Welcome
Administering
Learn how to administer the product.
Administering Rational® ClearQuest® Web
This section discusses how to administer Rational® ClearQuest® Web.
Configuring strong authentication with smart cards
Smart card authentication is appropriate for deployments where security requirements dictate stronger authentication than using a Rational® ClearQuest® user name and password.
Configuring Rational® ClearQuest® Web
Configuring Rational® ClearQuest® Web includes configuring client certification authentication, mapping users to LDAP groups, configuring container authentication, and configuring LDAP for Rational ClearQuest databases.
Configure LDAP mapping for Rational® ClearQuest® databases
It must be possible to determine the Rational® ClearQuest® user name from the WebSphere® Application Server-authenticated user name. If the Rational ClearQuest user name and the WebSphere Application Server-authenticated user name do not match, then you must configure the LDAP mapping so that the Rational ClearQuest user name can be derived at run time.

IBM ClearQuest 10.0.9
Overview
Learn general information about the product.
Installing
Learn how to install the product.
Upgrading and migrating
Learn how to upgrade and migrate data for the product.
Administering
Learn how to administer the product.
- Administering Rational® ClearQuest®
  Learn how to administer the Rational® ClearQuest®.
- Administering Rational® ClearQuest® Web
  This section discusses how to administer Rational® ClearQuest® Web.
  - About Rational® ClearQuest® Web server
    Rational® ClearQuest® Web server provides server-side support for WAN interfaces to Rational ClearQuest.
  - Configuring Rational® ClearQuest® Web with the Site Configuration window
    You customize many Rational® ClearQuest® Web server and application settings by using the Site Configuration window.
  - Customizing security
    Rational® ClearQuest® Web provides security that affects only the behavior of the Rational ClearQuest Web application.
  - Rational® ClearQuest® and single sign-on
    You can configure Rational® ClearQuest® for single sign-on with Lightweight Third-Party Authentication (LTPA), OpenID Connect, and Security Assertion Markup Language 2.0 (SAML2).
  - Configuring strong authentication with smart cards
    Smart card authentication is appropriate for deployments where security requirements dictate stronger authentication than using a Rational® ClearQuest® user name and password.
    - Prerequisites
      You must complete the following steps before you configure and enable smart card support.
    - Architecture of smart card authentication
      The high-level architecture components that comprise the Rational® ClearQuest® Web smart card authentication feature include the smart card middleware, IBM® HTTP Server, and WebSphere® Application Server.
    - Configuring WebSphere® Application Server
      Configuring WebSphere® Application Server security to support smart cards includes configuring client authentication, configuring the LDAP registry, configuring the LDAP client certificate filter, configuring the certificate authority, configuring the certificate revocation list, and securing WebSphere Application Server.
    - Configuring Rational® ClearQuest® Web
      Configuring Rational® ClearQuest® Web includes configuring client certification authentication, mapping users to LDAP groups, configuring container authentication, and configuring LDAP for Rational ClearQuest databases.
      - Enable Rational® ClearQuest® Web server administrative security
        Enable administrative security for Rational® ClearQuest® Web server if it is not enabled.
      - Configuring the web deployment descriptor file for client certificate authentication of OSLC calls
        You can configure the Rational® ClearQuest® Web deployment descriptor file, web.xml, to enforce client certificate authentication for OSLC URL patterns.
      - Configuring client certificate authentication for Rational® ClearQuest® Web
        Update the Rational® ClearQuest® Web deployment descriptor to configure client certificate authentication.
      - Mapping users to LDAP groups
        Map Rational® ClearQuest® Web users to LDAP groups.
      - Configuring container authentication for Rational® ClearQuest® Web
        Configure container authentication for Rational® ClearQuest® Web so that when a user navigates to the logon screen, the user name and password are populated from the client certificate.
      - Configure LDAP mapping for Rational® ClearQuest® databases
        It must be possible to determine the Rational® ClearQuest® user name from the WebSphere® Application Server-authenticated user name. If the Rational ClearQuest user name and the WebSphere Application Server-authenticated user name do not match, then you must configure the LDAP mapping so that the Rational ClearQuest user name can be derived at run time.
    - Troubleshoot smart card configuration issues
      This topic provides troubleshooting information for configuring smart card support.
  - Configuring and maintaining full-text search
    Some administrative tasks are required to configure and maintain the Rational® ClearQuest® full-text search feature.
  - Configuring and customizing the type-ahead feature
    The type-ahead feature enables users to use a choice-list drop-down as a search field to find and select items in the choice-list. This feature must be configured before it can be used. It can also be customized.
  - Configuring e-mail transports
    You can configure Rational® ClearQuest® Web to use either the SMTP (Simple Mail Transfer Protocol) or MAPI (Messaging Application Programming Interface) mail transport protocol.
  - Configuring integrations for Collaborative Lifecycle Management
    You can configure and use the Rational® ClearQuest® solution for Collaborative Lifecycle Management (CLM) integrations with Rational ClearQuest to connect the work of all team members. The Rational ClearQuest solution for CLM integrations, which are based on Jazz™ technology and the open architecture of Open Services for Lifecycle Collaboration (OSLC), include IBM® Rational Team Concert™, IBM Rational Quality Manager, and IBM Rational DOORS® Next Generation. Collaborative Lifecycle Management integrations with Rational ClearQuest Web are also referred to as the Rational ClearQuest Bridge.
  - Managing OSLC integrations in a load-balanced deployment
    By default, Open Services for Lifecycle Collaboration (OSLC) configuration settings for Rational® ClearQuest® are stored in files on the server. In a load-balanced environment, you can store these settings as master properties in the schema repository for shared use by all the servers in the deployment.
  - Using Rational® ClearQuest® to prefill OSLC 2.0-linked records
    You can configure Rational® ClearQuest® to prefill field values when opening the creation dialogs for associated OSLC 2.0 projects. When a creation dialog displays, values for designated fields in the new record are initialized using content from configured fields of the initiating Rational ClearQuest record.
- Administering Rational® ClearQuest® Multisite
  Administering Rational® ClearQuest® Multisite
Reporting
Learn how to generate reports for the product.
Developing
Learn how to develop schemas by using the Rational® ClearQuest® Designer.
Managing change and releases
Learn how to manage change and release in the product.
Integrating
You can integrate Rational® ClearQuest® with other software by adding packages to existing schema.
Extending product function
Learn how to extend the product.
Reference
Review reference information for the product.
Tutorials

Configure LDAP mapping for Rational® ClearQuest® databases

It must be possible to determine the Rational® ClearQuest® user name from the WebSphere® Application Server-authenticated user name. If the Rational® ClearQuest® user name and the WebSphere® Application Server-authenticated user name do not match, then you must configure the LDAP mapping so that the Rational® ClearQuest® user name can be derived at run time.

Use LDAP mapping to determine the ClearQuest® user by referencing a different user field than the logon name. For example, the user name of the WebSphere® Application Server-authenticated user might be the employee ID, while the Rational® ClearQuest® user name might be a more conventional logon name. By configuring LDAP mapping, the Rational® ClearQuest® application can use the employee ID that is saved in the Description field of the user record to derive the Rational® ClearQuest® user name. For instructions on how to configure a Rational® ClearQuest® database for LDAP authentication, see Setting up LDAP authentication.

Example

The following sequence of installutil subcommands configure a Rational® ClearQuest® database set for LDAP mapping. The uid attribute in the LDAP directory stores the user names. The installutil setcqldapmap subcommand identifies CQ_LOGIN_NAME as the Rational® ClearQuest® user-profile-mapping field. The subcommand uses %login% in place of an LDAP mapping attribute, which resolves to the Rational® ClearQuest® logon name.

installutil setauthenticationalgorithm 8.0.1 admin secret CQ_ONLY

installutil setldapinit 8.0.1 admin secret "-h ourldapserver.ourcompany.com"

installutil setldapsearch 8.0.1 admin secret "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(uid=%login%))"

installutil setcqldapmap 8.0.1 admin secret CQ_LOGIN_NAME %login%

installutil validateldap 8.0.1 admin secret test_user testPW

installutil setauthenticationalgorithm 8.0.1 admin secret CQ_FIRST