This section describes how to install and configure the WebSphere Application Server/Portal Server agent in a single WebSphere Portal Server 6.1 environment, including:
To install this agent in a Network Deployment environment, you must install and configure one agent instance onto the Deployment Manager server instance, each Node Agent instance, each Portal Server instance, and each Application Server instance.
Before installing the agent, you must stop the WebSphere Portal Server 6.1 environment, including the Application Server server1 instance and the Portal Server WebSphere_Portal instance.
The pre-installation tasks for WebSphere Portal Server 6.1 are the same as Pre-Installation Tasks for the WebSphere Application Server/Portal Server Agent.
Note: Each agent instance must have a unique agent profile. You can create each agent profile as described in Creating an Agent Profile or during the agent installation using the agentadmin --custom-install option.
When you install the agent on WebSphere Portal Server 6.1, you must run the agent installation program on every instance of the underlying WebSphere Application Server. In a single Portal Server environment, this includes two instances: the default instance, often named server1, and the WebSphere Portal Server 6.1 instance, often named WebSphere_Portal.
In a single Portal Server environment, the recommended installation sequence is:
Install the first instance of the WebSphere Application Server/Portal Server agent on the Application Server server1 instance.
Ensure that the WebSphere Portal Server 6.1 environment is down.
On the machine running WebSphere Portal Server 6.1, install the agent onto the Application Server server1 instance, as described in Installing the WebSphere Application Server/Portal Server Agent.
Installation considerations are:
Use the agentadmin --custom-install option.
Several prompts specific to this installation are:
Prompt |
Description |
---|---|
Instance Config Directory |
Path to the configuration directory for the WebSphere Application Server instance. For example: /opt/IBM/WebSphere/wp_profile/config/cells/hostname/nodes/hostname/servers/server1 |
Server Instance Name |
Name of the WebSphere Application Server instance. For example: server1 |
Agent URL |
Agent URL, including the deployment URI. For example: http://agenthost.example.com:10000/agentapp Note: This URL is where agentapp will be deployed. 10000 is default port of the server1 instance. |
Ensure that the WebSphere Portal Server 6.1 environment is down.
On the machine running WebSphere Portal Server 6.1, install the agent onto the Portal Server WebSphere_Portal instance, as described in Installing the WebSphere Application Server/Portal Server Agent.
Installation considerations are:
Use the agentadmin --custom-install option.
Several prompts specific to this installation are:
Prompt |
Description |
---|---|
Instance Config Directory |
Path to the configuration directory for the WebSphere Application Server instance. For example: /opt/IBM/WebSphere/wp_profile/config/cells/hostname/nodes/hostname/servers/WebSphere_Portal |
Server Instance Name |
Name of the WebSphere Application Server instance. For example: WebSphere_Portal |
Agent URL |
Agent URL, including the deployment URI. For example: http://agenthost.example.com:10040/agentapp Note: This URL is where agentapp will be deployed. 10040 is default port of the WebSphere_Portal instance. |
Some of the following post-installation tasks are unique to WebSphere Portal Server 6.1, while other tasks are identical to the same task for WebSphere Application Server:
WebSphere Portal Server: Creating the Primary Administrative User in OpenSSO Enterprise
WebSphere Portal Server: Performing Global Configuration Tasks
Adding the Agent Filter to the WebSphere Portal Server 6.1 Application
WebSphere Portal Server: Creating the Necessary URL Policies
WebSphere Portal Server: Restarting WebSphere Portal Server 6.1
Perform this task once for all agent instances. This user (for example, wasadmin) is either the administrative user who installs WebSphere Portal Server or an administrative user designated after the WebSphere Portal Server installation is finished.
Note: You can skip this task if this administrative user or an equivalent has already been configured to authenticate with OpenSSO Enterprise.
Otherwise, by default, create wasadmin in the OpenSSO embedded Configuration Data Store. This data store needs to be involved in authentication with OpenSSO Enterprise (for example, via an authentication chain).
Follow the steps in Creating the Primary Administrative User in OpenSSO Enterprise.
Perform this task for each WebSphere Application Server instance, including the Application Server server1 instance and the Portal Server WebSphere_Portal instance.
Follow the steps in Deploying the Agent Application.
Perform the following tasks only if you are also Performing Global Configuration Tasks for WebSphere Application Server 6.1/7.0:
WebSphere Portal Server: Changing the Logout Link Actions for WebSphere Portal Server 6.1
WebSphere Portal Server: Enabling Global Security for WebSphere Application Server
WebSphere Portal Server: Setting the Application Logout URI For the IBM Console
WebSphere Portal Server: Enabling Cookie Reset for the Agent Profile
Follow the steps in Adding an OpenSSO Enterprise Trust Association Interceptor to WebSphere Application Server 6.1/7.0.
This task provides a seamless user experience of single sign-off with OpenSSO Enterprise.
To Change the Logout Link Actions for WebSphere Portal Server 6.1
Ensure that the WebSphere Application Server and WebSphere Portal Server 6.1 instances are running.
Access the WebSphere administrative console by entering the following URL in the location field of a Web browser:
http://example.com:admin_port/ibm/console
where example.com is the name of the server and admin_port is the port assigned to the administrative console.
Click Resources > Resources Environment > Resource Environment Providers.
On the Resource Environment Providers page, make the appropriate selection, depending on your version of WebSphere Application Server and your portal environment:
For WebSphere Application Server Version 6.1, select the appropriate node or cluster from the scopes pull-down list, depending on your portal environment.
For WebSphere Application Server Version 7.0, select the appropriate node or cluster from the scopes pull-down list. Or uncheck the Show Scope selection drop-down checkbox and select one of the following options, depending on your portal environment:
If your portal is running as a single server, select Browse Nodes and select the node.
If your portal is installed in a cluster, select Browse Clusters and select the portal cluster.
Select the “WP ConfigService” service.
Click Custom Properties.
Do the following, as required:
Set redirect.logout to true.
Set redirect.logout.ssl to true or false, depending upon the environment.
Set redirect.logout.url to the OpenSSO Enterprise logout URL. For example:
http://opensso-host.example.com:8080/opensso/UI/Logout
When you are done, click Save at the top of the screen under Message(s).
If you are running a cluster configuration, replicate your changes to the cluster.
If Global Security is not enabled, follow the steps in Enabling Global Security for WebSphere Application Server 6.1/7.0.
For each agent profile, including the agent profile for the WebSphere Application Server server1 instance and the WebSphere Portal Server WebSphere_Portal instance, perform the steps in Setting the Application Logout URI For the IBM Console.
For each agent profile, including the agent profile for the WebSphere Application Server server1 instance and the WebSphere Portal Server WebSphere_Portal instance, perform the steps in Enabling Cookie Reset for the Agent Profile.
Perform the steps in Installing the Agent Filter for the WebSphere Application Server 6.1/7.0 Administration Console.
This required task integrates the WebSphere Portal Server 6.1 instance with the OpenSSO Enterprise environment.
Note: Perform this task only once per WebSphere Portal Server 6.1 instance for a given host.
The WebSphere Application Server/Portal Server agent provides a servlet filter that you can add to the WebSphere Portal Server 6.1 application. This filter allows the enforcement of coarse grained URL policies defined within OpenSSO Enterprise server to further control the access to protected resources on the WebSphere Portal Server 6.1 instance. The filter can also be configured to provide additional personalization information in the form of HTTP headers, cookies, or HTTP request attributes that can be used to further enhance the functionality of the protected components.
Ensure that the WebSphere Portal Server 6.1 environment is down.
Locate the wps.war/WEB-INF/web.xml file, which contains the deployment descriptors for WebSphere Portal Server 6.1.
WebSphere Application Server can read this file at runtime from either of the following directories:
WAS-base/wp_profile/installedApps/Cell-Name/wps.ear/wps.war/WEB-INF
WAS-base/wp_profile/config/cells/Cell-Name/applications/wps.ear/deployments/wps/wps.war/WEB-INF
where:
WAS-base represents the directory where WebSphere Portal Server 6.1 was installed
Cell-Name represents the WebSphere Portal Server 6.1 cell protected by the agent. The default is hostname.
Backup the two web.xml files before modifying the deployment descriptors.
Since you will modify the deployment descriptor in the next step, creating backup files is important, especially if you need to uninstall the agent in the future.
Edit both web.xml files from the previous step, as follows:
<display-name>WebSphere Portal Server</display-name> <filter id="Filter_PolicyAgent"> <filter-name>Policy Agent</filter-name> <filter-class> com.sun.identity.agents.filter.AmAgentFilter </filter-class> </filter> ... //other filter definitions <filter-mapping id="FilterMapping_PolicyAgent"> <filter-name>Policy Agent</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> ... //other filter mappings </web-app>
If the WebSphere Application Server/Portal Server agent is installed and configured to operate in ALL mode, you must create the appropriate URL policies.
Note: Since WebSphere Portal Server is protected by J2EE declarative security, the agent should operate in J2EE_POLICY or ALL mode.
For example, if WebSphere Application Server with the Administration Console is listening on ports 10027 (http) and 10041 (https), respectively, and WebSphere Portal Server is listening on port 10040 (http), create the following polices for the WebSphere Administrative user ID (wasadmin or wpsadmin) to allow the user access to the WebSphere Administration Console and Portal Server URLs:
http://agenthost.example.com:10027/*
https://agenthost.example.com:10041/*
http://agenthost.example.com:10040/*
https://agenthost.example.com:10041/*?*
http://agenthost.example.com:10040/*?*
Notes:
These examples assume that http://agenthost.example.com:10027/ibm/console is the Administration console URL on WebSphere_Portal and http://agenthost.example.com:10040/wps/myportal is the Portal Server URL.
Port 10041 is the corresponding https port of http port 10027. When an http request comes to port 10027, it will be redirected to 10041 as an https request.
Only the protected portal http://agenthost.example.com:10040/wps/myportal is supported by the agent. The non-protected portal http://agenthost.example.com:10040/wps/portal is not supported.
http://agenthost.example.com:10001/*
https://agenthost.example.com:10003/*
http://agenthost.example.com:10000/*
https://agenthost.example.com:10003/*?*
http://agenthost.example.com:10000/*?*
Notes:
These examples assume that http://agenthost.example.com:10001/ibm/console is the Administration console URL on server1and http://agenthost.example.com:10000 is the server1 server URL.
Port 10003 is the corresponding https port of http port 10001. When an http request comes to port 10001, it will be redirected to 10003 as an https request.
Consider the other Optional Post-Installation Tasks for the WebSphere Application Server/Portal Server Agent.
After you are finished performing all post-installation tasks, restart the WebSphere Portal Server 6.1 environment.