Post-installation instructions

Prerequisites

You must complete following tasks if you are migrating the Persistent Mobile Foundation (PMF) 9.x and later releases on WebSphere® Application Server (WAS), WebSphere Application Server Network Deployment (WAS-ND) and WebSphere Application Server Liberty.

  1. Check whether the Jython is at version 2.1.
  2. Go to app_server_root/bin directory and locate the wsadmin script file.
  3. Run the following command to open the shell for admin utility. ./wsadmin.sh

  4. Run the following command. sys.version

    If reported version is 2.1 no action is needed, but if the reported version is 2.7 or higher then execute he following command on same terminal where you are going to install the PMF.

    ./wsadmin.sh -usejython21 true

Post-installation instructions

Following are some mandatory steps for the above software to be completed post-installation.

WebSphere Application Server Liberty

Release 9.1

  1. Edit the config.properties file to change value of the allowed.hostname property with the IP Address or hostname of the system where PMF is deployed.

  2. Restart server to apply the updates.

Release 9.2

  1. Go to app_server_root/usr/servers/SERVER_INSTANCE/ folder, and locate the config.properties file generated during installation.
  2. Edit the config.properties file to change value of the allowed.hostname property with the IP Address or hostname of the system where PMF is deployed.
  3. Repeat steps #1 and #2 for all the server instances where PMF components are installed.
  4. Restart all the server instances.

For more information on the above properties, see config.properties file parameters.

Configure server.xml file

You should add the following flags in the WebSphere Liberty Server configuration file (server.xml) as security recommendations.

  • Set secure flag on the session cookies by adding the following property with the given value.

    <httpSession cookieSecure="true" cookieHttpOnly="true" />

    Missing secure flag on cookies could allow attacker to read the cookies and make unintended use of it.

  • Set expiry of single sign-on (SSO) Lightweight Third Party Authentication (LTPA) token from WebSphere Application Server Liberty to avoid any misuse for unintended access by adding the following property with the given value.

    <ltpa expiration="60m"/>

    The value of the property is in minutes. If no value is set, then the default value for expiration is 120 minutes (2 hours).

  • Set a secure flag on LTPA token cookies, when accessing the application on a HTTPS protocol. For HTTP access, disable by seting the value as “true”.

    <webAppSecurity logoutOnHttpSessionExpire="true" ssoRequiresSSL="true" />

Last modified on