Develop and deploy a secure portal solution using WebSphere Portal V5 and Tivoli Access Manager V5.1 / [John Ganci ... et al.].

Format:

Book

Contributor:

Ganci, John.

International Business Machines Corporation. International Technical Support Organization.

Series:

IBM redbooks.

IBM redbooks

Language:

English

Subjects (All):

Web portals--Security measures.

Web portals.

WebSphere.

Physical Description:

xx, 702 p. : ill.

Edition:

1st ed.

Place of Publication:

Research Triangle Park, NC : IBM, International Technical Support Organization, 2004.

Language Note:

English

Contents:

Front cover

Contents

Notices

Trademarks

Preface

The team that wrote this redbook

Become a published author

Comments welcome

Part 1 Introduction to secure portal solutions

Chapter 1. Introduction

1.1 Secure portal solution overview

1.1.1 Key concepts of a secure portal solution

1.1.2 Secure portal solution high level architecture

1.2 Solution software

1.2.1 Runtime environment solution software

1.2.2 Development environment solution software

1.3 Target audience of redbook

1.3.1 Roles and skills

1.3.2 Matching redbook topics to roles and skills

Chapter 2. Security fundamentals

2.1 Security domain and risk management

2.1.1 Source of vulnerability and intruder reconnaissance

2.1.2 Physical security

2.1.3 Logical security

2.1.4 Security policy

2.1.5 Security risk management

2.2 Method for Architecting Secure Solutions (MASS)

2.3 Security fundamentals

2.3.1 Public Key Infrastructure (PKI)

2.3.2 WebSphere Portal security model

2.3.3 Tivoli Access Manager security model

2.3.4 Authentication

2.3.5 Authorization

2.3.6 WebSphere Portal Credential Vault

2.3.7 Tivoli Access Manager Global Sign-on (GSO)

Chapter 3. Architecture and topology selection

3.1 Topology definition and operational model

3.1.1 Operational model overview

3.1.2 Topology zones

3.1.3 Conceptual model

3.1.4 Specified model

3.1.5 Security interaction patterns

3.2 Runtime environment topology selection

3.2.1 Entry runtime topology

3.2.2 Enterprise runtime topology

3.2.3 Extended enterprise runtime topology

3.3 Development environment topology selection

3.3.1 Conceptual model

3.3.2 Specified model

3.3.3 All-in-one approach

3.3.4 Develop and deploy without debug

3.3.5 Develop, deploy, and remote debugging.

3.3.6 Develop using a shared security infrastructure

Chapter 4. Design and integration guidelines

4.1 Security and design guidelines

4.1.1 Design principles

4.1.2 WebSphere Portal vs Tivoli Access Manager authorization

4.1.3 Single sign-on guidelines

4.1.4 Identity management

4.1.5 Adding an external Web server for WebSphere Portal

4.2 Product-specific integration guidelines

4.2.1 WebSEAL junctions

4.2.2 Junction considerations for use with TAI

4.2.3 Handling of back-end application cookies

4.2.4 Junction Mapping Table (JMT)

4.2.5 WebSEAL URL-based access control

4.2.6 Access control of WebSphere Portal resources

4.2.7 Access control of resources within portlet applications

4.2.8 WebSEAL and WebSphere Portal session considerations

4.3 Sequence diagrams for common access patterns

4.3.1 UCT1: Access unprotected portal page

4.3.2 UCT2: Access protected portal page, provide valid credentials

4.3.3 UCT3: Access protected portal page with existing valid session

4.3.4 UCT4: Access protected portal page with invalid credentials

4.3.5 UCT5: WebSEAL session times out before portal session

4.3.6 UCT6: Portal session times out before WebSEAL session

4.3.7 UCT7: Both WebSEAL and WebSphere Portal sessions time out

4.3.8 UCT8: WebSphere Portal logout after WebSEAL session timeout

4.4 Component connections

Part 2 ITSO working example secure portal solution

Chapter 5. Requirements and solution design

5.1 Business scenario

5.1.1 Initial context

5.1.2 Business challenges

5.2 Business requirements

5.2.1 Functional requirements

5.2.2 Non-functional requirements

5.3 Use case model

5.3.1 Use case overview

5.3.2 Front-end use cases

5.3.3 Administrative use cases

5.4 Architecture

5.4.1 Architecture overview

5.4.2 Architecture decisions.

5.4.3 Selected runtime environment

5.4.4 Selected development environment

Chapter 6. Install the runtime environment

6.1 Planning

6.1.1 Hardware and software prerequisites

6.1.2 Hardware used within the ITSO runtime environment

6.1.3 Software used within the ITSO runtime environment

6.1.4 Software installation paths and variables

6.1.5 Using VMWare and Ghost

6.2 Implement the Policy Server node

6.2.1 Windows 2000 Server installation

6.2.2 DB2 Universal Database installation

6.2.3 IBM GSKit upgrade installation

6.2.4 Java Runtime Environment (JRE) V1.3.1 installation

6.2.5 Tivoli Directory Server installation

6.2.6 Tivoli Directory Server configuration

6.2.7 Tivoli Web Administration Tool installation

6.2.8 Configure Directory Server for Tivoli Access Manager

6.2.9 Tivoli Access Manager installation

6.2.10 Tivoli Access Manager configuration

6.2.11 Tivoli Access Manager Web Portal Manager installation

6.2.12 Tivoli Access Manager V5.1 Base Fixpack 2 installation

6.3 Implement the Reverse Proxy node

6.3.1 Windows 2000 Server installation

6.3.2 Install GSKit

6.3.3 Install Java Runtime Environment (JRE)

6.3.4 Install Tivoli Directory Client

6.3.5 Tivoli Access Manager - WebSEAL installation

6.3.6 Tivoli Access Manager - WebSEAL configuration

6.3.7 Tivoli Access Manager V5.1 Base Fixpack 2 installation

6.3.8 Tivoli Access Manager V5.1 WebSEAL Fixpack 2 installation

6.4 Implement the Portal Server node

6.4.1 Windows 2000 Server installation

6.4.2 WebSphere Portal Server V5.0 installation

6.4.3 WebSphere Application Server Enterprise V5 Fixpack 2 (V5.0.2) installation

6.4.4 WebSphere Application Server V5.0.2 Fixes installation

6.4.5 WebSphere Portal V5 Fixpack 2 (V5.0.2) installation.

6.4.6 WebSphere Application Server Enterprise V5.0.2 Cumulative Fix (V5.0.2.3) installation

6.4.7 WebSphere Portal V5.0.2 Cumulative Fix 1 (V5.0.2.1) installation

6.4.8 Java Runtime Environment (JRE) V1.3.1 installation

6.4.9 Tivoli Access Manager Java Runtime Environment installation

6.4.10 DB2 Universal Database installation

Chapter 7. Configure the runtime environment

7.1 Configure WebSphere Portal for DB2

7.2 Configure WebSphere Portal for IBM HTTP Server

7.3 Configure WebSphere Portal for LDAP

7.3.1 Create a suffix

7.3.2 Create LDIF file containing users and groups

7.3.3 Import the LDIF file (wp-itso.ldif) to create users and groups

7.3.4 Enable LDAP security for WebSphere Portal

7.3.5 Verify the LDAP configuration

7.4 Enable mutual SSL between WebSEAL and WebSphere Portal

7.4.1 IBM HTTP Server SSL configuration

7.4.2 Configure WebSphere Portal for SSL

7.4.3 Export IBM HTTP Server CA certificate

7.4.4 Import IBM HTTP Server certificate into WebSEAL keystore

7.4.5 Export WebSEAL certificate

7.4.6 Import WebSEAL certificate into IBM HTTP Server keystore

7.4.7 Enable mutual SSL for IBM HTTP Server

7.5 Configure portal authentication with TAM using TAI

7.5.1 Apply Tivoli Access Manager ACLs to new LDAP suffixes

7.5.2 Define additional MIME types for WebSphere Application Server

7.5.3 Create a WebSEAL junction

7.5.4 Enable forms authentication on WebSEAL

7.5.5 Configure WebSEAL to modify URLs to back-end systems

7.5.6 Configure additional WebSEAL parameters

7.5.7 Import WebSphere Portal users and groups into TAM

7.5.8 Define access controls for WebSphere Portal URIs

7.5.9 Configure the junction mapping table

7.5.10 Configure SSO for WebSEAL and WebSphere via TAI

7.5.11 Configure Portal login/logout for use with WebSEAL.

7.6 Configure Portal for authorization with TAM

7.6.1 Configure the SSL between WebSphere and TAM

7.6.2 Implement JAAS authentication

7.6.3 Modify WebSphere Portal configuration files

7.6.4 Verify entries in TAM for Portal external authorization

7.6.5 Example for externalizing a resource

7.7 Integrate the Credential Vault

7.7.1 Credential Vault overview

7.7.2 Configure the Credential Vault for Tivoli Access Manager

7.7.3 Verify the Credential Vault

7.8 Additional configuration

7.8.1 Configure WebSEAL and WebSphere Portal sesssion timeouts

7.8.2 Configure WebSEAL to handle favicon.ico

Chapter 8. Implement the development environment

8.1 Planning

8.1.1 Architecture overview

8.1.2 Hardware used within the ITSO development environment

8.1.3 Software used within the ITSO development environment

8.1.4 VMWare

8.2 Implement the Repository node (optional)

8.3 Implement the Policy Server node

8.4 Implement the Reverse Proxy node (optional)

8.5 Implement the Development node

8.5.1 Windows 2000 installation

8.5.2 WebSphere Studio Application Developer V5.1.1 installation

8.5.3 WebSphere Studio Application Developer V5.1.1 Interim Fix 002 installation

8.5.4 WebSphere Studio Application Developer - WebSphere Test Environment fixpack installation

8.5.5 WebSphere Portal Toolkit and test environment installation

8.5.6 Verify the Portal Toolkit and Test Environment installation

8.5.7 Java Runtime Environment (JRE) V1.3.1 installation

8.5.8 Tivoli Access Manager Java Runtime Environment installation

8.5.9 Configure the SSL between the WTE and TAM

8.5.10 Verify the TAM configuration within WebSphere Studio

8.5.11 CVS client configuration for WebSphere Studio

8.6 Configure WebSphere Portal for LDAP

8.6.1 Create a suffix.

8.6.2 Import the LDIF file (wp-itso.ldif) to create users and groups.

Notes:

"August 2004."

"SG24-6325-00."

Includes bibliographical references and index.

OCLC:

137342154