Post-installation instructions

Prerequisites

You must complete following tasks if you are migrating the Persistent Mobile Foundation (PMF) 10.0 and later releases on WebSphere® Application Server (WAS), WebSphere Application Server Network Deployment (WAS-ND) and WebSphere Application Server Liberty.

  1. Check whether the Jython is at version 2.1.
  2. Go to app_server_root/bin directory and locate the wsadmin script file.
  3. Run the following command to open the shell for admin utility. ./wsadmin.sh

  4. Run the following command. sys.version

    If reported version is 2.1 no action is needed, but if the reported version is 2.7 or higher then execute he following command on same terminal where you are going to install the PMF.

    ./wsadmin.sh -usejython21 true

Post-installation instructions

Following are some post-installation configuration that needs to be completed in the the config.properties file and server.xml file of the WebSphere Application Server Liberty.

You need to restart the respective server instance, to reflect the changes you have done to these files.

Configure config.properties file

  1. Go to app_server_root/usr/servers/SERVER_INSTANCE/ folder, and locate the config.properties file generated during installation.
  2. Edit the config.properties file to change value of the allowed.hostname property with the IP Address or hostname of the system where PMF is deployed.
  3. Repeat steps #1 and #2 for all the server instances where PMF components are installed.

Note: For more information on the above properties, see config.properties file parameters.

Configure server.xml file

You should add the following flags in the WebSphere Liberty Server configuration file (server.xml) as security recommendations.

  • Set secure flag on the session cookies by adding the following property with the given value.

    <httpSession cookieSecure="true" cookieHttpOnly="true"/>

    Missing secure flag on cookies could allow attacker to read the cookies and make unintended use of it.

  • Set expiry of single sign-on (SSO) Lightweight Third Party Authentication (LTPA) token from WebSphere Application Server Liberty to avoid any misuse for unintended access by adding the following property with the given value.

    <ltpa expiration="60m"/>

    The value of the property is in minutes. If no value is set, then the default value for expiration is 120 minutes (2 hours).

  • Set a secure flag on LTPA token cookies, when accessing the application on a HTTPS protocol. For HTTP access, disable by seting the value as “true”.

    <webAppSecurity logoutOnHttpSessionExpire="true" ssoRequiresSSL="true"/>

  • Invalidate an expired session by adding the following property with the given value.

    <httpSession invalidateOnUnauthorizedSessionRequestException="true"/>

  • Invalidate LTPA tokens (used for Single Sign-On) after a user has logged out by adding the following property with the given value.

    <webAppSecurity trackLoggedOutSSOCookies="true"/>

    This ensures that the server actively tracks and invalidates these LTPA tokens, thus providing an enhanced security posture by reducing the risk of unauthorized access or session hijacking.

Last modified on