WebSphere Portal Collaboration Security Handbook

WebSphere Portal Collaboration Security Handbook

by Budi Darmawan, Andri Firtiyan, Charles Price Jr.
Released December 2004
Publisher(s): IBM Redbooks
ISBN: None

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Security is the hottest topic in the current Web-centric computing environment. This issue becomes the single largest concern for IT professionals who are stakeholders for Web applications, such as administrators, programmers, and users.

In this IBM Redbooks publication, we discuss this security issue with the implementation of IBM WebSphere Portal Extend for Multiplatforms in an IBM Lotus collaborative environment. This discussion is scenario-based and aims to assist in the deployment of WebSphere Portal with Lotus Collaborative Components in a secure implementation. We describe several degrees of security, noting their advantages and disadvantages.

The primary goal of this scenario is to have a WebSphere Portal server with Lotus Team Workplace (formerly called QuickPlace) and Lotus Instant Messaging and Web Conferencing (formerly called Sametime) environment set up and running securely.

We discuss proxy authentication with IBM Tivoli Access Manager for e-business Version 5.1 and discuss the use of various identity providers, such as IBM Tivoli Directory Server, Domino LDAP, and Microsoft Active Directory.

Table of contents

  1. Notices
    1. Trademarks
  2. Preface
    1. The team that wrote this redbook
    2. Become a published author
    3. Comments welcome
  3. Chapter 1: Portal security introduction
    1. Security in the on demand world
    2. Portal security needs
      1. Encryption
      2. Authentication
      3. Authorization
      4. Single sign-on
      5. Protocol filtering
      6. Intrusion detection
    3. Overview of IBM products
      1. IBM WebSphere Portal Extend for Multiplatforms
      2. IBM Lotus Instant Messaging and Web Conferencing
      3. IBM Lotus Team Workplace
      4. IBM Lotus Domino
      5. IBM Lotus Workplace
      6. IBM Tivoli Access Manager for e-business
      7. IBM Tivoli Directory Server
      8. IBM Tivoli Directory Integrator
    4. Document structure
  4. Chapter 2: Portal security concepts
    1. Security concerns
    2. Communication encryption
      1. Cryptographic principles
      2. Secure Sockets Layer protocol
    3. User identity and authentication
      1. Directories
      2. WebSphere Member Manager
      3. Credential Vault mechanism
      4. Lightweight Third Party Authentication token
      5. Trust Association Interceptor
    4. Authorization topics
      1. Java 2 Platform, Enterprise Edition security
      2. IBM Tivoli Access Manager for e-business
    5. Security facilities in portlets
  5. Chapter 3: Implementation planning and considerations
    1. Planning
      1. Hardware and software prerequisites
      2. Software used in the our run-time environment
      3. Software installation source
      4. Software installation paths and variables
    2. Collaborative portal interaction
      1. Server picker overview
      2. Overview of how the automatically detect my mail database feature works
      3. Database picker overview
      4. Lotus Team Workplace picker overview
      5. Portal awareness overview
    3. Implementation options
  6. Chapter 4: Implementing and configuring basic LTPA authentication with IBM Directory Server
    1. Overview
    2. Implementing IBM WebSphere Portal
      1. Installing Base WebSphere Portal V5.0
      2. Upgrading WebSphere Portal to V5.0.2
      3. Upgrading to WebSphere Portal Cumulative Fix 1 (V5.0.2.1)
      4. Installing DB2 Universal Database
      5. Configuring WebSphere Portal for DB2
      6. Configuring WebSphere Portal for IBM HTTP Server
      7. Connecting WebSphere Portal to a directory server
    3. Installing the Lotus Collaborative Components
      1. Installing Lotus Domino V6.5.2
      2. Installing Lotus Team Workplace V6.5.1
      3. Installing Lotus Instant Messaging and Web Conferencing
      4. Common Domino administrative procedures (1/2)
      5. Common Domino administrative procedures (2/2)
    4. Installing Domino Extended Products portlets
      1. Configuring WebSphere Portal for collaborative portlets
      2. Installing the Domino Extended Products portlets
      3. Configuring the Collaboration Services to bind to Domino LDAP
      4. Enabling server access for portlets
      5. Configuring single sign-on
      6. Lotus Team Workplace portlets settings
      7. Configuring the My Team Workplace portlet
      8. Lotus Instant Messaging and Web Conferencing portlets
      9. Allowing Contact List portlet to access Instant Messaging server
      10. Configuring the Lotus Web Conferencing portlet
      11. Lotus Team Workplace and Instant Messaging
      12. Configuring People Finder
      13. Setting up Sametime awareness and chat
      14. Setting up Web Conferencing meetings
    5. Placing portlets on a page for testing
    6. Known problems and fixes in this configuration
  7. Chapter 5: Setting up secure communication
    1. SSL implementation scope
    2. Enabling SSL on Domino-based products
      1. Configuring the Domino certificate authority (1/2)
      2. Configuring the Domino certificate authority (2/2)
      3. Enabling SSL on additional Domino servers (1/2)
      4. Enabling SSL on additional Domino servers (2/2)
      5. Enabling SSL on Lotus Team Workplace
      6. Enabling SSL on Lotus Instant Messaging and Web Conferencing (1/2)
      7. Enabling SSL on Lotus Instant Messaging and Web Conferencing (2/2)
    3. Enabling SSL on the IBM Directory Server
    4. Enabling SSL on the WebSphere Portal server
      1. Configuring IBM HTTP Server
      2. Configuring WebSphere Application Server
      3. Configuring SSL in WebSphere Portal
    5. SSL communication with IBM Directory Server
      1. Enabling SSL for WebSphere LDAP connections
      2. Enabling SSL for WebSphere Portal LDAP connections
      3. Enabling SSL for Lotus Team Workplace
      4. Enabling SSL for Lotus Instant Messaging and Web Conferencing
    6. SSL between the WebSphere Portal and Domino applications
      1. Connecting the cs.jar file to the Domino mail and application servers over SSL
      2. Connecting cs.jar to Domino LDAP over SSL
      3. Configuring the Domino portlets for SSL connection
      4. Connecting cs.jar to Lotus Team Workplaces over SSL
      5. Configuring the Team Workplace portlets to connect over SSL
      6. Connecting cs.jar to the Instant Messaging and Web Conferencing server over SSL
      7. Configuring Instant Messaging and Web Conferencing portlets to connect over SSL
    7. SSL between Team Workplace and Instant Messaging and Web Conferencing
      1. Configuring Instant Messaging (Sametime) awareness and chat over SSL
      2. Configuring Web Conferencing (Sametime) meetings over SSL
  8. Chapter 6: Incorporating IBM Tivoli Access Manager for e-business
    1. Overview
    2. Installing the policy server node
      1. Configuring Tivoli Directory Server for Tivoli Access Manager
      2. Installing Tivoli Access Manager
      3. Configuring Tivoli Access Manager
      4. Installing Tivoli Access Manager V5.1 Base Fix Pack 2
    3. Installing the reverse proxy node
      1. Prerequisites
      2. Tivoli Access Manager: Installing WebSEAL
      3. Tivoli Access Manager: Configuring WebSEAL
      4. Installing Tivoli Access Manager V5.1 Base Fix Pack 2
      5. Installing Tivoli Access Manager V5.1 WebSEAL Fix Pack 2
    4. Java Runtime Environment on WebSphere Portal
    5. Enabling SSL between WebSEAL and WebSphere Portal
      1. Enabling SSL for the WebSphere Portal server machine
      2. Importing IBM HTTP Server certificate into WebSEAL keystore
      3. Exporting the WebSEAL certificate
      4. Importing WebSEAL certificate into IBM HTTP Server keystore
      5. Enabling mutual SSL for IBM HTTP Server
    6. Configuring WebSphere Portal for access authorization
      1. Configuring SSL between WebSphere Portal and Tivoli Access Manager
      2. Implementing JAAS authentication
      3. Modifying WebSphere Portal configuration files
      4. Verifying entries in Tivoli Access Manager for WebSphere Portal external authorization
    7. Configuring WebSphere Portal authentication
      1. Applying Tivoli Access Manager ACLs to new LDAP suffixes
      2. Defining additional MIME types for WebSphere Application Server
      3. Creating a WebSEAL junction
      4. Enabling forms authentication on WebSEAL
      5. Importing WebSphere Portal users and groups into Tivoli Access Manager
      6. Defining access controls for WebSphere Portal URIs
      7. Configuring the junction mapping table
      8. Configuring SSO for WebSEAL and WebSphere through TAI
      9. Activating the LTPA junction with WebSEAL
      10. Configuring WebSphere Portal login and logout for WebSEAL (1/2)
      11. Configuring WebSphere Portal login and logout for WebSEAL (2/2)
    8. Protecting Domino Extended Products
      1. Configuring Tivoli Access Manager to not protect the Domino Extended Products
      2. Protecting the Domino mail and application servers with an LTPA junction
      3. Protecting Lotus Team Workplace with an LTPA junction
      4. Protecting Lotus Instant Messaging and Web Conferencing with an LTPA junction
  9. Chapter 7: Integrating directory servers in an IBM WebSphere Portal environment
    1. IBM Tivoli Directory Server V5.2 environment
      1. Installing Tivoli Directory Server V5.2
      2. Configuring Tivoli Directory Server
      3. Configuring WebSphere Portal for Tivoli Directory Server (1/2)
      4. Configuring WebSphere Portal for Tivoli Directory Server (2/2)
      5. Configuring Team Workplace with IBM Tivoli Directory Server
      6. Configuring Instant Messaging and Web Conferencing for IBM Tivoli Directory Server
    2. Dual directory environment
      1. Changing Domino LDAP and WebSphere Portal
      2. Configuring Team Workplace for a dual directory environment
      3. Configuring Instant Messaging and Web Conferencing for a dual directory environment
      4. Configuring People Finder
      5. Configuring Team Workplace to work with Instant Messaging and Web Conferencing
    3. Microsoft Active Directory environment
      1. WebSphere Portal and Microsoft Active Directory
      2. Configuring single sign-on
      3. Configuring Team Workplace with Microsoft Active Directory
      4. Configuring Instant Messaging and Web Conferencing for Microsoft Active Directory
      5. Configuring People Finder for Microsoft Active Directory
      6. Configuring Tivoli Access Manager
  10. Appendix A: Web Administration Tool for IBM Tivoli Directory Server and Tivoli Access Manager
    1. Installing Tivoli Web Administration Tool overview
    2. Installing WebSphere Application Server
      1. Installing WebSphere Application Server V5.0
      2. Installing WebSphere Application Server V5 Fix Pack 2 (V5.0.2)
      3. Verifying WebSphere Application Server V5.0.2
    3. Installing the Tivoli Web Administration Tool
      1. Installing Web Administration Tool
      2. Deploying Web Administration Tool on WebSphere Application Server
    4. Configuring the Tivoli Web Administration Tool
      1. Defining the directory server node to the Web Administration Tool
      2. Verifying the administration of IBM Tivoli Directory Server
      3. Changing the password encryption method
  11. Abbreviations and acronyms
  12. Related publications
    1. IBM Redbooks
    2. Other publications
    3. Online resources
    4. How to get IBM Redbooks
    5. Help from IBM
  13. Index (1/2)
  14. Index (2/2)
  15. Back cover

Product information

  • Title: WebSphere Portal Collaboration Security Handbook
  • Author(s): Budi Darmawan, Andri Firtiyan, Charles Price Jr.
  • Release date: December 2004
  • Publisher(s): IBM Redbooks
  • ISBN: None