16.29 WebDAV Support

WebDAV is a standard collaborative editing and file management protocol. OpenText Filr relies on the WebDAV protocol to edit files.

NOTE:Begining with Filr 5.0, by default WebDAV is disabled.

If your Filr users are running a supported client operating system other than Windows 7, editing files works without any problems. Windows 7 must be configured to use a self-signed certificate in order to work with WebDAV.

The information in this section assumes that your environment requires the use of Microsoft Office. If your environment does not require the use of Microsoft Office, see Using OpenOffice as Your Document Editor for WebDAV.

16.29.1 Planning Your WebDAV Implementation

Understanding the Different Types of WebDAV Authentication Methods

OpenText Filr supports the following WebDAV authentication methods:

Using WebDAV When Filr Is Fronted by NetIQ Access Manager

If your Filr system is fronted by NetIQ Access Manager, you must use the designated WebDAV authentication method:

Product Fronting Filr

Designated Authentication Method

NetIQ Access Manager

If your Filr installation is fronted by NetIQ Access Manager, as described in see Access Manager (NAM) and Filr Integration in the OpenText Filr 24.4: Installation, Deployment, and Upgrade Guide, you must use basic authentication for your WebDAV implementation.

During the Filr appliance configuration, select basic when configuring WebDAV, as described in see WebDAV Authentication Configuration Settings in the OpenText Filr : Administrative UI Reference.

Meeting Filr Certificate Requirements on Windows 7

If you are using WebDAV functionality with Filr on Windows 7 with a secure (HTTPS) connection, ensure that the Filr server certificate requirements are met. If all of the requirements are not met, various Windows 7 services fail.

Filr server certificate requirements:

  • You must use a trusted server certificate that is accepted by Windows 7. This server certificate must be signed by a trusted certificate authority (CA) such as VeriSign or Equifax.

    NOTE:You can use a self-signed certificate only if the certificate is imported into the Trusted Root Certification Authorities store on each Windows 7 client computer.

  • The trusted server certificate must be issued to a name that exactly matches the domain name of the URL that you are using it for. This means that it must match the URL of your Filr site.

  • The date range for the trusted server certificate must be valid. You cannot use an expired server certificate.

  • The Windows 7 system must be adjusted to enable FIPS-compliant algorithms for encryption, hashing, and signing, unless you are using OpenText Access Manager 4.1.1 or later.

    1. From the Start menu, type Local Security Policy, then press Enter.

    2. Expand Local Policies, then select Security Options.

    3. Enable the following setting:

      System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.

Using OpenOffice as Your Document Editor for WebDAV

If your environment does not require the use of Microsoft Office, you might consider migrating users to OpenOffice 3.1 or later as their document editor. Using OpenOffice 3.1 or later provides seamless integration between the WebDAV server and Filr, regardless of which operating system is being used.

16.29.2 Disabling WebDAV for Filr Site

If you do not want your Filr users to use the “Edit with Application” functionality, then disable WebDAV for the Filr site.

To disable WebDAV for a Filr site, perform the following steps or review the KB article.

  1. In a text editor, open the /opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/classes/config/ssf-ext.properties file.

  2. Add the following setting:

    access.webdav.enable=false

16.29.3 Editing Files with “Edit with Application” Functionality

IMPORTANT:

  • Due to security concerns about the NPAPI cross platform plug-in architecture, Google’s Chrome browser version 45 and later and Microsoft’s Edge browser have discontinued support for the Java browser plug-in. Because Filr’s “Edit with Application” functionality relies on the plug-in, “Edit with Application” is no longer supported in these browsers.

    OpenText anticipates that other browser vendors might also discontinue support for the Java browser plug-in in the near future.

  • Users can use the “Edit with Application” functionality to edit a file only if WebDAV is enabled on the Filr site. If you do not want your Filr users to use the “Edit with Application” functionality, then disable WebDAV for the Filr site. See Disabling WebDAV for Filr Site.

If you are using a browser that still supports the NPAPI plug-in architecture, you can leverage “Edit with Application” functionality.

If you are using “Edit with Application” functionality over HTTP, no additional setup is required. However, if you are using “Edit with Application” functionality over HTTPS on Windows 7, ensure that you have met the Filr server certificate requirements, as described in Meeting Filr Certificate Requirements on Windows 7.

For more information about editing Filr documents in Microsoft Office with Windows 7, see “TID 7006717: Document editing failure with Windows 7 and Microsoft Office” in the Support Knowledgebase.

16.29.4 Mapping a Filr Folder as a WebDAV Folder

Mapping a OpenText Filr folder as a WebDAV folder on the client computer allows access to Filr files from a WebDAV-compliant file navigation tool such as Windows Explorer or Nautilus.

When you map a Filr folder as a WebDAV folder on Windows 7, ensure that all Filr server certificate requirements are met, as described in Meeting Filr Certificate Requirements on Windows 7.

16.29.5 Configuring Windows to Use a Self-Signed Certificate with Filr

Configuring Windows to use a self-signed certificate with OpenText Filr is a two-step process. The first step is accomplished by the Filr administrator on the Filr server, and the second step is accomplished by each Filr user on his or her Windows workstation.

Administrator Configuration Responsibilities

  1. Ensure that the following prerequisites are met in order to configure Windows to use a self-signed certificate with Filr:

    • The self-signed server certificate must be issued to a name that exactly matches the domain name of the URL that you use it for. This means that it must match the URL of your Filr site.

    • The date range for the trusted server certificate must be valid. You cannot use an expired server certificate.

User Configuration Responsibilities on Windows 7 Workstation

Each Windows 7 workstation user must import the self-signed certificate of the Filr server into the Trusted Root Certification Authorities store.

In a controlled corporate environment where the system administrator sets up each client workstation before use, this certificate can be preinstalled on each Windows 7 workstation. This can minimize end-user error and frustration.

  1. Launch the Internet Explorer browser.

  2. Click Tools > Internet Options to display the Internet Options dialog box.

  3. Click the Security tab, then select Trusted sites.

  4. Click Sites.

  5. In the Add this website to the zone field, specify the URL of the Filr web site, then click Add > Close.

  6. Browse to your Filr site.

  7. (Conditional) If a prompt displays indicating that there is a problem with this web site’s security certificate, complete the following steps:

    1. Click Continue to this website (not recommended).

    2. Click Certificate Error at the right of the address bar, then click View certificates.

    3. Click Install Certificate, then click Next in the wizard.

    4. Select Place all certificates in the following store.

    5. Click Browse, browse to and select Trusted Root Certification Authorities, then click OK.

    6. In the wizard, click Next, then click Finish.

    7. (Conditional) If a Security Warning dialog box displays, click Yes.

    8. Click OK to close the Certificate Import Wizard.

    9. Click OK to close the Certificate window.

    10. Shut down all instances of the Internet Explorer browser, then restart the browser.

    11. Browse to the Filr site. You should no longer see the certificate error message.

      If you continue to see the certificate error message, the server’s self-signed certificate might not match the site URL, as described in Administrator Configuration Responsibilities.

User Configuration Responsibilities on Windows 10 Workstation

Each Windows 10 workstation user must import the self-signed certificate of the Filr server into the Trusted Root Certification Authorities store.

In a controlled corporate environment where the system administrator sets up each client workstation before use, this certificate can be preinstalled on each Windows 10 workstation. This can minimize end-user error and frustration.

  1. On the workstation, click Start > Run, then enter mmc and click OK.

  2. In the Console, click File > Add/Remove Snap-in

  3. In the Add or Remove Snap-ins window, select Certificates in left panel and click Add to move to right panel, then click OK.

  4. Select Computer account and click Next.

  5. Select the Local computer option, then click Finish.

  6. Click OK.

  7. To import trusted certificate, expand Certificates. Right-click Personal > All tasks > Import.

  8. In the Certificate Import Wizard, click Next.

  9. Click Browse to select the self-signed_cert.crt certificate file and click Next.

    For more about self-signed certificate, see Exporting a Self-Signed Certificate.

  10. Select Place all certificates in the following store and click Next.

  11. Click Finish to import the certificate.

  12. Click OK.

    Browse to the Filr site. You should no longer see the certificate error message.

    If you continue to see the certificate error message, the server’s self-signed certificate might not match the site URL, as described in Administrator Configuration Responsibilities.

16.29.6 Allowing Basic Authentication over an HTTP Connection on Windows 7

You can modify the Windows registry to allow Basic authentication to WebDAV over an HTTP connection. This registry change allows users to use Microsoft Office 2007 on the Windows 7 operating system, but does not allow them to use Microsoft Office 2010. Microsoft Office 2010 is not supported with Basic Authentication over an HTTP connection.

To modify the Windows registry:

  1. On each Windows 7 workstation, click Start > Run, then specify regedit in the Open field.

  2. Click OK.

  3. In the Registry Editor window, navigate to the following registry entry:

    \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\WebClient\Parameters\BasicAuthLevel
  4. Change the value of this registry entry to 2.

  5. Navigate to the Services interface, then restart the WebClient service.