You use the administrative console to configure the security settings
that are used by InfoSphere® MDM
Reference Data Management Hub.
Before you begin
Start the administrative console and log in.
Procedure
- In the Authentication section, select LTPA.
- Go to .
- Select Authenticate only when the URI is protected and Use
available authentication data when an unprotected URI is accessed.
- Select Default to basic authentication.
- Click OK.
- Go to .
- Enable the following options. Leave the other options disabled.
- Enabled
- Web inbound security attribute propagation
- Click Apply.
- In the Global security Messages section, click Save.
- Important: To ensure correct session invalidation
when users log out, implement the following configuration.
- In the administrative console, go to .
- Click Custom properties. The Custom
properties page opens.
- Click New.
- In the Name field, type com.ibm.ws.security.web.logoutOnHTTPSessionExpire
- In the Value field, type true
- Click Apply.
- Important: To set session cookies with the HttpOnly
attribute, implement the following configuration.
- While still on the Custom properties page,
click New.
- In the Name field, type com.ibm.ws.webcontainer.HTTPOnlyCookies
- In the Value field, type *.
- Click OK.
- Important: To restrict session cookies to HTTPS
sessions, implement the following configuration.
- Go to .
- Click Enable cookies.
- Enable Restrict cookies to HTTPS.
- Click Apply.
- Important: To ensure proper session creation and
invalidation, implement the following configuration.
- Go to .
- Click New.
- In the Name field, type: InvalidateOnUnauthorizedSessionRequestException
- In the Value field, type: true
- Stop and restart the IBM® WebSphere® Application Server.
