Update the Rational ClearQuest® Web
deployment descriptor to configure client certificate authentication.
Before you begin
See
Technote 1616504 to learn about additional
smart card configuration changes for the
web.xml deployment
descriptor file.
About this task
The following variables are used in path names in this
topic:
- WAS-home
- Directory where WebSphere Application Server is installed
- cqweb_profile
- Name of the Rational ClearQuest Web profile
Procedure
- Copy the ClearQuest Web
deployment descriptor file, web.xml, to a working
directory and rename the file. The web.xml file
is located in the following directory:
- On Windows:
- WAS-home\profiles\cqweb_profile\installedApps\dfltCell\TeamEAR.ear\cqweb.war\WEB-INF\web.xml
- On the UNIX system and Linux:
- WAS-home/profiles/cqweb_profile/installedApps/dfltCell/TeamEAR.ear/cqweb.war/WEB-INF/web.xml
Important: If ClearQuest is installed on
the Solaris platform, the default WebSphere Application Server cell
directory is <srv>Node01Cell . Use this value
in place of dfltCell, which is the default directory
on Windows, the UNIX system, and Linux platforms.
For
illustrative purposes, the steps in this topic assume that you have
renamed the web.xml file that you copied to a
working directory to web-client-cert.xml.
- Edit the web-client-cert.xml file
by removing the comment characters <!-- and --> that
precede and follow the security elements sections <security-constraint>, <login-config>,
and <security-role>:
<security-constraint>
<web-resource-collection>
<web-resource-name>secure</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ClearQuestUsers</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-conf>
<auth-method>CLIENT-CERT</auth-method>
</login-conf>
<security-role>
<role-name>ClearQuestUsers</role-name>
</security-role>
- Use the WebSphere® Application
Server wsadmin utility to apply the deployment
descriptor changes:
- Change to the working directory where the web-client-cert.xml file
resides.
- Start the wsadmin utility
in a command prompt window:
- On Windows:
- "WAS-home\profiles\cqweb_profile\bin\wsadmin"
- On the UNIX system and Linux:
- WAS-home/profiles/cqweb_profile/bin/wsadmin
- Run the following commands:
wsadmin> $AdminApp
update TeamEAR file {-operation update -contents web-client-cert.xml
-contenturi cqweb.war/WEB-INF/web.xml}
wsadmin> $AdminConfig
save
wsadmin> exit