Content Management and Capture

Expand all | Collapse all

IBM Content Navigator and ping page under SSO configuration

  • 1.  IBM Content Navigator and ping page under SSO configuration

    Posted 30 days ago
    Hello all,

    We are currently installing a new FileNet Content Manager platform and we are using IBM Content Navigator with Single Sign-On. Single Sign-On is customized via a Trust Association Interceptor designed for using Central Authentication Services.

    We have a farm of ICN nodes behind a virtual IP address managed by Netscaler load balancer.
    We configured load balancer in order to check /navigator/ping.jsp and control HTTP code from response to 200 and check term "pingPage" in HTTP response.

    But we have currently a problem with these configuration as our load balancer sees ICN nodes as down.
    It seems that /navigator/ping.jsp response is a redirection to authentication form provided by Central Authentication Service.

    Our question is so the following : How can we configure IBM Content Navigator application in order to bypass SSO when using resource /navigator/ping.jsp ?
    Our goal is too allow load balancer to access without authenticating to a ping page in order to be sure that ICN node is available for service.

    Or is there an alternative to the ping page without SSO protection ? I asked for IBM support which sent me to url navigator/jaxrs/getDesktop which is not secured but this page weighs 270,90 ko (and can grow) which is a lot for a keep alive page called every 5 seconds.

    Thanks for your help.

    Regards,
    Florian Kiebel

    ------------------------------
    Florian KIEBEL
    Practice Leader
    Amexio
    ------------------------------


  • 2.  RE: IBM Content Navigator and ping page under SSO configuration

    Posted 27 days ago
    Edited by DAVID Jenness 25 days ago
    Hello Florian,

    There is another endpoint, navigator/jaxrs/pluginsInfo, that doesn’t require authentication which you might be able to use but please note that all endpoints under navigator/jaxrs/ are private and, therefore, subject to be changed.

    That said, we’re planning to add a lightweight public endpoint you can use to simply check if the system is up and running without any other info which you might be able to use when it’s available.

    Thank you,

    ------------------------------
    ANDY Choi
    ------------------------------



  • 3.  RE: IBM Content Navigator and ping page under SSO configuration

    Posted 25 days ago
    Thank you Andy,

    I agree the url you provided, is much lighter than the the other one.
    We will use it.

    I agree with your last statement, a very lightweight public endpoint saying "ICN is up"  is clearly sufficient for load balancer material.

    Thank you again for your help

    Regards,

    ------------------------------
    Florian KIEBEL
    Practice Leader
    Amexio
    ------------------------------



  • 4.  RE: IBM Content Navigator and ping page under SSO configuration

    Posted 16 days ago
    Hello all,

    Well, finally, it seems that both endpoints (jaxrs/getDesktop and jaxrs/pluginsInfo) are both covered by our SSO. I was wrong in my last statement.
    When I tested both statement, I saw that CAS token is generated.

    Perhaps it is caused by the version, we currently run :
    Version : 3.0.7
    Génération : icn307.003.175

    Does anyone have another idea on this topic ?

    Regards,
    Florian Kiebel


    ------------------------------
    Florian KIEBEL
    Practice Leader
    Amexio
    ------------------------------



  • 5.  RE: IBM Content Navigator and ping page under SSO configuration

    Posted 8 days ago

    Hi Florian

    In your SSO configuration do you have the ability to exempt certain endpoints from SSO?

    In a saml trust interceptor configuration you can do something like this:

    sso_1.sp.filter = request-url^=navigator;request-url!=error.jsp;remote-address!=111.22.333.444

    The "!=" stops it from going the SSO route



    ------------------------------
    Chuck Hauble
    Senior IT Engineer
    Hennepin County
    Minneapolis MN
    ------------------------------