• Like
Develop and deploy a secure portal solution using web sphere portal v5 and tivoli access manager v5.1 sg246325
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Develop and deploy a secure portal solution using web sphere portal v5 and tivoli access manager v5.1 sg246325

  • 3,913 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
3,913
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
70
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Front coverDevelop and Deploy aSecure Portal SolutionUsing WebSphere Portal V5 and Tivoli Access Manager V5.1Solution architecture and technologiesfor a secure portalDeploy a secure portal runtimeenvironmentDevelop and deploysecure portal application John Ganci Hinrich Boog Melanie Fletcher Brett Gordon Ashwin Manekar Normunds Saumanis Kai Schwidder Jonas Tingebornibm.com/redbooks
  • 2. International Technical Support OrganizationDevelop and Deploy a Secure Portal SolutionUsing WebSphere Portal V5 and Tivoli AccessManager V5.1August 2004 SG24-6325-00
  • 3. Note: Before using this information and the product it supports, read the information in “Notices” on page xiii.First Edition (August 2004)This edition applies to IBM WebSphere Portal Extend for Multiplatforms V5.0.2.1 and IBM TivoliAccess Manager for e-business V5.1.0.2 on the Microsoft Windows platform.© Copyright International Business Machines Corporation 2004. All rights reserved.Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADPSchedule Contract with IBM Corp.
  • 4. Contents Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv The team that wrote this redbook. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Become a published author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviiiPart 1. Introduction to secure portal solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Chapter 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Secure portal solution overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1.1 Key concepts of a secure portal solution . . . . . . . . . . . . . . . . . . . . . . 4 1.1.2 Secure portal solution high level architecture . . . . . . . . . . . . . . . . . . . 5 1.2 Solution software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2.1 Runtime environment solution software . . . . . . . . . . . . . . . . . . . . . . . 6 1.2.2 Development environment solution software . . . . . . . . . . . . . . . . . . . 8 1.3 Target audience of redbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.3.1 Roles and skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.3.2 Matching redbook topics to roles and skills. . . . . . . . . . . . . . . . . . . . 11 Chapter 2. Security fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.1 Security domain and risk management . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.1.1 Source of vulnerability and intruder reconnaissance . . . . . . . . . . . . 15 2.1.2 Physical security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.1.3 Logical security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.1.4 Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 2.1.5 Security risk management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 2.2 Method for Architecting Secure Solutions (MASS) . . . . . . . . . . . . . . . . . . 25 2.3 Security fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.3.1 Public Key Infrastructure (PKI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 2.3.2 WebSphere Portal security model. . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.3.3 Tivoli Access Manager security model . . . . . . . . . . . . . . . . . . . . . . . 35 2.3.4 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 2.3.5 Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 2.3.6 WebSphere Portal Credential Vault . . . . . . . . . . . . . . . . . . . . . . . . . 44 2.3.7 Tivoli Access Manager Global Sign-on (GSO) . . . . . . . . . . . . . . . . . 46 Chapter 3. Architecture and topology selection. . . . . . . . . . . . . . . . . . . . . 51© Copyright IBM Corp. 2004. All rights reserved. iii
  • 5. 3.1 Topology definition and operational model . . . . . . . . . . . . . . . . . . . . . . . . 52 3.1.1 Operational model overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 3.1.2 Topology zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.1.3 Conceptual model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 3.1.4 Specified model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 3.1.5 Security interaction patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 3.2 Runtime environment topology selection . . . . . . . . . . . . . . . . . . . . . . . . . 69 3.2.1 Entry runtime topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 3.2.2 Enterprise runtime topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 3.2.3 Extended enterprise runtime topology . . . . . . . . . . . . . . . . . . . . . . . 79 3.3 Development environment topology selection. . . . . . . . . . . . . . . . . . . . . . 81 3.3.1 Conceptual model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 3.3.2 Specified model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 3.3.3 All-in-one approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 3.3.4 Develop and deploy without debug . . . . . . . . . . . . . . . . . . . . . . . . . . 87 3.3.5 Develop, deploy, and remote debugging . . . . . . . . . . . . . . . . . . . . . 88 3.3.6 Develop using a shared security infrastructure . . . . . . . . . . . . . . . . . 90 Chapter 4. Design and integration guidelines . . . . . . . . . . . . . . . . . . . . . . 93 4.1 Security and design guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 4.1.1 Design principles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 4.1.2 WebSphere Portal vs Tivoli Access Manager authorization . . . . . . . 95 4.1.3 Single sign-on guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 4.1.4 Identity management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 4.1.5 Adding an external Web server for WebSphere Portal . . . . . . . . . . 107 4.2 Product-specific integration guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . 107 4.2.1 WebSEAL junctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 4.2.2 Junction considerations for use with TAI. . . . . . . . . . . . . . . . . . . . . 109 4.2.3 Handling of back-end application cookies. . . . . . . . . . . . . . . . . . . . 110 4.2.4 Junction Mapping Table (JMT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 4.2.5 WebSEAL URL-based access control . . . . . . . . . . . . . . . . . . . . . . 112 4.2.6 Access control of WebSphere Portal resources . . . . . . . . . . . . . . . 113 4.2.7 Access control of resources within portlet applications . . . . . . . . . . 113 4.2.8 WebSEAL and WebSphere Portal session considerations . . . . . . . 114 4.3 Sequence diagrams for common access patterns . . . . . . . . . . . . . . . . . 115 4.3.1 UCT1: Access unprotected portal page . . . . . . . . . . . . . . . . . . . . . 116 4.3.2 UCT2: Access protected portal page, provide valid credentials . . . 117 4.3.3 UCT3: Access protected portal page with existing valid session . . 119 4.3.4 UCT4: Access protected portal page with invalid credentials . . . . . 120 4.3.5 UCT5: WebSEAL session times out before portal session . . . . . . . 121 4.3.6 UCT6: Portal session times out before WebSEAL session. . . . . . . 124 4.3.7 UCT7: Both WebSEAL and WebSphere Portal sessions time out . 127 4.3.8 UCT8: WebSphere Portal logout after WebSEAL session timeout. 131iv Develop and Deploy a Secure Portal Solution Using WebSphere Portal V5 and Tivoli Access Manager V5.1
  • 6. 4.4 Component connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Part 2. ITSO working example secure portal solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Chapter 5. Requirements and solution design. . . . . . . . . . . . . . . . . . . . . 143 5.1 Business scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 5.1.1 Initial context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 5.1.2 Business challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 5.2 Business requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 5.2.1 Functional requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 5.2.2 Non-functional requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 5.3 Use case model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 5.3.1 Use case overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 5.3.2 Front-end use cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 5.3.3 Administrative use cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 5.4 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 5.4.1 Architecture overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 5.4.2 Architecture decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 5.4.3 Selected runtime environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 5.4.4 Selected development environment . . . . . . . . . . . . . . . . . . . . . . . . 174 Chapter 6. Install the runtime environment . . . . . . . . . . . . . . . . . . . . . . . 175 6.1 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 6.1.1 Hardware and software prerequisites . . . . . . . . . . . . . . . . . . . . . . . 177 6.1.2 Hardware used within the ITSO runtime environment . . . . . . . . . . 178 6.1.3 Software used within the ITSO runtime environment . . . . . . . . . . . 178 6.1.4 Software installation paths and variables . . . . . . . . . . . . . . . . . . . . 181 6.1.5 Using VMWare and Ghost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 6.2 Implement the Policy Server node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 6.2.1 Windows 2000 Server installation . . . . . . . . . . . . . . . . . . . . . . . . . . 183 6.2.2 DB2 Universal Database installation. . . . . . . . . . . . . . . . . . . . . . . . 184 6.2.3 IBM GSKit upgrade installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 6.2.4 Java Runtime Environment (JRE) V1.3.1 installation . . . . . . . . . . . 192 6.2.5 Tivoli Directory Server installation. . . . . . . . . . . . . . . . . . . . . . . . . . 193 6.2.6 Tivoli Directory Server configuration . . . . . . . . . . . . . . . . . . . . . . . . 195 6.2.7 Tivoli Web Administration Tool installation . . . . . . . . . . . . . . . . . . . 196 6.2.8 Configure Directory Server for Tivoli Access Manager . . . . . . . . . . 206 6.2.9 Tivoli Access Manager installation . . . . . . . . . . . . . . . . . . . . . . . . . 207 6.2.10 Tivoli Access Manager configuration . . . . . . . . . . . . . . . . . . . . . . 208 6.2.11 Tivoli Access Manager Web Portal Manager installation . . . . . . . 213 6.2.12 Tivoli Access Manager V5.1 Base Fixpack 2 installation . . . . . . . 216 6.3 Implement the Reverse Proxy node . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 6.3.1 Windows 2000 Server installation . . . . . . . . . . . . . . . . . . . . . . . . . . 219 6.3.2 Install GSKit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 Contents v
  • 7. 6.3.3 Install Java Runtime Environment (JRE) . . . . . . . . . . . . . . . . . . . . 219 6.3.4 Install Tivoli Directory Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 6.3.5 Tivoli Access Manager - WebSEAL installation . . . . . . . . . . . . . . . 220 6.3.6 Tivoli Access Manager - WebSEAL configuration. . . . . . . . . . . . . . 222 6.3.7 Tivoli Access Manager V5.1 Base Fixpack 2 installation . . . . . . . . 225 6.3.8 Tivoli Access Manager V5.1 WebSEAL Fixpack 2 installation . . . . 226 6.4 Implement the Portal Server node. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 6.4.1 Windows 2000 Server installation . . . . . . . . . . . . . . . . . . . . . . . . . . 228 6.4.2 WebSphere Portal Server V5.0 installation. . . . . . . . . . . . . . . . . . . 228 6.4.3 WebSphere Application Server Enterprise V5 Fixpack 2 (V5.0.2) installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 6.4.4 WebSphere Application Server V5.0.2 Fixes installation . . . . . . . . 237 6.4.5 WebSphere Portal V5 Fixpack 2 (V5.0.2) installation . . . . . . . . . . . 240 6.4.6 WebSphere Application Server Enterprise V5.0.2 Cumulative Fix (V5.0.2.3) installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 6.4.7 WebSphere Portal V5.0.2 Cumulative Fix 1 (V5.0.2.1) installation. 251 6.4.8 Java Runtime Environment (JRE) V1.3.1 installation . . . . . . . . . . . 254 6.4.9 Tivoli Access Manager Java Runtime Environment installation . . . 255 6.4.10 DB2 Universal Database installation . . . . . . . . . . . . . . . . . . . . . . . 257 Chapter 7. Configure the runtime environment . . . . . . . . . . . . . . . . . . . . 259 7.1 Configure WebSphere Portal for DB2 . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 7.2 Configure WebSphere Portal for IBM HTTP Server . . . . . . . . . . . . . . . . 264 7.3 Configure WebSphere Portal for LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . 266 7.3.1 Create a suffix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 7.3.2 Create LDIF file containing users and groups . . . . . . . . . . . . . . . . . 267 7.3.3 Import the LDIF file (wp-itso.ldif) to create users and groups . . . . . 268 7.3.4 Enable LDAP security for WebSphere Portal . . . . . . . . . . . . . . . . . 269 7.3.5 Verify the LDAP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 7.4 Enable mutual SSL between WebSEAL and WebSphere Portal . . . . . . 276 7.4.1 IBM HTTP Server SSL configuration . . . . . . . . . . . . . . . . . . . . . . . 277 7.4.2 Configure WebSphere Portal for SSL . . . . . . . . . . . . . . . . . . . . . . . 281 7.4.3 Export IBM HTTP Server CA certificate . . . . . . . . . . . . . . . . . . . . . 283 7.4.4 Import IBM HTTP Server certificate into WebSEAL keystore . . . . . 284 7.4.5 Export WebSEAL certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286 7.4.6 Import WebSEAL certificate into IBM HTTP Server keystore . . . . . 287 7.4.7 Enable mutual SSL for IBM HTTP Server . . . . . . . . . . . . . . . . . . . . 288 7.5 Configure portal authentication with TAM using TAI . . . . . . . . . . . . . . . . 289 7.5.1 Apply Tivoli Access Manager ACLs to new LDAP suffixes . . . . . . . 290 7.5.2 Define additional MIME types for WebSphere Application Server . 296 7.5.3 Create a WebSEAL junction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 7.5.4 Enable forms authentication on WebSEAL . . . . . . . . . . . . . . . . . . . 300 7.5.5 Configure WebSEAL to modify URLs to back-end systems . . . . . . 301vi Develop and Deploy a Secure Portal Solution Using WebSphere Portal V5 and Tivoli Access Manager V5.1
  • 8. 7.5.6 Configure additional WebSEAL parameters . . . . . . . . . . . . . . . . . . 303 7.5.7 Import WebSphere Portal users and groups into TAM . . . . . . . . . . 303 7.5.8 Define access controls for WebSphere Portal URIs . . . . . . . . . . . . 304 7.5.9 Configure the junction mapping table . . . . . . . . . . . . . . . . . . . . . . . 307 7.5.10 Configure SSO for WebSEAL and WebSphere via TAI . . . . . . . . 308 7.5.11 Configure Portal login/logout for use with WebSEAL . . . . . . . . . . 3137.6 Configure Portal for authorization with TAM . . . . . . . . . . . . . . . . . . . . . . 322 7.6.1 Configure the SSL between WebSphere and TAM. . . . . . . . . . . . . 322 7.6.2 Implement JAAS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 324 7.6.3 Modify WebSphere Portal configuration files . . . . . . . . . . . . . . . . . 331 7.6.4 Verify entries in TAM for Portal external authorization . . . . . . . . . . 336 7.6.5 Example for externalizing a resource . . . . . . . . . . . . . . . . . . . . . . . 3377.7 Integrate the Credential Vault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 7.7.1 Credential Vault overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 7.7.2 Configure the Credential Vault for Tivoli Access Manager . . . . . . . 348 7.7.3 Verify the Credential Vault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3507.8 Additional configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356 7.8.1 Configure WebSEAL and WebSphere Portal sesssion timeouts . . 356 7.8.2 Configure WebSEAL to handle favicon.ico . . . . . . . . . . . . . . . . . . . 359Chapter 8. Implement the development environment . . . . . . . . . . . . . . . 3618.1 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 8.1.1 Architecture overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 8.1.2 Hardware used within the ITSO development environment . . . . . . 363 8.1.3 Software used within the ITSO development environment . . . . . . . 364 8.1.4 VMWare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3658.2 Implement the Repository node (optional) . . . . . . . . . . . . . . . . . . . . . . . 3668.3 Implement the Policy Server node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3668.4 Implement the Reverse Proxy node (optional) . . . . . . . . . . . . . . . . . . . . 3668.5 Implement the Development node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 8.5.1 Windows 2000 installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369 8.5.2 WebSphere Studio Application Developer V5.1.1 installation. . . . . 369 8.5.3 WebSphere Studio Application Developer V5.1.1 Interim Fix 002 installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 8.5.4 WebSphere Studio Application Developer - WebSphere Test Environment fixpack installation . . . . . . . . . . . . . . . . . . . . . . . . . . . 374 8.5.5 WebSphere Portal Toolkit and test environment installation. . . . . . 378 8.5.6 Verify the Portal Toolkit and Test Environment installation. . . . . . . 380 8.5.7 Java Runtime Environment (JRE) V1.3.1 installation . . . . . . . . . . . 381 8.5.8 Tivoli Access Manager Java Runtime Environment installation . . . 381 8.5.9 Configure the SSL between the WTE and TAM . . . . . . . . . . . . . . . 383 8.5.10 Verify the TAM configuration within WebSphere Studio . . . . . . . . 384 8.5.11 CVS client configuration for WebSphere Studio . . . . . . . . . . . . . . 386 Contents vii
  • 9. 8.6 Configure WebSphere Portal for LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . 386 8.6.1 Create a suffix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 8.6.2 Import the LDIF file (wp-itso.ldif) to create users and groups . . . . . 387 8.6.3 Enable LDAP security for WebSphere Portal . . . . . . . . . . . . . . . . . 388 8.6.4 Stop/start servers in WebSphere Test Environment . . . . . . . . . . . . 392 8.6.5 Verify the LDAP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393 8.6.6 Disable LDAP security in WebSphere Portal . . . . . . . . . . . . . . . . . 394 8.7 Additional configuration (optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394 Chapter 9. Develop the secure portal application . . . . . . . . . . . . . . . . . . 395 9.1 Architecture and design of the ITSO example. . . . . . . . . . . . . . . . . . . . . 396 9.1.1 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 9.1.2 Deployment units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 9.1.3 Method level security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 9.2 Prepare the workbench for the ITSO Bank example . . . . . . . . . . . . . . . . 401 9.2.1 ITSO Bank sample code download and unpack . . . . . . . . . . . . . . . 402 9.2.2 Import the sample project into the workbench . . . . . . . . . . . . . . . . 402 9.2.3 Team development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 9.2.4 Prepare the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408 9.2.5 Prepare the back-end EJB server . . . . . . . . . . . . . . . . . . . . . . . . . . 412 9.2.6 Prepare the front-end portal server . . . . . . . . . . . . . . . . . . . . . . . . . 418 9.2.7 Run the ITSO Bank application in the test environment . . . . . . . . . 420 9.3 Using the Tivoli Access Manager APIs . . . . . . . . . . . . . . . . . . . . . . . . . . 421 9.3.1 The portlet application without Tivoli Access Manager . . . . . . . . . . 422 9.3.2 The portlet application using Tivoli Access Manager . . . . . . . . . . . 423 9.4 Using the WebSphere Portal Credential Vault . . . . . . . . . . . . . . . . . . . . 425 Chapter 10. Deploy the secure portal application . . . . . . . . . . . . . . . . . . 433 10.1 ITSO Bank application overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 10.2 Deploy the ITSO Bank back-end application. . . . . . . . . . . . . . . . . . . . . 434 10.2.1 Create an application server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 10.2.2 ITSO Bank sample code download and unpack . . . . . . . . . . . . . . 436 10.2.3 Create the ITSO Bank application database . . . . . . . . . . . . . . . . . 437 10.2.4 Add ITSOid attribute to the LDAP schema . . . . . . . . . . . . . . . . . . 437 10.2.5 Create the groups and users for the ITSO Bank application. . . . . 438 10.2.6 Create the ITSOBankDataSource data source . . . . . . . . . . . . . . . 440 10.2.7 Deploy the back-end application EAR. . . . . . . . . . . . . . . . . . . . . . 443 10.3 Deploy the ITSO Bank portal application . . . . . . . . . . . . . . . . . . . . . . . 446 10.3.1 ITSO Bank sample code download and unpack . . . . . . . . . . . . . . 446 10.3.2 Modify properties files and repackage WAR . . . . . . . . . . . . . . . . . 446 10.3.3 Modify the wmmLDAPServerAttributes.xml file. . . . . . . . . . . . . . . 449 10.3.4 Install portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450 10.3.5 Create portal pages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451viii Develop and Deploy a Secure Portal Solution Using WebSphere Portal V5 and Tivoli Access Manager V5.1
  • 10. 10.3.6 Add portlets to pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 10.3.7 Modify resource permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 10.3.8 Verify ITSO Bank application . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467 10.3.9 Externalize the ITSO Bank resources . . . . . . . . . . . . . . . . . . . . . . 467Chapter 11. Security hardening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47111.1 Configure CSIv2 SSL settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472 11.1.1 Create SSL keys for CSIv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 11.1.2 Configure the SSL repertoire for CSIv2 . . . . . . . . . . . . . . . . . . . . 47411.2 Enable SSL for LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475 11.2.1 Enable LDAP server for SSL connections . . . . . . . . . . . . . . . . . . 476 11.2.2 Enable SSL for Tivoli Access Manager LDAP connections . . . . . 478 11.2.3 Enable SSL for WebSEAL LDAP connections . . . . . . . . . . . . . . . 480 11.2.4 Enable SSL for WebSphere LDAP connection . . . . . . . . . . . . . . . 481 11.2.5 Enable SSL for WebSphere Portal LDAP connections . . . . . . . . . 484 11.2.6 Enable SSL for Web Admin Tool LDAP connection . . . . . . . . . . . 487 11.2.7 Configure Tivoli Directory Server client utilities for SSL . . . . . . . . 488 11.2.8 Disable non-SSL access to Tivoli Directory Server. . . . . . . . . . . . 48911.3 Replace the default SSL certificates for the SOAP connector . . . . . . . 490 11.3.1 Configure SSL certificate and repertoire for SOAP connector . . . 491 11.3.2 Configure WebSphere administration utilities . . . . . . . . . . . . . . . . 494 11.3.3 Configure WebSphere Portal SOAP connection credentials . . . . 49511.4 Additional security hardening guidelines . . . . . . . . . . . . . . . . . . . . . . . . 501 11.4.1 Secure a WebSphere Network Deployment environment. . . . . . . 501 11.4.2 Disable the IBM HTTP Server Administration service. . . . . . . . . . 502 11.4.3 Disable the IBM HTTP Server on the Policy Server node. . . . . . . 502Chapter 12. Manage a secure portal solution. . . . . . . . . . . . . . . . . . . . . . 50312.1 Tivoli administration tools and common tasks . . . . . . . . . . . . . . . . . . . . 504 12.1.1 Tivoli Directory Server processes . . . . . . . . . . . . . . . . . . . . . . . . . 504 12.1.2 Tivoli Directory Server - Configuration Tool (ldapxcfg) . . . . . . . . . 506 12.1.3 Tivoli Directory Server - Web Administration Tool . . . . . . . . . . . . 507 12.1.4 Tivoli Directory Server - Command line utilities . . . . . . . . . . . . . . 510 12.1.5 Tivoli Access Manager - Servers . . . . . . . . . . . . . . . . . . . . . . . . . 511 12.1.6 Tivoli Access Manager - pdadmin . . . . . . . . . . . . . . . . . . . . . . . . . 511 12.1.7 Tivoli Access Manager - Web Portal Manager . . . . . . . . . . . . . . . 513 12.1.8 User management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513 12.1.9 Customize the WebSEAL HTML pages . . . . . . . . . . . . . . . . . . . . 519 12.1.10 Externalized role management . . . . . . . . . . . . . . . . . . . . . . . . . . 524 12.1.11 Favicon configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53112.2 WebSphere administration tools and common tasks . . . . . . . . . . . . . . 531 12.2.1 WebSphere Application Server - Administrative console . . . . . . . 531 12.2.2 WebSphere Application Server - Scripting program . . . . . . . . . . . 532 Contents ix
  • 11. 12.2.3 WebSphere Application Server - Command-line tools . . . . . . . . . 533 12.2.4 WebSphere Portal - Web administration . . . . . . . . . . . . . . . . . . . . 535 12.2.5 WebSphere Portal - XMLAccess. . . . . . . . . . . . . . . . . . . . . . . . . . 544 12.2.6 Externalize virtual resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547 12.3 Start and stop servers for ITSO example nodes . . . . . . . . . . . . . . . . . . 548 12.4 Back up and restore of key configuration files and databases . . . . . . . 549 12.4.1 Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549 12.4.2 Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553 12.5 Verifying the ITSO Bank application and runtime . . . . . . . . . . . . . . . . . 557 12.5.1 Banking application login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557 12.5.2 Add user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559 12.5.3 Modify user information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563 12.5.4 View account balance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566 12.5.5 Transfer funds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567Part 3. Appendixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571 Appendix A. Troubleshooting a secure portal solution. . . . . . . . . . . . . . 573 Common issues encountered in a secure portal . . . . . . . . . . . . . . . . . . . . . . 574 Common problems and solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574 Secure portal tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582 Runtime log files for server components . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588 Logs - WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 588 Logs - WebSphere Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589 Logs - Tivoli Access Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589 Gathering runtime tracing for security issues . . . . . . . . . . . . . . . . . . . . . . . . . 591 Tracing authentication issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591 Tracing authorization issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593 Tracing Credential Vault issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594 Problems fixed in the portal for external access control . . . . . . . . . . . . . . . . . 594 WebSphere Portal V5 Fixpack 2 (V5.0.2) . . . . . . . . . . . . . . . . . . . . . . . . . 594 WebSphere Portal V5.0.2 Cumulative Fix 1 (V5.0.2.1) . . . . . . . . . . . . . . . 595 Individual fixes for WebSphere Portal V5.0.2.1. . . . . . . . . . . . . . . . . . . . . 596 Appendix B. Configure single sign-on using LTPA . . . . . . . . . . . . . . . . . 597 Prerequisite steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598 LTPA configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598 Apply Tivoli Access Manager ACLs to new LDAP suffix . . . . . . . . . . . . . . 598 Define additional MIME types for WebSphere Application Server . . . . . . 599 Export LTPA encryption keys from the WebSphere Application Server . . 599 Create a WebSEAL junction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599 Enable forms authentication on WebSEAL . . . . . . . . . . . . . . . . . . . . . . . . 601 Configure WebSEAL to modify URLs to back-end systems . . . . . . . . . . . 601 Configure additional WebSEAL parameters . . . . . . . . . . . . . . . . . . . . . . . 601x Develop and Deploy a Secure Portal Solution Using WebSphere Portal V5 and Tivoli Access Manager V5.1
  • 12. Import WebSphere Portal users and groups into TAM . . . . . . . . . . . . . . . 601 Define access controls for WebSphere Portal URIs . . . . . . . . . . . . . . . . . 602 Configure the junction mapping table . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602 Configure Portal login/logout for WebSEAL . . . . . . . . . . . . . . . . . . . . . . . 602Appendix C. CVS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 603CVS overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604CVSNT Server implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605 CVS Server installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 CVS Server repository configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 Create CVS users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609CVS Client configuration for WebSphere Studio Application Developer . . . . 610 Set CVS DTD file extension to ASCII . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611 Label decorations for CVS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611 Setting up the repository location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611Appendix D. Automate deployment tasks. . . . . . . . . . . . . . . . . . . . . . . . . 613Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615Tooling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616Deployment walkthrough . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617 Solution structuring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618 Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 Populating the solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621Concepts and background discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625 Component types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625 ITSO WebSphere Portal development starter kit . . . . . . . . . . . . . . . . . . . 627 wpdsk-util command reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642Appendix E. Node descriptions for architecture models . . . . . . . . . . . . 645Conceptual model node description for the runtime environment . . . . . . . . . 646Specified model node description for the runtime environment . . . . . . . . . . . 656Conceptual model node descriptions for development . . . . . . . . . . . . . . . . . 670Specified model node description for development and test environment . . . 676Appendix F. Additional material. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683Locating the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683Using the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683 System requirements for downloading the Web material . . . . . . . . . . . . . 684 How to use the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684Description of sample code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685 Contents xi
  • 13. Other publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 686 Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687 How to get IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 688 Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 688 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689xii Develop and Deploy a Secure Portal Solution Using WebSphere Portal V5 and Tivoli Access Manager V5.1
  • 14. NoticesThis information was developed for products and services offered in the U.S.A.IBM may not offer the products, services, or features discussed in this document in other countries. Consultyour local IBM representative for information on the products and services currently available in your area.Any reference to an IBM product, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product, program, or service thatdoes not infringe any IBM intellectual property right may be used instead. However, it is the usersresponsibility to evaluate and verify the operation of any non-IBM product, program, or service.IBM may have patents or pending patent applications covering subject matter described in this document.The furnishing of this document does not give you any license to these patents. You can send licenseinquiries, in writing, to:IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.The following paragraph does not apply to the United Kingdom or any other country where such provisionsare inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDESTHIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimerof express or implied warranties in certain transactions, therefore, this statement may not apply to you.This information could include technical inaccuracies or typographical errors. Changes are periodically madeto the information herein; these changes will be incorporated in new editions of the publication. IBM maymake improvements and/or changes in the product(s) and/or the program(s) described in this publication atany time without notice.Any references in this information to non-IBM Web sites are provided for convenience only and do not in anymanner serve as an endorsement of those Web sites. The materials at those Web sites are not part of thematerials for this IBM product and use of those Web sites is at your own risk.IBM may use or distribute any of the information you supply in any way it believes appropriate withoutincurring any obligation to you.Information concerning non-IBM products was obtained from the suppliers of those products, their publishedannouncements or other publicly available sources. IBM has not tested those products and cannot confirmthe accuracy of performance, compatibility or any other claims related to non-IBM products. Questions onthe capabilities of non-IBM products should be addressed to the suppliers of those products.This information contains examples of data and reports used in daily business operations. To illustrate themas completely as possible, the examples include the names of individuals, companies, brands, and products.All of these names are fictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.COPYRIGHT LICENSE:This information contains sample application programs in source language, which illustrates programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programs inany form without payment to IBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operating platform for which thesample programs are written. These examples have not been thoroughly tested under all conditions. IBM,therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy,modify, and distribute these sample programs in any form without payment to IBM for the purposes ofdeveloping, using, marketing, or distributing application programs conforming to IBMs applicationprogramming interfaces.© Copyright IBM Corp. 2004. All rights reserved. xiii
  • 15. TrademarksThe following terms are trademarks of the International Business Machines Corporation in the United States,other countries, or both: AIX® HACMP™ Redbooks™ Balance® IBM® Redbooks (logo) ™ ClearCase® ibm.com® Sametime® Cloudscape™ Lotus Notes® Tivoli® developerWorks® Lotus® WebSphere® Domino® NetView® xSeries® DB2 Universal Database™ Notes® DB2® Rational®The following terms are trademarks of other companies:Intel, Intel Inside (logos), MMX, and Pentium are trademarks of Intel Corporation in the United States, othercountries, or both.Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in theUnited States, other countries, or both.Java and all Java-based trademarks and logos are trademarks or registered trademarks of SunMicrosystems, Inc. in the United States, other countries, or both.UNIX is a registered trademark of The Open Group in the United States and other countries.Other company, product, and service names may be trademarks or service marks of others.xiv Develop and Deploy a Secure Portal Solution Using WebSphere Portal V5 and Tivoli Access Manager V5.1
  • 16. Preface Portals provide a personalized single point of access to applications, content, and processes through a Web interface. Secure portal solutions are needed to address the common security challenges, such as authentication, authorization and single sign-on. This IBM Redbook and sample code will provide IT architects, developers, IT specialists, and administrators with the critical knowledge the design, develop, deploy and manage a secure portal solution using IBM® Tivoli Access Manager V5.1.0.2 and IBM WebSphere® Portal V5.0.2.1. Part 1, “Introduction to secure portal solutions” on page 1, introduces key concepts and provides an in-depth look at the secure portal solution architecture, topology selection, design and integration guidelines. Part 2, “ITSO working example secure portal solution” on page 141, describes how to implement an end-to-end secure portal solution. This part includes a business scenario, requirements, design, implementation of the runtime and development environments, application development and deployment, and administration of the secure portal solution.The team that wrote this redbook This redbook was produced by a team of specialists from around the world working at the International Technical Support Organization, Raleigh Center.© Copyright IBM Corp. 2004. All rights reserved. xv
  • 17. Figure 1 The IBM Redbook team (left to right, 1st row: John Ganci, Normunds Saumanis; 2nd row: Brett Gordon, Jonas Tingeborn, Melanie Fletcher, Hinrich Boog, Ashwin Manekar, Kai Schwidder) John Ganci is a Senior Software Engineer, WebSphere Specialist at the IBM ITSO, Raleigh Center. He writes extensively and teaches classes on WebSphere and related topics. John has 14 years of experience in product and application design, development, system testing, and consulting. His areas of expertise include e-commerce, WebSphere Application Server, portals, pervasive computing, Linux and Java™ programming. Hinrich Boog is an IT Specialist in the IBM e-business Innovation Center Hamburg, Germany. He has several years of experience in application development and IT consulting for e-business solutions. He holds a degree in Computer Science (major) and Russian language (minor) from Freie Universität Berlin, Germany. His areas of expertise include J2EE applications, enterprise portals and Web content management. He is a Sun Certified Web Component Developer.xvi Develop and Deploy a Secure Portal Solution Using WebSphere Portal V5 and Tivoli Access Manager V5.1
  • 18. Melanie Fletcher is a Software Engineer in the Gold Coast IBM Tivoli® lab,Australia. She has extensive experience with the Tivoli Access Manager securityproducts ranging from functional verification testing to consulting. She holds adegree in Business and a Masters of Information Technology from theQueensland University of Technology, Australia. Her areas of expertise includesecurity solutions using Tivoli Access Manager and Tivoli Identity Manager.Brett Gordon is a Software Engineer in the IBM Software Group, USA. He hasover five years of experience in technical support for IBM Lotus® Software. Heholds a degree in international economics from the University of Texas at Austin,and he is currently pursuing a Masters degree in Computer Networking fromNorth Carolina State University in Raleigh. His areas of expertise includeintegration, security, and administration of WebSphere Portal and LotusDomino®. He is an IBM Certified System Administrator for WebSphere PortalV5.Ashwin Manekar is a Software Engineer in IBM Software Group Solution Test,USA. He has eight years of experience in application development and ITConsulting for e-business solutions. He holds a Masters degree in ComputerScience from the University of North Carolina at Charlotte, USA. His areas ofexpertise include developing J2EE enterprise applications, portlet development,Click-To-Action technolog,y and Web applications. He has published severalpapers in the area of WebSphere Portal environment setup and portletdevelopment on the IBM developerWorks® technical forum.Normunds Saumanis is an IT Architect in IBM Global Services, Latvia. He hasover 10 years experience in systems support, systems integration, applicationdevelopment and IT consulting. He holds a degree in Computer Science fromMichigan State University, USA. His areas of expertise include AIX/UNIX®systems support, IT infrastructure design and operations, systems integration,Java, pervasive and Web applications, and IBM WebSphere.Kai Schwidder is an IT Architect in the IBM Software Group, Switzerland. Hehas 14 years of experience in the fields of consulting, application development,and systems integration for e-business and e-commerce solutions. He holds adegree in Computer Science from the Technical University in Berlin, Germany.His areas of expertise include systems integration, application architecture anddevelopment, business to technology consulting, technical team leadership,WebSphere Portal, Tivoli Access Manager, WebSphere Commerce, andWebSphere MQ.Jonas Tingeborn is an IT Specialist in IBM Global Services, Sweden. He hasworked at IBM for six years, of which the last four spent at various e-businessengagements for different customers. His focus areas and previous project rolesinclude application development, e-business consulting, and configurationmanagement with WebSphere Portal, J2EE and Linux. Preface xvii
  • 19. Thanks to the following people for their contributions to this project: Tinny Ng, IBM Canada Michele Galic, IBM USA Allison Halliday, IBM Sweeden Andrew Hatzikyriacos, South Africa Maria Munaro, IBM Venezuela Sailaja Parepalli, Miraclesoftware Systems Inc., USA David Yang, IBM USA Gianluca Gargaro, IBM Italy Steven Tuttle, IBM ITSO Raleigh Center, USA William Tworek, IBM ITSO Cambridge Center, USA Axel Buecker, IBM ITSO Austin Center, USA Ray Neucom, IBM USA Paul Kelsey, IBM USA Masanobu Ida, IBM Japan Stefan Schmitt, IBM Germany Daniel Kipfer, IBM Switzerland Julie Czubik, ITSO Poughkeepsie Center, USABecome