Securing your help server

You can make your help server accessible only to users who are logged on to the help server or you can enable remote access to the help server. When you enable remote access, you can create passwords for users to secure your help server.

About this task

There are two security options for controlling access to help administration pages:
  • Local access only: Only users who are logged on to the help server can access the help administration pages.
  • Role-based security: Users can access the help administration pages remotely.
The control for these options is managed in the Help Administration page and stored in a config.ini file, which is contained within the help file. The first time that you access the Help Administration page, you must access it locally from the server that the help is running on. If you cannot access the server locally or do not have a browser that is installed on the help server, you can edit that config.ini file to grant remote access. You can then use the Help Administration page remotely to grant access for specific users and passwords.
Note: If your web browser does not display all the options that are described in this procedure, try another browser.

Creating users for the help server

Before you begin

The first time that you access the Help Administration page, you must access it locally from the server that the help is running on. You can change the settings to allow remote access by editing the config.ini file for the application server.
To change the help server settings to remote by editing the config.ini file:
  1. Stop the application server.
  2. Open the <application_server_installation>/<web_application_directory>/help/WEB-INF/configuration/config.ini file.
  3. Add the following lines to the config.ini:
    help.type.default=remote
    help.war.security=remote
  4. Clear the cache on the web server.
  5. Restart the application server.

Procedure

  1. In a browser, open the Help Administration page by typing a URL that is in this format: http://server:port/help-name/updater/admin.jsp. For example, https://localhost:9443/clmhelp/updater/admin.jsp.
    Important: If you are completing this task for the first time, you must log in to the help server and access the local server Help Administration page in a browser. Example: http://127.0.0.1:8080/help-name/updater/admin.jsp

    If you are already a user with role-based security, you can access the Help Administration page through a browser remotely without logging in to the help server. Example: http://server.ibm.com:8080/help-name/updater/admin.jsp

  2. Click the Administrative Access Management tab. The default user is warupdateadmin and uses the password warupdateadmin.
  3. Select an authentication type:
    • Local access only: All users must be logged on to the help server to update the help content.
    • Role based security: All users can log in to the Help Administration page remotely.
    Important: When you select Role based security or when you create a new user, you might be logged out of your current user. Make a note of your username and password, whether it is the default (warupdateadmin/warupdateadmin) or a username and password that you created.
  4. Optional: To add a user, click Add.
    1. Enter a confirm a password for that user. You cannot customize the user name.
    2. Click OK.
  5. To give a user the ability to create other users for help server administration, select the User Administration option. If the User Administration option is not selected, the user can update the help content, but cannot create help server users. The changes that you make are automatically saved.

Setting security type preferences

You can set Eclipse and help system security type preferences in your Eclipse workspace

Before you begin

The security preferences might already be configured for your product. Check your product_customization.ini to see whether the values were configured for you.

About this task

Table 1. Eclipse and help system security preferences
Preference Description
com.ibm.ut.help.common.sslcontexts Help server security preference
Example values:
  • SSL
  • SSLv2
  • SSLv3
  • TLS
  • TLSv1
  • TLSv1.1
org.eclipse.help.base.sslcontexts Eclipse security preference
Example values:
  • SSL
  • SSLv2
  • SSLv3
  • TLS
  • TLSv1
  • TLSv1.1

Procedure

To set the security preferences in the user workspace:

  1. Open the following files with a text editor:
    • <application_server_workspace>\.metadata\.plugins\org.eclipse.core.runtime\.settings\org.eclipse.help.base.prefs
    • <application_server_workspace>\.metadata\.plugins\org.eclipse.core.runtime\.settings\com.ibm.ut.help.common.prefs
  2. Specify both preferences in each .prefs file. You can list more than one SSL type by separating them with commas. When more than one type is specified, each one is tested until the correct type is found. Specify the same values for both preferences.
    Example:
    com.ibm.ut.help.common.sslcontexts=TLS,TLSv1
    org.eclipse.help.base.sslcontexts=TLS,TLSv1
  3. Save the changes to both .prefs files.

video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net
Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki