Appendix B. Web Express Logon using the Configuration server-based model

When creating an HTML file using the Configuration server-based model in the Deployment Wizard, the next window after the Configuration Model window is the Logon Type window. On this window, you are presented with the following three options:

Prompt users to enter Host On-Demand user ID: Select this option only if you want users to be challenged for their credentials. This is the default option.

Use Web Express Logon: Select this option to map the user's network ID to the Host On-Demand ID, which will log users on to the Host On-Demand server.

Note that you must have your user profiles already set up on your Host On-Demand configuration server. If you do not have your user profiles set up and you attempt to launch the HTML file, you will get the following error message:

WELM051 User name returned from Web Express Logon 
is not a known Host On-Demand user

Selecting this option also requires that you add an additional Vault credential mapper and all of its parameters to your web.xml file. For example, take the following steps:

In the web.xml file, update the following INIT parameter with the new Vault credential mapper name, for example, CMPIConfigServer_:

<init-param>
  <param-name>CMPICredentialMappers</param-name> 
  <param-value>CMPIDCASPlugin, CMPIVaultPlugin, 
		CMPIConfigServer_	</param-value> 
</init-param>

Add the parameter name for the new parameter value specified above, and change the AUTH type to AuthType_ConfigServer:

<init-param>
  <param-name>CMPIConfigServer_</param-name> 
  <param-value>com.ibm.eNetwork.security.sso.cms.CMPIVault, 
			AuthType_ConfigServer, *</param-value> 
  </init-param>

In the web.xml file, configure the remaining Vault parameters except these two parameters:
- CMPI_VAULT_DB_HOSTADDR_COL_NAME
- CMPI_VAULT_DB_HOSTAPP_COL_NAME
Use the section E. Add the required Vault parameters for the CMPIVaultPlugin. and F. Add the optional Vault parameters (if desired). as references. You will need to prepend the new credential mapper name to the Vault parameter names, for example, CMPIConfigServer_CMPI_VAULT_DB_ADDRESS.
In your Vault credential mapper database, create a new table with three columns, for example:
- NETWORKID
- HODID
- PASSWORD
Be sure that the NETWORKID contains the network IDs, the HODID column contains the Host On-Demand user IDs, and the PASSWORD column contains the Host On-Demand passwords. Since you did not add parameters in your XML file for HOSTADDRESS and APPLICATIONID, you do not need to add the columns for these in your Vault credential database.

Automatically log users on to Host On-Demand using their Windows username: Select this option to allow Host On-Demand to use the local system's ID for macro-based automation. You can either allow Host On-Demand to use the network ID supplied to the network security application or the Windows system ID to retrieve the host credentials. If you use this option, be sure that you select the appropriate User Identity Type in session properties and that you are using the WAR file that is intended to be used with Windows Domain (wincms.war).

When using the Configuration server-based model and a network security application such as Tivoli Access Manager, you may be accessing your Host On-Demand pages via a URL such as https://server_name/junction_name/HOD/myhodpage.html, where server_name is the name of the machine running Tivoli Access Manager and junction_name is the junction that you create to point to your Host On-Demand server machine and your HTTP server's port number. If this is the case, Host On-Demand will try to contact the Host On-Demand Service Manager to get your user, group, and session information at the server_name rather than at the junction_name. To remedy this situation, edit the config.properties file found in the HOD directory of your Host On-Demand install directory (\Program Files\IBM\HostOnDemand\HOD\config.properties) by adding this line at the end of the file content:

ConfigServer=myhodserver.ibm.com

where myhodserver is the machine you are pointing to with the junction_name.