Verifying that WebSphere Application Server Trust Association Interceptor is enabled
The automated migration of the WebSphere® Portal Express® profile requires that the Trust Association Interceptor (TAI) is enabled so that you can configure content in WebDAV during migration.
Procedure
Verify that TAI is enabled:
- Log in to the WebSphere Integrated Solutions Console.
- Go to Security > Global security.
- Ensure that Enable administrative security and Enable application security are selected.
- In the Authentication section, expand Web and SIP security. Click Trust association.
- Ensure that Enable trust assocation is selected.
If TAI is not enabled, complete the following steps:
- Open a command line and change to the directory
where WebSphere Portal Express ConfigEngine
is installed, on the corresponding operating system:
- Linux: wp_profile_root/ConfigEngine
- IBM® i: wp_profile_root/ConfigEngine
- Windows: wp_profile_root\ConfigEngine
- Enter the following command:
- Linux: ConfigEngine.sh enable-http-basic-auth-tai-sitemgmt -DPortalAdminPwd=password -DWasPassword=password
- IBM i: ConfigEngine.sh enable-http-basic-auth-tai-sitemgmt -DPortalAdminPwd=password -DWasPassword=password
- Windows: ConfigEngine.bat enable-http-basic-auth-tai-sitemgmt -DPortalAdminPwd=password -DWasPassword=password
Note: This task uses the settings in the file wkplc_comp.properties to configure the TAI. Although the TAI settings are pre-configured to work without requiring adjustment, you can change the settings before you run the task if you need to configure the TAI differently. - Stop and restart the portal.
- Optional: Perform this step if you have SSL
configured. Establish trust between two WebSphere cells:
- For preparation, determine the URL to the administrative console of the client WebSphere cell. For example, the URL can be similar to https://myclientserver.yourco.com:9043/ibm/console.
- Open the administrative console by using the URL that you obtained by the previous step.
- Click Security > SSL certificate and key management > Key stores and certificates.
- On the keystores and certificates panel click CellDefaultTrustStore or NodeDefaultTrustStore, depending on whether you have a cluster or single node configuration.
- On the xxxDefaultTrustStore panel, locate the column Additional properties and click Signer certificates.
- On the Signer certificates panel, click Retrieve from port.
- Complete the fields and select the options as follows:
- Host
- The host name of the client server, for example your_target_server.your_co.com.
- Port
- The secure port on the client server, for example 9043.
- SSL configuration for outbound connection
- Select the SSL configuration for the outbound connection, such as CellDefaultSSLSettings or NodeDefaultSSLSettings.
- Alias
- The alias name, for example name_of_your_alias.
- Select Retrieve signer information. The signer information is displayed.Note: The error message CWPKI0661E: Unable to get certificate signer information from host name "yourtargetserver.yourco.com" and port "9043". Verify host name and port are correct might appear for one of two reasons:
- A certificate is imported from the target location.
- A previously deleted certificate has not timed out and been removed.
- Click OK. Your alias is now shown in the list.
- Click Save.
- Stop and restart the portal.
- Optional: Currently, if you have a clustered environment without automatic synchronization, you need to resynchronize the node agents.