Post-installation instructions

You must complete following tasks if you are migrating the Persistent Mobile Foundation (PMF) 9.0.3 and later releases on WebSphere® Application Server (WAS), WebSphere Application Server Network Deployment (WAS-ND), WebSphere Application Server Liberty, and Apache Tomcat®.

Prerequisites

1. Check whether the Jython is at version 2.1.
2. Go to app_server_root/bin directory and locate the wsadmin script file.
3. Run the following command to open the shell for admin utility. ./wsadmin.sh

4. Run the following command. sys.version

   If reported version is 2.1 no action is needed, but if the reported version is 2.7 or higher then execute he following command on same terminal where you are going to install the PMF.

   ./wsadmin.sh -usejython21 true

Jump to

• Server configuration
  • Apache Tomcat
  • WebSphere Application Server (WAS)
  • WebSphere Application Server Network Deployment (WAS-ND)
  • WebSphere Application Server Liberty
• server.xml file configuration
• Enable User feedback on Websphere Application Server (WAS)

Server configuration

Following are some mandatory steps for the above software to be completed post-installation.

Note: For more information on the allowed.hostname property mentioned in this section, see config.properties file parameters.

Apache Tomcat

Release 9.0.6

1. Stop the Apache Tomcat Server.
2. Go to <tomcat_install_dir>/conf directory, and edit context.xml file.

3. Add the following element to the context.xml file.

   <JarScanner scanClassPath="false" />

4. Download the javax.ws.rs-api-2.1.1.jar and com.ibm.json4j-1.0.105.RELEASE.jar JAR files from the Maven Central site or by using the following links.

   • https://repo1.maven.org/maven2/javax/ws/rs/javax.ws.rs-api/2.1.1/javax.ws.rs-api-2.1.1.jar

   • https://public.dhe.ibm.com/ibmdl/export/pub/software/olrepo/io/openliberty/com.ibm.json4j/1.0.105.RELEASE/com.ibm.json4j-1.0.105.RELEASE.jar

5. Copy the downloaded JAR files to the <tomcat_install_dir>/lib directory.
6. Go to the <tomcat_install_dir>/bin and edit the setenv.sh file.

7. Locate the -Dmfp.config.service.url line in the setenv.sh file, and update with desired protocol along with the hostname/IP where PMF is deployed and port on which Apache Tomcat is running.

   Example After updating the configuration should resemble the following sample.

   Sample : CATALINA_OPTS="$CATALINA_OPTS -Dmfp.config.service.url=https://localhost:8443/mfpadminconfig"
   

8. Go to the <tomcat_install_dir>/conf, and edit the config.properties file.
9. Update value of the allowed.hostname property to the IP Address or hostname of the system where the PMF is deployed.
10. Ensure that the ports used by Apache Tomcat, such as 8686/8080/8443 etc., are not in use, and that no zombie Java process is running in background.
11. Start the Apache Tomcat Server.

WebSphere Application Server (WAS)

1. Go to app_server_root/properties folder, and locate the config.properties file generated during installation.
2. Edit the config.properties file to change value of the allowed.hostname property with the IP Address or hostname of the system where PMF is deployed.
3. Restart all the profiles.

WebSphere Application Server Network Deployment (WAS-ND)

1. Copy the config.properties file generated during installation in the app_server_root/properties folder on the master node to any child nodes at desired location.
2. Edit the config.properties file to change value of the allowed.hostname property with the IP Address or hostname of the system where the file was copied.
3. Open the WAS console, and navigate to the Servers → Server Types → Websphere Application servers path, and select same node where the file was copied and edited.

4. Go to the Java and Process Management → Process definition → Environment Entries path, and click on New. In general properties set Name field as CONFIGURATION_FILE_PATH and value should be absolute path of the config.properties file on the node where file is located.

   Example /opt/WebSphere/AppServer/properties/config.properties

5. Repeat all the steps from #1 to #4 for other nodes.
6. Save the configuration on console and restart both the nodes.

WebSphere Application Server Liberty

1. Go to app_server_root/usr/servers/SERVER_INSTANCE/ folder, and locate the config.properties file generated during installation.
2. Edit the config.properties file to change value of the allowed.hostname property with the IP Address or hostname of the system where PMF is deployed.
3. Repeat steps #1 and #2 for all the server instances where PMF components are installed.
4. Restart all the server instances.

server.xml file configuration

You should add the following flags in the WebSphere Liberty Server configuration file (server.xml) as security recommendations.

• Set secure flag on the session cookies by adding the following property with the given value.

  <httpSession cookieSecure="true" cookieHttpOnly="true"/>

  Missing secure flag on cookies could allow attacker to read the cookies and make unintended use of it.

• Set expiry of single sign-on (SSO) Lightweight Third Party Authentication (LTPA) token from WebSphere Application Server Liberty to avoid any misuse for unintended access by adding the following property with the given value.

  <ltpa expiration="60m"/>

  The value of the property is in minutes. If no value is set, then the default value for expiration is 120 minutes (2 hours).

• Set a secure flag on LTPA token cookies, when accessing the application on a HTTPS protocol. For HTTP access, disable by seting the value as “true”.

  <webAppSecurity logoutOnHttpSessionExpire="true" ssoRequiresSSL="true"/>

• Invalidate an expired session by adding the following property with the given value.

  <httpSession invalidateOnUnauthorizedSessionRequestException="true"/>

• Invalidate LTPA tokens (used for Single Sign-On) after a user has logged out by adding the following property with the given value.

  <webAppSecurity trackLoggedOutSSOCookies="true"/>

  This ensures that the server actively tracks and invalidates these LTPA tokens, thus providing an enhanced security posture by reducing the risk of unauthorized access or session hijacking.

• Hide details of the Application server by adding the following property with the given value.

  <webContainer disableXPoweredBy="true"/>

Enable User feedback on Websphere Application Server (WAS)

WAS - MFP console configuration

1. Go to Environment → Naming → Name Space Bindings.

2. From All Scope, select desired node.

   Example

   Node = 10Node02, Server = server1

3. Click New → Select String.

4. Enter the following details.

   • Binding Identifier: mfp/mfp.analytics.url

   • Name in Name Space Relative Field: mfp/mfp.analytics.url

   • String Value: http://{Analytics_Host}:{Analytics_Port}/analytics-service/rest

     Example

     http://1.1.1.1:9081/analytics-service/rest

5. Click Apply.

WAS - Analytics console configuration

1. Go to Applications → WebSphere Enterprise Applications → MobileFirst_Operational_Analytics_Service → Environment Entries for Web Modules.
2. Locate the analytics/analytics.authorization.server.url.
3. Ensure the port in the above URL matches the MobileFirst Console port (For example, 9080).
4. Click Apply.