process of creating portlets, learn about the concepts of the APIs used to develop portlets, and view the samples to get you started. Also, learn about integrating features such as single sign-on, cooperative sharing of information using the property broker, and migrating Struts applications to the portlet environment.
Web 2.0 user interface features
Learn about portal features that pertain to the Web 2.0 generation type of Web user interface.
Outbound HTTP connection
Applications in your HCL Portal and the related user activities can require outbound HTTP connections to remote computer systems. The outbound HTTP connection service provides an administration infrastructure with a central point of administration for all outbound HTTP connections that are defined in the portal environment.
Authenticating outbound HTTP connections
You can protect the access to the remote host by an authentication mechanism.
Establishing SSO connections through SAML 2.0 tokens
It is possible to establish outbound HTTP connections to remote resources that are authenticated by using the SAML 2.0 protocol. Outbound HTTP connections take care of the communication with the Identity provider (IDP) to get an authenticated connection by using SAML tokens. The SAML Authentication handler uses the HTTP POST binding protocol of the SAML specification. Therefore, it is required that both the Identity Provider and the Service Provider support the HTTP POST binding, if they are used by Outbound HTTP Connections for authentication.
Configuration settings for SAML authenticated connections
To enable a connection policy for SAML-based authentication, the following settings must be defined in the metadata section of the policy, the policy mapping, or the default mapping.
Configuration settings for Tivoli Federated Identity Manager (TFIM)
Learn about establishing an SAML-based SSO connection for Tivoli Federated Identity Manager. Tivoli Federated Identity Manager must be installed and operational before an SSO connection can be established.
Adding the Java Authentication and Authorization Service (JAAS) login module to the Tivoli Federated Identity Manager (TFIM) server
The Java Authentication and Authorization Service (JAAS) login module is available as a plug-in. This plug-in sets the email address of the logged in user within the security context so that the email address can be used within Tivoli Federated Identity Manager.

HCL Digital Experience 9.5 [Legacy content]
- Overview
  HCL Digital Experience provides a single access point to web content and applications, while it delivers differentiated, personalized experiences for each user across multiple touchpoints, such as web, mobile, hybrid mobile/web applications, and more.
- Supported migration paths
  Migration is supported between equivalent HCL Digital Experience offerings.
- Supported installation and upgrade paths
  Installation and upgrade is supported between equivalent HCL Digital Experience offerings.
- Getting the software
  New and existing users need to register at the HCL Software License Portal and download their entitled HCL Digital Experience package(s).
- Creating your website
  Review the following topics to understand how to create your website using the latest HCL Digital Experience.
- Installing HCL Digital Experience
  Review the planning information on HCL Digital Experience, then select your operating system and installation pattern that most reflects your business needs.
- Configuring
  Run the following tasks after you install and deploy HCL Digital Experience. They address tasks that are typically run one time and have a global effect. Some configuration changes are made more frequently or do not have a global effect. These tasks are addressed in the Administering section.
- Backup and restore
  Backup and recovery of data files and databases is an essential operation for any business system, particularly for data and applications that run in production environments. Create and follow a plan for backing up and recovering data on all tiers of your HCL Digital Experience deployment. IBM Installation Manager must also be included in backup and recovery planning. If you back up the HCL Portal file structure and then install a fix pack, your HCL Digital Experience and IBM Installation Manager become out of sync after you restore the HCL Portal file system. This condition is not recoverable.
- Migrating
  Successful migration requires significant planning and preparation, understanding the tools that are involved, and careful execution of the appropriate steps in the order provided.
- Integrating
  Integrate HCL Digital Experience with software such as HCL Sametime to enable your users to collaborate more easily. You can also use the unified task list portlet to integrate HCL with your backend business process software, such as IBM Process Server.
- Administering
  Use the administration tools that are provided with the HCL Digital Experience to do various day-to-day administration tasks.
- Securing
  Security tasks include setting up property extension databases and custom user repositories, configuring and activating SSL, and configuring authentication. In addition, tasks such as activating Federal Information Processing Standards (FIPS) and NIST SP800-131a security modules and configuring external security managers such as Security Access Manager might be required to secure your portal environment.
- Monitoring
  HCL Portal includes tools and features to help you monitor the portal site.
- Setting up a website
  Setting up a website includes, creating pages, adding navigation, setting up search, and adding content to the site. Themes are used to customize the portal's look-and-feel. Out-of-the-box templates and the site wizard can help you set up your portal site faster. You can add wikis and blogs to your site and let users tag and rate content on your site.
- Staging to production
  During portal solution development, the solution is initially developed, tested, and refined on one server or a limited number of servers. The solution is deployed later on live systems, referred to as the production environment. The process of moving the solution from the development environment to the production environment is called staging.
- Developing
  This section includes developer documentation on extending applications and development assets for HCL Portal and HCL Web Content Manager.
  - Changing to a developer mode environment
    Install HCL Digital Experience and then immediately change to a developer mode environment. Use this environment when you develop applications, themes, portals, and portlets. Startup performance is improved within a developer mode environment.
  - Dojo and HCL Digital Experience
    HCL Digital Experience contains an instance of the Dojo Toolkit, a JavaScript library that is based on the Dojo Toolkit. When you develop components that use Dojo, you must be aware of how the portal uses Dojo, and the tips and restrictions when you use Dojo.
  - Extending HCL Portal class path
  - Developing themes and skins
    You can create themes using modules to contribute to separate areas of pages to provide flexibility, enhance the user experience, and maximize performance. To optimize themes on your website, use the theme optimization module framework. The framework separates feature-specific logic and capabilities from the theme code.
  - URL generation in HCL Portal
    Generating Portal URLs correctly is one of the most important tasks in programming an HCL Portal based application. There are several programming tools and techniques available for generating HCL Portal URLs in custom code. The following section introduces the programming tools available and discusses when it is most appropriate to use each of the tools.
  - Model SPI overview
    Models provide information that is needed by HCL Portal to perform tasks such as content aggregation or building navigation to browse the aggregated content. The information that is aggregated is represented through models that can be accessed programmatically by using the Model SPI (read-only). The information of a model is usually persistent (stored in a database) but can also be transient (computed and stored only in memory). Models can be represented by using a tree structure (nodes have a parent-child relationship), a list structure, or a selection structure (a selected element in a tree structure).
  - Controller SPI
    You can use the Controller SPI for portal administration. It allows you to modify portal resources. It enhances the read-only portal Model SPI by adding writable aspects.
  - User and group management
    The Portal User Management Architecture (PUMA) System programming interface (SPI) provides interfaces for accessing the profiles of a portal User or Group.
  - Portal Access Control interfaces
    Portal Access Control provides interfaces for retrieving and modifying and access control information of portal resources, such as portlets or pages.
  - Developing portlets
    Get an overview of the process of creating portlets, learn about the concepts of the APIs used to develop portlets, and view the samples to get you started. Also, learn about integrating features such as single sign-on, cooperative sharing of information using the property broker, and migrating Struts applications to the portlet environment.
    - Portlet concepts
      Learn about portlets from a user's and an application developer's perspective. View a brief comparison between a portlet and a servlet and understand basic portlet concepts; know the effect of Java 2 security enablement on the operation of portlets that rely on certain privileges for processing.
    - Creating a simple portlet
      To create a simple portlet, you must write the portlet code, compile Java source, create the JAR file, write the portlet descriptors, set up the WAR file directory structure, and package and deploy the portlets.
    - Standard portlet API
      The Java Portlet Specification addresses the requirements of aggregation, personalization, presentation, and security for portlets running in a portal environment.
    - Portlet services
      Portlet services are used to provide common functionality to portlets. Each portlet service has its own service-specific interface for the functionality that it offers.
    - Struts Portlet Framework
      Struts are no longer supported in HCL Digital Experience
    - Web 2.0 user interface features
      Learn about portal features that pertain to the Web 2.0 generation type of Web user interface.
      - The client side portlet programming model
        You can use the client side programming model to make use of AJAX techniques in your standard API portlets.
      - Outbound HTTP connection
        Applications in your HCL Portal and the related user activities can require outbound HTTP connections to remote computer systems. The outbound HTTP connection service provides an administration infrastructure with a central point of administration for all outbound HTTP connections that are defined in the portal environment.
        The programming model for the outbound HTTP connection service
        The outbound HTTP connection service can be used from the context of a servlet request service or from the context of a portlet request service. Here are some code examples.
        HTTP proxy for Ajax applications, also known as Ajax Proxy
        One of the basic technologies that emerged in the context of the next generation web user interface is Ajax (Asynchronous JavaScript and XML). Using Ajax can increase the responsiveness and usability of your web applications.
        Configuring outbound HTTP connections
        In HCL Portal Version 8.0 and earlier versions, outbound HTTP connections were accessible through the Ajax Proxy service. The Ajax Proxy service was configured by a configuration document named proxy-config.xml. You find this document in the /WEB-INF directory of the web module that uses the Ajax Proxy service. Starting with HCL Portal Version 8.5 and the new outbound connection service, the configuration of outbound HTTP connections is now part of the standard datastore-based portal configuration.
        Authenticating outbound HTTP connections
        You can protect the access to the remote host by an authentication mechanism.
        Providing user credentials for authenticated connections
        Several authentication handlers require that user credentials are presented in the authentication process. For example, the HTTP basic authentication handler requires such user credentials. Before the outbound connection can be used, these user credentials are set in the Credential Vault.
        Establishing a basic authenticated HTTP connection
        To establish an HTTP connection with basic authentication, you enable an outbound connection policy for HTTP basic authentication.
        Establishing a digest authenticated HTTP connection
        To establish an HTTP connection with digest authentication, you enable an outbound connection policy for HTTP digest authentication.
        Establishing a form-based authenticated HTTP connection
        To establish an HTTP connection with form-based authentication, you enable an outbound connection policy for form-based authentication.
        Establishing SSO connections through LTPA token
        To establish a Single Sign-On (SSO) connection through LTPA token, you enable an outbound connection policy for the SSO connection through LTPA token.
        Establishing SSO connections through SPNEGO token
        To establish a Single Sign-On (SSO) connection through SPNEGO token, you enable an outbound connection policy for the SSO connection through SPNEGO token.
        Establishing SSO connections through SAML 2.0 tokens
        It is possible to establish outbound HTTP connections to remote resources that are authenticated by using the SAML 2.0 protocol. Outbound HTTP connections take care of the communication with the Identity provider (IDP) to get an authenticated connection by using SAML tokens. The SAML Authentication handler uses the HTTP POST binding protocol of the SAML specification. Therefore, it is required that both the Identity Provider and the Service Provider support the HTTP POST binding, if they are used by Outbound HTTP Connections for authentication.
        Configuration settings for SAML authenticated connections
        To enable a connection policy for SAML-based authentication, the following settings must be defined in the metadata section of the policy, the policy mapping, or the default mapping.
        Configuration settings for Tivoli Federated Identity Manager (TFIM)
        Learn about establishing an SAML-based SSO connection for Tivoli Federated Identity Manager. Tivoli Federated Identity Manager must be installed and operational before an SSO connection can be established.
        Finding the Identity Provider login URL and the Partner URL (TFIM)
        In order to establish an SSO connection through Tivoli Federated Identity Manager, you must specify the Identity Provider login URL and the Partner URL. Learn how to find these values from the Tivoli Federated Identity Manager configuration if you do not already know them. If you know these values already, skip this step.
        Creating Identity Provider settings at the Outbound Connection Service configuration (TFIM)
        Certain metadata settings such as the Identity Provider URL and the Partner URL are required to use Tivoli Federated Identity Manager Identity Provider for SSO connections through SAML 2.0 authentication protocol.
        Defining policy rules for the remote connection (TFIM)
        Learn about how to create a policy rule for the SSO connection. Creating a policy rule is required to use the SSO connection for the Identity Provider that you registered.
        Adding the Java Authentication and Authorization Service (JAAS) login module to the Tivoli Federated Identity Manager (TFIM) server
        The Java Authentication and Authorization Service (JAAS) login module is available as a plug-in. This plug-in sets the email address of the logged in user within the security context so that the email address can be used within Tivoli Federated Identity Manager.
        Configuring the Java Authentication and Authorization Service (JAAS) login module
        The behavior of the JAAS login module is configurable. If you change the attribute name for the security context, make sure to adjust the mapping rule accordingly.
        Tivoli Federated Identity Manager (TFIM) mapping for the Java Authentication and Authorization Service (JAAS) login module
        By default, the JAAS plug-in reads a user's email address from the VMM attribute with the name mail. The JAAS plug-in sets the mail attribute in the security context. If you change the name of the attribute in the security context, update the following mapping rule accordingly.
        Configuration settings for Active Directory Federation Services (ADFS)
        Learn about establishing a single-sign on (SSO) connection for Active Directory Federation Services (ADFS).
        Adding or changing endpoint URL settings
        Sometimes a URL needs to include query parameters or POST forms data that isn’t known or cannot be known at the client site. For example, an API key for a REST service, or an application code such as a Google maps key. The URL transformation feature of the outbound connection services can handle this requirement.
        Establish OAuth 2.0 authenticated connections
        The Outbound HTTP Connection services support the connection of remote sites, such as Twitter, Dropbox, or Facebook, which are protected with a OAuth 2.0 authentication protocol. This section describes ways to configure Outbound HTTP connections to access resources which are protected.
        Using dynamic elements in outbound HTTP connection settings
        In some cases, it is useful to control configuration settings at run time. For example, an administrator might want to have the program decide at run time which policy rule is applied. In another scenario, parts of a policy rule configuration that are known only at run time must be included in the configuration.
        Using programmatic extensions for outbound HTTP connections
        To extend the functions of an outbound connection, portal administrators can implement a custom outbound service filter.
        Migration
        HCL Portal Version 8.5 provides a migration process for the change from the Ajax proxy of previous portal versions to the new outbound HTTP connection.
      - Live text for click-to-action
        HCL Digital Experience supports a live text API for user controlled data transfer between components. With live text, a component on a page can declare sources and targets for data transfer. For example, this can be a portlet or a navigation element. When the user clicks on a source element, the portal displays a menu listing targets that match the selected source. When a menu item is selected, the portal invokes the corresponding target passing it the source data. This process is called Click-to-Action (C2A).
    - Client-side aggregation reference
      Refer to programming model guidelines for client-side mode or server-side mode.
    - Portlet communication
      HCL Digital Experience supports multiple ways for portlets to exchange or share information.
    - Dynamic user interfaces
      Learn about dynamic user interfaces that include dynamic pages, dynamic portlets, dynamic UI configuration, dynamic UI properties, and shared dynamic UIs. Get an overview of how to develop a dynamic UI configuration.
    - Collaborative Services API and the person tag
      Collaborative Services are a set of methods and JavaServer Page tags that allow developers who are writing portlets for HCL Portal or other application servers to add Lotus collaborative functionality to their portlets. The services can be used to develop new custom portlets, or to add collaborative functionality (for example, menus or person links indicating online status) to existing portlets.
    - Portlet API
      The Portlet API is no longer supported starting with HCL Portal Version 8.5.0. You must convert portlets based on the Portlet API to the Standard Portlet API. Learn how to convert HCL DX Portlets to Standard API portlets.
    - Portlet development reference
      View important information and concepts related to portlet development.
    - Predefined public render parameters
      HCL Portal defines a set of portal-specific public render parameters, which can be used to work with portal-specific state information within portlets.
    - Sample portlets
      Learn about the sample portlets included with HCL Digital Experience and view the steps to import these samples into IBM Rational Application Developer.
  - HCL DX Portlet Bridge support for JavaServer Faces 2.2
    HCL Digital Experience 8.5 and 9.5 includes the HCL Portlet 2.0 Bridge for JSF 2.2. The bridge provides customers an interface to developing and running JSF Portlets.
  - Web Developer Toolkit for HCL Digital Experience
    Learn more about what you can do with the Web Developer Toolkit for HCL Digital Experience.
  - The Script Application
    The Script Application enables script developers to create portlets for HCL Digital Experience with HTML, JavaScript, and CSS.
  - The HCL Web Content Manager API
    You can use the Web Content Manager API to extend functions of HCL Web Content Manager.
  - Search REST API specification
    The following topics describe-s- the API calls to search HCL Digital Experience. You can search HCL Digital Experience web pages and content to find content that contains a specific text string in its title or content, or is tagged with a specific tag.
  - Extending tagging and rating by using service APIs
    Developers can enhance and extend the tagging and rating features of the portal. For this purpose the portal tagging and rating feature provides service APIs that you can use to enhance tagging and rating by your requirements.
  - How to create a custom launch page
    You can configure an authoring portlet to use a launch page of your own design instead of the default user interface.
  - How to create a custom HTML editor integration
    You can use custom HTML editors in all HTML fields of the authoring interface or specific HTML elements that are defined in an authoring template. Custom HTML fields are used to integrate third-party editors into the authoring interface.
  - How to use remote actions
    Remote actions are used to trigger actions from the HCL Web Content Manager application.
  - How to create custom plug-ins
    A custom plug-in is a reusable Java class that you create to run a task. You can create custom plug-ins such as custom workflow actions, plug-ins to run when a page is rendered, plug-ins to store multi-locale text strings and plug-ins to run when a file is uploaded.
  - Digital Data Connector (DDC) for HCL Portal
    You can use the Digital Data Connector (DDC) for HCL Portal framework to integrate data from external data sources on your portal pages by using HCL Web Content Manager presentation components. External data means that the data does not need to be stored directly in HCL Web Content Manager. For example, you can use DDC to render social data that you have on your HCL Connections server or on other social platforms in the context of your portal pages. Other possible data sources include news feeds, task lists, product catalog information, to name just a few.
  - Determining the current web content context
    To determine the current web content context of a portal page or Web Content Viewer portlet, you can use the WCM Page Context Service. This service provides the ID of the currently rendered item of a page or portlet.
  - REST service for Web Content Manager
    Application developers can use Representational State Transfer (REST) services to work with Web Content Manager. The REST service for Web Content Manager provides authoring access to content items and elements. The service follows the Atom Publication Protocol, and Atom feeds, and entries are accessible in XML (application/atom+xml) and JSON (application/json) format.
  - HCL Experience API
    This shows developers how to provision, configure, and use the HCL Experience API with the HCL Digital Experience 9.5 platform.
  - How to display data from external sources
    You display data from external sources, such as SQL databases, by using the same methods as you would when you create a website.
  - Instrumenting web content for Active Site Analytics
    You can collect information from web content for Active Site Analytics.
  - Java messaging services for web content
    Web Content Manager supports for the notification of events such as item state changes, or services starting and stopping. These notifications can be delivered as messages to the Java messaging service.
  - Reference documents
    Reference copy of API, SPI, Javadoc, and more, for HCL Digital Experience 8.5 and 9.0.
  - Developing basic PAA file applications
    Solution developers can create their own Portal Application Archive (PAA) files. The developers can then use the Configuration Wizard to add on their applications to their HCL Digital Experience environment.
  - Developing advanced PAA file applications
    Developers can create their own advanced Portal Application Archive (PAA) file. The advanced PAA file contains custom content. The developers can then use the Configuration Wizard to add on their applications to their HCL Digital Experience environment.
  - HCL UX Screen Flow Manager
    The HCL UX Screen Flow Manager helps operators, developers, and dialog modelers develop fine-granular, small split portlets. Learn to configure the sequence, transitions, and workflow of a set of screens.
- Docker and Containerization
  Find topic information about Docker and Containerization for HCL Digital Experience.
- Practitioner Studio
  Practitioner Studio is a newly designed user experience for HCL Digital Experience. Please see the following pages to understand how the new navigation is organized.
- HCL Experience API
  This shows developers how to provision, configure, and use the HCL Experience API with the HCL Digital Experience 9.5 platform.
- HCL Content Composer
  The HCL Content Composer delivers simplified processes for creating and managing Digital Experience site content.
- HCL Digital Asset Management
  HCL Digital Asset Management (DAM) adds a central platform to store and include rich media assets in Digital Experience site content to present engaging, consistently branded experiences across digital channels.
- The Woodburn Studio demo site
  The Woodburn Studio is a website that demonstrates the use of some of the popular HCL Digital Experience features.
- Reference
  View information that can help you use our product documentation including terms of use, trademarks, and more.

Adding the Java Authentication and Authorization Service (JAAS) login module to the Tivoli Federated Identity Manager (TFIM) server | HCL Digital Experience

The Java Authentication and Authorization Service (JAAS) login module is available as a plug-in. This plug-in sets the email address of the logged in user within the security context so that the email address can be used within Tivoli Federated Identity Manager.

The local Tivoli Federated Identity Manager server creates SAML tickets to interact with SmartCloud for Social Business. You can identify the user in those tickets by their email address. The default mapping rules in Tivoli Federated Identity Manager enable access to attributes within the security context of a user. It is not possible to use the email address of the user that is currently logged in. Instead of custom programming, HCL Portal provides a Java Authentication and Authorization Service (JAAS) login module implementation that must be added to your Tivoli Federated Identity Manager system. The JAAS plug-in accesses the user's email address and inserts it into the Authorization Token, so the email address can be used within the standard mapping rules. Because the plug-in uses VMM API calls to obtain the email address, the Federated Repository type needs to be configured on your Tivoli Federated Identity Manager system. The following WebSphere® Application Server JAAS login modules must be enabled before you enable the plug-in:

com.ibm.ws.security.server.lm.ltpaLoginModule
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule

The preceding modules are enabled by default.

If these prerequisites are not met in your environment, or you have another way of obtaining the email address that is not stored in your User Repository, you can implement your own JAAS plug-in by using the developerWorks guidelines. For more information, see the developerWorks article Developing a custom Java module in the related links.