Procedure for using SSL for Login and protecting part of portal

WebSphere Portal can be configured to support SSL. It can generate respective URLs if needed; Configuring WPS to communicate to browser on SSL is multistep process and some of the steps should be performed on the WAS and HTTP server.
1) Configure the Web Server to support HTTPs.If this is a production environment, you must obtain a certificate from a certificate authority. For testing purposes, you can use IKEYMAN to generate a self-signed certificate.
2) Configure WAS plugin for the web server to forward websphere traffic that is received over SSL to WAS.
3) If web server and portal server are on separate machine then you should establish trust between web server and application server.
4) Change value of these two properties in ConfigService
The parameter redirect.login.ssl determines the protocol that is used when you click the login button. If this parameter is set to true, https is used. If this parameter is set to false, http is used. This setting is not affected by the protocol that is used to access the main page.
5) Now if you want to use SSL for all the authenticated pages in portal then you should export the wps.ear file and modify the web.xml file in wps.war like this

<security-constraint id="SecurityConstraint_1">
<web-resource-collection id="WebResourceCollection_1">

<auth-constraint id="AuthConstraint_1">
<role-name>All Role</role-name>
<user-data-constraint id="UserDataConstraint_4">

If you set the value of to NONE then only login process is done on SSL.
6) You should also change the login links in themes so that they use ssl. You will have to change theme jsps like this

<wps:if loggedIn="no" notSelection="wps.Login">
<wps:urlGeneration contentNode="wps.Login"
portletWindowState="Normal" ssl="true">
<td class="wpsToolBar" valign="middle" nowrap>
<a href="<% wpsURL.write(escapeXmlWriter); %>" class="wpsToolBarLink">
<wps:text key="link.login" bundle="nls.engine"/>

7) Now repackage and deploy the wps.ear file on portal server.
8) Last change would be to set UseSecureLoginActionUrl config perference to true for Login Portlet.

No comments: