Question & Answer
Question
How can I configure the IBM Rational ClearQuest Web to enforce client certificate authentication for OSLC URL patterns?
Cause
The Rational ClearQuest Web client includes a web deployment descriptor file. The web deployment descriptor has a commented section that includes instructions for modifying and replacing the web.xml file with rules that enable client certificate authentication. The rules contain explicit exemptions for OSLC URL patterns that allow OSLC integrations to operate using the standard ClearQuest authentication algorithm.
Answer
You can refine the list of URL exemptions in the web deployment descriptor to configure client certificate authentication for OSLC integrations. First, verify that all OSLC consumers that access the server can be configured to use client certificates when logging into target providers. The configuration changes affect all OSLC integrations for the Rational ClearQuest Web server. It is not possible to selectively specify that some OSLC consumers use standard authentication while others use client certificates.
1. In the web.xml file, remove the comments from the collection of security rules.
2. Replace the security-constraint element with web-resource-name CQBridge with the following security-constraint:
<security-constraint>
<web-resource-collection>
<web-resource-name>CQBridge</web-resource-name>
<url-pattern>/html/*</url-pattern>
<url-pattern>/oauth-request-consumer/*</url-pattern>
<url-pattern>/oauth-access-token/*</url-pattern>
<url-pattern>/oauth-request-token/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
3. Save the changes. Then, deploy the updated web.xml file as described in the ClearQuest Information Center topic Configuring client certificate authentication for ClearQuest Web.
4. Stop and restart the server to activate the changes.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21616504