Hot Fix Readme (Adapt) - Business Intelligence
Hot Fix Readme (Adapt) - Business Intelligence
Hot Fix Readme (Adapt) - Business Intelligence
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CHF14<br />
ADAPT00583709<br />
Description:<br />
Patch ID: 38,651,040<br />
When configuring Trusted Authentication, when the trusted authentication password is used as the shared secret, a potential<br />
security risk is introduced.<br />
The cause of the problem is that, because Java 2 security is not enabled on WebSphere, all server files are exposed including<br />
the TrustedPrincipal.conf which contains the trusted authentication password.<br />
New Behavior:<br />
This problem is resolved.<br />
To enable the new trusted authentication function, do the following:<br />
1. In the WEB-INF\web.xml file, take the following steps:<br />
a) Disable Siteminder single sign on:<br />
<br />
siteminder.enabled<br />
false<br />
<br />
b) Set the Central Management Server (CMS) hostname:<br />
<br />
cms.default<br />
cmshostname:port<br />
<br />
c) Enable single sign on:<br />
<br />
sso.enabled<br />
true<br />
<br />
d) Make the following configurations to retrieve the user ID for Trusted authentication:<br />
- Set the IIS-added header to "IIS_HEADER".<br />
- Set the HTTP header to "HTTP_HEADER".<br />
- Set the URL query string to "QUERY_STRING".<br />
- Set the cookie to "COOKIE".<br />
- Set the web session to "WEB_SESSION".<br />
- Set the user principal to "USER_PRINCIPAL".<br />
e) Disable trusted authentication:<br />
<br />
trusted.auth.user.retrieval<br />
WEB_SESSION<br />
<br />
f) Set the Header/URL parameter/Cookie/Session variable name to retrieve a user name: (This does not have to be done for<br />
IIS_HEADER or USER_PRINCIPAL.)<br />
<br />
trusted.auth.user.param<br />
sm_user<br />
<br />
g) Set the session variable name to retrieve the shared secret. Leave it empty if the shared secret is not passed from web<br />
session:<br />