Using secure HTTP (HTTPS) improves the security of your Novell Teaming site. During installation, you can choose to configure your Teaming site for HTTP or HTTPS. After installation, you can force secure HTTP connections.
When you run the Novell Teaming Installation program, you can choose between non-secure and secure HTTP connections, as described in HTTP/HTTPS Ports
in Basic Installation
in the Novell Teaming 2.0 Installation Guide.
With additional configuration, you can force users from a non-secure HTTP connection to a secure HTTPS connection.
With Novell Teaming, you can use Novell Access Manager to force secure HTTP connections. For more information, see Configuring Single Sign-On with Novell Access Manager
in Advanced Installation and Reconfiguration
in the Novell Teaming 2.0 Installation Guide.
To reconfigure Tomcat, you must update two configuration files (both named web.xml) under two different directories (ssf and ssfs). The ssf directory name refers to SiteScape® Forum, a legacy product name. The ssf directory contains the main Teaming Web application that you use when you interact with your browser. The ssfs directory name refers to SiteScape File System. The ssfs directory contains the Teaming WebDAV application that you use to access files on a remote WebDAV server from the Teaming site.
Log into the Teaming server with sufficient rights to edit the web.xml files (root on Linux, Administrator on Windows).
Modify the web.xml file under the ssf directory:
Change to the directory where the web.xml file is located.
Make a backup copy of the web.xml file, then open the web.xml file in a text editor.
Add the following security constraint at the bottom of the file, immediately above the </web-app> tag.
<security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
(Conditional) If users access the Teaming site with Internet Explorer*, replace the following single line provided above:
<url-pattern>/*</url-pattern>
with the following set of lines:
<!-- Patterns from web.xml.tmpl. --> <url-pattern>/a/*</url-pattern> <url-pattern>/ws/*</url-pattern> <url-pattern>/rss/*</url-pattern> <url-pattern>/atom/*</url-pattern> <!-- Patterns from subdirectories of webapps/ssf. --> <url-pattern>/applets/*</url-pattern> <url-pattern>/css/*</url-pattern> <url-pattern>/help/*</url-pattern> <url-pattern>/help_doc/*</url-pattern> <url-pattern>/i/*</url-pattern> <url-pattern>/images/*</url-pattern> <url-pattern>/js/*</url-pattern>
For Internet Explorer, this list of URL patterns forces secure HTTP connections for everything except the /s/* pattern (document files with extensions such as .odt and .doc) and the /ical/* pattern (calendar .ics files).
Save the modified web.xml file, then exit the text editor.
Modify the web.xml file under the ssfs directory:
Change to the directory where the web.xml file is located.
Make a backup copy of the web.xml file, then open the web.xml file in a text editor.
Find the security constraint section.
Scroll to the bottom of the security constraint section, which is marked with </security constraint>.
Insert the following lines in the security constraint section after the </web-resource-collection> tag and before the <auth-constraint> tag:
<user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint>
The result would look like the following example:
<security-constraint> <web-resource-collection> <web-resource-name>DAV resource</web-resource-name> <url-pattern>/*</url-pattern> <http-method>COPY</http-method> . . . <http-method>SUBSCRIBE</http-method> <http-method>UNSUBSCRIBE</http-method> <http-method>POLL</http-method> <http-method>NOTIFY</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> <auth-constraint> <role-name>root</role-name> </auth-constraint> </security-constraint>
Test the updated configuration:
Stop Teaming.
Start Teaming.
In a Web browser, attempt to access the teaming site using a non-secure URL:
http://teaming_hostname
The browser should convert it to a secure URL:
https://teaming_hostname
You can set up the Apache* Web server to front your Novell Teaming site and use a meta refresh to redirect users to a secure URL.
Install the Apache Web server on one server.
Configure Apache to listen on port 80.
Create an index.html file similar to the following example:
<html>
<head>
<meta http-equiv="refresh" content="0;url=https://teaming_url" />
<title>Redirected to Secure Teaming</title>
</head>
<body>
This page is used to redirect to the Secure Teaming server. If your
browser does not automatically redirect you in a few seconds, click
<a href="https://teaming_url">here</a> to go to the secure page.
</body>
</html>
Replace teaming_url with the URL to your Teaming site.
Place the index.html file in the document root directory of the Apache Web server.
Restart the Apache Web server.