IBM Support

Setting up APIs for external WebSphere Application Server Liberty on Content Collector Server

Product Documentation


Abstract

This document provides information on how to set up APIs for external Web Application Server Liberty on IBM Content Collector (ICC) server.

Content

Enabling administrative and application security
 
Perform the following to enable administrative and application security.
  1. Start the IBM Content Collector Web Application Liberty service.
  2. Open this adminCenter URL in a browser: https://<EXTERNAL _LIBERTY_SERVER>:<PORT>/adminCenter/
  3. Enter the login credentials on the login page.
    Note: The default username and password are admin and admin, respectively.
  4. Click Server Config on the homepage.
  5. Open the server.xml file.
  6. Switch to the Source mode and uncomment the following XML tags:
    1. <feature>ldapRegistry-3.0</feature>
    2. <ldapRegistry>…</ ldapRegistry>
    3. <administrator-role>…</administrator-role>
    4. <webAppSecurity/>
  7. Comment out this XML tag: <quickStartSecurity/>
    This tag needs to be removed because it creates a conflict while logging in with LDAP registry.
  8. Switch back to the Design mode.
  9. Go to LDAP User Registry element and enter the following details.
    1. Host: Replace the prepopulated value to the hostname of the LDAP server.
    2. Base distinguished name (DN): Enter the domain components of the user DN.
      For example, dc=ibm, dc=com
    3. Bind distinguished name (DN): Enter the full distinguished name of the user.
      For example, cn=adminUsername, cn=users, dc=ibm, dc=com
    4. Bind password: Enter the password of the user in LDAP.
      This user should be the same as the web application service user. For more information refer to configuring LDAP user registries in Liberty.
      Note: The above-mentioned values are dynamic in nature. The rest of the fields are either optional or have prepopulated values.
  10. Provide administrative privileges to the user configured in step 9. Switch to the Source mode and replace the username and bindDN as shown in the example below.
    <administrator-role>
    <user name="username ">bindDN<ldapRegistry>section</user>
    </administrator-role>
    It is also possible to create a group and assign them administrator roles.
  11. Click Save and Close the browser.
  12. Stop and restart the Web Application Liberty service.
  13. Reopen the browser and perform the following:
    1. Go to the adminCenter URL given in step 2.
    2. Log in with the user configured in step 9.
      Note: You can no longer log in with the default username and password as mentioned in step 3.
  14. Go to Server Config and click a6_afu_web.xml file.
  15. Switch to the Source mode and perform the following:
    1. Uncomment this tag: <application-bnd>…</application-bnd>
    2. Set the name attribute to the username configured in step 9.
      Note: This step maps the configured User/Group to iccUser_Role.
  16. Click Save and Close.
Note: You can make all the above-mentioned changes by editing the XML files mentioned in step 5 and 14 directly. The files are present in the following paths:
  • server.xml: <WLP_INSTALL_DIR>/usr/servers/AFUWeb
  • a6_afu_web.xml: <WLP_INSTALL_DIR> /usr/servers/AFUWeb/configDropins/overrides
Adding certificates to Trust Store
 
Perform the following to add certificates to the Trust Store.
  1. Navigate to this filepath: <WLP_INSTALL_DIR>/usr/servers/AFUWeb/resources/security.
  2. Run the ikeyman tool.
  3. Click Open and modify the following:
    1. Change the Key database type to PKCS12.
    2. Edit the File Name to key.p12.
  4. Click OK and enter the password, which is Passw0rd. (numeric value 'zero')
  5. Select Signer Certificates from the drop-down values of Key database content field.
  6. Click Add and navigate to the root Certificate Authority (CA) certificate on your machine.
  7. Close the ikeyman tool.
  8. Restart the Web Application Liberty service.
 
Providing certificates for API calls
You need to provide client certificates for API calls. For more information refer to Provide certificates for API calls.

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSAE9L","label":"Content Collector"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"4.0.1.10","Edition":"Interim Fix 5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
07 November 2019

UID

ibm11103181

Page Feedback