Configuring client certificate authentication for Rational ClearQuest Web

Update the Rational® ClearQuest® Web deployment descriptor to configure client certificate authentication.

About this task

The following variables are used in path names:
WAShome
Directory where WebSphere® Application Server is installed
cqwebProfile
Name of the Rational ClearQuest Web profile

Procedure

  1. Copy the Rational ClearQuest Web deployment descriptor file, web.xml, to a working directory and rename the file. The web.xml file is located in the following directory:
    Windows
    WAShome\profiles\cqwebProfile\installedApps\dfltCell\TeamEAR.ear\cqweb.war\WEB-INF\web.xml
    UNIX Linux
    WAShome/profiles/cqwebProfile/installedApps/dfltCell/TeamEAR.ear/cqweb.war/WEB-INF/web.xml
    Note: Solaris If Rational ClearQuest is installed on the Solaris operating system, the default WebSphere Application Server cell directory is srvNode01Cell. Use this value in place of dfltCell, which is the default directory on Windows, UNIX, and Linux systems.

    For illustrative purposes, the steps in this topic assume that you renamed the web.xml file that you copied to a working directory to web-client-cert.xml.

  2. Edit the web-client-cert.xml file by removing the comment characters <!-- and --> that precede and follow the security elements sections <security-constraint>, <login-config>, and <security-role>: 
    <security-constraint>
	  <web-resource-collection>
		   <web-resource-name>secure</web-resource-name>
			    <url-pattern>/*</url-pattern>
	  </web-resource-collection>

		<auth-constraint>
		   <role-name>ClearQuestUsers</role-name>
		</auth-constraint>

		<user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
		</user-data-constraint>
</security-constraint>

<login-conf>
	<auth-method>CLIENT-CERT</auth-method>
</login-conf>

<security-role>
	<role-name>Rational
                    ClearQuestUsers</role-name>
</security-role>
  3. Save and close the file.
  4. Use the WebSphere Application Server wsadmin utility to apply the deployment descriptor changes:
    1. Change to the working directory where the web-client-cert.xml file resides.
    2. Start the wsadmin utility in a command prompt window:
      Windows
      "WAShome\profiles\cqwebProfile\bin\wsadmin"
      UNIX Linux
      WAShome/profiles/cqwebProfile/bin/wsadmin
    3. Run the following commands:

      wsadmin> $AdminApp update TeamEAR file {-operation update -contents web-client-cert.xml -contenturi cqweb.war/WEB-INF/web.xml}

      wsadmin> $AdminConfig save

      wsadmin> exit

Parent topic: Configuring Rational ClearQuest Web
Previous topic: Configuring the web deployment descriptor file for client certificate authentication of OSLC calls
Next topic: Mapping users to LDAP groups