Properties file: wkplc_comp.properties
WebSphere Portal URLs
Define the URL that is used to access your portal site.
- WpsDefaultHome
- Description
The first page that site visitors see before they log in to the site. Valid characters are alphabetic and numeric including underscore and dash. The value entered must be different than the Personalized Home value. If portal is the default home, the following is an example of the URL for the site: http://localhost:10039/wps/portal
In this example:- localhost is the portal host name (WpsHostName)
- 10039 is the host port (WpsHostPort)
- wps is the context root (WpsContextRoot).
- Default value
- portal
- Examples
- : portal
- WpsPersonalizedHome
- Description
- The page that site visitors see after they log in to the site. Valid characters are alphabetic and numeric including underscore and dash.The value entered must be different than the Default Home value. If myportal is the personalized home, then the following is an
example URL for the site: http://localhost:10039/wps/myportal
In this example:
- localhost is the portal host name (WpsHostName)
- 10039 is the host port (WpsHostPort)
- wps is the context root (WpsContextRoot).
- Default value
- myportal
- Examples
- : myportal
Properties for WebSphere Portal integration with IBM Process Server
The following properties are used to configure integration with WebSphere Process Server. You must provide information about the already installed WebSphere Process Server.
XMLAccess properties
Advanced Security Configuration using External Security Managers
The following parameters are used for advanced security configuration using external security managers. Use the properties to specify namespace management parameters that are common to TAM and SiteMinder
- wp.ac.impl.EACserverName
- Description
- (Optional) You can set different "contexts" to further distinguish externalized role names from other role names in the Tivoli Access Manager namespace. This context information will be added to the namespace entry created upon role externalization. If any of the three context values (EACserverName, EACcellName, or EACappName) are null, none will be used.
- Default value
- WebSphere_Portal
- Examples
- None available
- wp.ac.impl.EACcellName
- wp.ac.impl.EACappName
- wp.ac.impl.reorderRoles
Tivoli Access Manager: AMJRTE connection parameters
Provide authentication information to enable WebSphere Portal to connect with TAM.
- wp.ac.impl.PDAdminId
- wp.ac.impl.PDAdminPwd
- wp.ac.impl.PDPermPath
- Description
- This value is the location of the TAM AMJRTE properties file. This properties file is created by the TAM SvrSslCfg command and contains information such as: Policy Server host name, ports version of AMJRTE path to encryption keys.
- Default value
- ${WasHome}/tivoli/tam/PdPerm.properties
- Examples
- None available
Tivoli Access Manager: PDJrteCfg command and filesystem parameters
The following parameter locations depend on your WebSphere Application Server installation structure. For more information or detail on the individual parameters, refer to: http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/topic/com.ibm.websphere.nd.doc/info/ae/ae/rsec_tampdjrtecfg.html
- wp.ac.impl.PDClasspath
- wp.ac.impl.PDHome
- wp.ac.impl.JavaHome
- wp.ac.impl.CfgFilesPath
- Description
- This value is the required filesystem directory location of the generated TAM AMJRTE properties. The properties files are created by the TAM PdjrteCfg command, which is the same as the -cfgfiles_path command line argument in a manual execution.
- Default value
- ${WasHome}/tivoli/tam
- Examples
- :
- wp.ac.impl.TamHost
Tivoli Access Manager: SvrSslCfg command parameters
WebSphere Portal requires the following information to run the SvrSslCfg command
- wp.ac.impl.PDServerName
- Description
- The unique application name and will be used to create a new Tivoli server in the Access Manager Policy Server. This server will appear in the pdadmin server list after running the SvrSslCfg command. If a server with the same name appears in the server list command, the SvrSslCfg command will fail.
- Default value
- amwp80
- Examples
- :
- wp.ac.impl.SvrSslCfgPort
- wp.ac.impl.SvrSslCfgMode
- wp.ac.impl.PDPolicyServerList
- wp.ac.impl.PDAuthzServerList
- wp.ac.impl.PDKeyPath
Tivoli Access Manager: WebSphere Application Server WebSEAL TAI parameters
WebSphere Portal uses the following information for WebSEAL.
- wp.ac.impl.hostnames
- Description
- (Optional) This value sets the WebSEAL TAI's hostnames parameter. You should include the host name you provided when configuring the WebSEAL instance. The default behavior when configuring a WebSEAL instance is to use the network short name. For example, hosta.yourcompany.com may be represented as hosta. When the WebSEAL instance is configured and if any additional proxies are included, their host names must be added as well. Presence of this parameter will cause the TAI to evaluate the VIA header and only handle those requests that contain one of the provided host name, and port combinations. This value is case-sensitive and may be a comma-delimited list if more than one host name is provided
- Default value
- No default value
- Examples
- :
- wp.ac.impl.ports
- Description
- (Optional) This value sets the WebSEAL TAI's ports parameter. You should include the WebSEAL ports in this comma-delimited list. The default WebSEAL port is 443. Presence of this parameter will cause the TAI to evaluate the VIA header and only handle those requests that contain one of the provided host name and port combinations.
- Default value
- No default value
- Examples
- :
- wp.ac.impl.loginId
- Description
- When you create a TCP junction, this value is WebSEAL identity representing the reverse proxy on every request. WebSphere Application Server will use this identity to establish the "trust" that is required to validate the WebSEAL iv-* headers. The password for this user should be set in the WebSEAL instance's webseald.conf on the basicauth-dummy-passwd property.
- Default value
- wpsadmin
- Examples
- :
- wp.ac.impl.TAICreds
- Description
- This value is the headers inserted by WebSEAL that the TAI uses to identify the request as originating from WebSEAL. Inclusion of these headers is associated with the headers used by the WebSphere Application Server TAI to identify the request as one from WebSEAL. If you are configuring Portal to use TAM as an external authorization engine, you must include at least the iv-user and iv-creds headers.
- Default value
- iv-user,iv-creds
- Examples
- :
- wp.ac.impl.checkViaHeader
- Description
- You can configure TAI so that the VIA header can be ignored when validating trust for a request. Set this property to false if none of the hosts in the VIA header need to be evaluated. When this value is false, you do not need to set the wp.ac.impl.hostnames and wp.ac.impl.ports properties. The only mandatory property to set when this value is false is wp.ac.impl.loginId.
- Valid values
- true
- Default value
- false
- Examples
- None available
- wp.ac.impl.viaDepth
- Description
- This value is a positive integer that specifies the number of source hosts in the VIA header to check for trust. By default, every host in the VIA header is checked, and if any host is not trusted, trust cannot be established. The VIA depth property is used when only some of the hosts in the VIA header have to be trusted. The setting indicates the number of hosts that are required to be trusted.
- Default value
- 0
- Examples
- :
- wp.ac.impl.ssoPwdExpiry
- Description
- After trust is established for a request, the single sign-on user password is cached, eliminating the need to have the TAI re-authenticate the single sign-on user with Tivoli Access Manager for every request. You can modify the cache timeout period by setting the single sign-on password expiry property to the required time in seconds. If the password expiry property is set to 0, the cached password never expires.
- Default value
- 600
- Examples
- None available
- wp.ac.impl.ignoreProxy
- Description
- This property can be used to tell the TAI to ignore proxies as trusted hosts. If set to true the comments field of the hosts entry in the VIA header is checked to determine if a host is a proxy. Remember that not all proxies insert comments in the via header indicating that they are proxies. If the checkViaHeader property is set to false, then the ignoreProxy property has no influence in establishing trust.
- Valid values
- true
- Default value
- false
- Examples
- :
Tivoli Access Manager: Portal authorization parameters
Tivoli Access Manager: Portal vault parameters
The following information is used to confgure a vault for Tivoli Access Manager.
- wp.ac.impl.vaultType
- wp.ac.impl.vaultProperties
- Description
- This value defines a properties file used to configure the vault with TAM specific user and SSL connection information. This file will automatically be created in the wp_profile/shared/app/config subdirectory and populated by the ant task based on previous task execution.
- Default value
- accessmanagervault.properties
- Examples
- :
- wp.ac.impl.manageResources
- Description
- This value determines if the portal credential vault or any custom portlet is allowed to create new resource objects in TAM. If you set this value to false, your Tivoli administrator must define the accessible resources to associate users with using the Tivoli command line or GUI.
- Valid values
- true
- Default value
- true
- Examples
- :
- wp.ac.impl.readOnly
- Description
- This value determines if the portal credential vault or any custom portlet is allowed to modify the secrets stored in TAM. If you set this value to true ("Read Only"), the Tivoli administrator must change the credentials associated with resources using the Tivoli command line or GUI.
- Valid values
- true
- Default value
- false
- Examples
- None available