Securing your help server

You can make your help server accessible only when logged on to the help server or enable remote access to the help server. When you enable remote access, you can create passwords for users to secure your help server.

About this task

There are two security options for controlling access to help administration pages: The control for these options is managed in the Help Administration page and stored in a config.ini file, which is contained within the help file. The first time you access the Help Administration page, you must access it locally from the server that the help is running on. If you cannot access the server locally or do not have a browser installed on the help server, you can edit that config.ini file to grant remote access. You can then use the Help Administration page remotely to grant access for specific users and passwords.
Related concepts:
Configuring the help server to provide local or intranet help by using administration tools

Creating users for the help server

Before you begin

The first time you access the Help Administration page, you must access it locally from the server that the help is running on. If you are not able to log on to the server locally, if you access the server through a remote desktop application for example, you can change the settings to allow remote access by editing the config.ini file for the application server.
To change the help server settings to remote by editing the config.ini file:
  1. Stop the application server.
  2. Open the <application_server_installation>/<web_application_directory>/help/WEB-INF/configuration/config.ini file.
  3. Add the following lines to the config.ini:
    help.type.default=remote
    help.war.security=remote
  4. Clear the cache on the web server.
  5. Restart the application server.

Procedure

  1. In a browser, open the Help Administration page by typing a URL that is in this format: http://server:port/help-name/updater/admin.jsp
    Important: If you are completing this task for the first time, you must log into the help server and access the local server Help Administration page in a browser. Example: http://127.0.0.1:8080/help-name/updater/admin.jsp

    If you have already been added as a user with role based security, you can access the Help Administration page through a browser remotely without logging into the help server. Example: http://server.ibm.com:8080/help-name/updater/admin.jsp

  2. Click the Administrative Access Management tab. The default user is warupdateadmin and uses the password warupdateadmin.
  3. Select an authentication type:
    • Local access only: All users must be logged on to the help server can update the help content.
    • Role based security: All users can log in to the Help Administration page remotely.
  4. Optional: To add a new user, click Add.
    1. Enter a confirm a password for that user. You cannot customize the user name.
    2. Click OK.
  5. To give a user the ability to create other users for help server administration, select the User Administration option. If the User Administration option is not selected, the user can update the help content, but cannot create help server users. The changes you make are automatically saved.

Setting security type preferences

You can set Eclipse and help system security type preferences in your Eclipse workspace

Before you begin

The security preferences might already be configured for your product. Check your product_customization.ini to see whether the values were configured for you.

About this task

Table 1. Eclipse and help system security preferences
Preference Description
com.ibm.ut.help.common.sslcontexts Help server security preference
Example values:
  • SSL
  • SSLv2
  • SSLv3
  • TLS
  • TLSv1
  • TLSv1.1
org.eclipse.help.base.sslcontexts Eclipse security preference
Example values:
  • SSL
  • SSLv2
  • SSLv3
  • TLS
  • TLSv1
  • TLSv1.1

Procedure

To set the security preferences in the user workspace:

  1. Open the following files with a text editor:
    • <application_server_workspace>\.metadata\.plugins\org.eclipse.core.runtime\.settings\org.eclipse.help.base.prefs
    • <application_server_workspace>\.metadata\.plugins\org.eclipse.core.runtime\.settings\com.ibm.ut.help.common.prefs

    Apache Tomcat example: <tomcat_installation_directory>\work\Catalina\server\help\eclipse\workspace\.metadata\.plugins\org.eclipse.core.runtime\.settings\com.ibm.ut.help.common.prefs

  2. Specify both preferences in each .prefs file. You can list more than one SSL type by separating them with commas. When more than one type is specified, each one is tested until the correct type is found. Specify the same values for both preferences.
    Example:
    com.ibm.ut.help.common.sslcontexts=TLS,TLSv1
    org.eclipse.help.base.sslcontexts=TLS,TLSv1
  3. Save the changes to both .prefs files.

Feedback