You can configure the Rational ClearQuest Web deployment
descriptor file, web.xml, to enforce client certificate
authentication for OSLC URL patterns.
Before you begin
Verify that all OSLC (Open Services for Lifecycle Collaboration)
consumers that access the server can be configured to use client certificates
when the consumers log in to the target providers.
About this task
The Rational ClearQuest Web application includes a web
deployment descriptor file, web.xml. The descriptor
file includes a commented section with instructions about how to include
rules that enable client certificate authentication. These rules contain
explicit exemptions for OSLC URL patterns that allow OSLC integrations
to operate by using the standard ClearQuest authentication algorithm.
You can refine the list of URL exemptions in the web.xml file
to configure client certificate authentication for OSLC integrations.
The
configuration changes affect all OSLC integrations for the Rational
ClearQuest Web server. It is not possible to selectively specify that
some OSLC consumers use standard authentication while others use client
certificates.
The following variables are used in path names:
- WAS-home
- Directory where WebSphere Application Server is installed
- cqweb_profile
- Name of the Rational ClearQuest Web profile
Procedure
- Copy the ClearQuest® Web
deployment descriptor file, web.xml, to a working
directory and rename the file. The web.xml file
is in the following directory:

- WAS-home\profiles\cqweb_profile\installedApps\dfltCell\TeamEAR.ear\cqweb.war\WEB-INF\web.xml

- WAS-home/profiles/cqweb_profile/installedApps/dfltCell/TeamEAR.ear/cqweb.war/WEB-INF/web.xml
Important: 
If ClearQuest is installed on the Solaris
operating system, the default WebSphere Application Server cell directory
is
srvNode01Cell. Use this value in place of
dfltCell,
which is the default directory on Windows, UNIX, and Linux systems.
For
illustrative purposes, the steps assume that you renamed the web.xml file
that you copied to a working directory to web-client-cert.xml.
- Edit the web-client-cert.xml file
by removing the comment characters <!-- and --> that
precede and follow the <security-constraint> security
element section. Replace the <security-constraint> element
for <web-resource-name>CQBridge</web-resource-name> with
the following security rules:
<security-constraint>
<web-resource-collection>
<web-resource-name>CQBridge</web-resource-name>
<url-pattern>/html/*</url-pattern>
<url-pattern>oauth-request-consumer/*</url-pattern>
<url-pattern>oauth-access-token/*</url-pattern>
<url-pattern>oauth-request-token/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
- Save the changes.
- Complete the steps in Configuring
client certificate authentication for ClearQuest Web, starting
at step 2.