WebDAV is a standard collaborative editing and file management protocol. OpenText Filr relies on the WebDAV protocol to edit files.
NOTE:Begining with Filr 5.0, by default WebDAV is disabled.
If your Filr users are running a supported client operating system other than Windows 7, editing files works without any problems. Windows 7 must be configured to use a self-signed certificate in order to work with WebDAV.
The information in this section assumes that your environment requires the use of Microsoft Office. If your environment does not require the use of Microsoft Office, see Using OpenOffice as Your Document Editor for WebDAV.
OpenText Filr supports the following WebDAV authentication methods:
Basic Authentication: The user name and password are encoded with the Base64 algorithm. The Base64-encoded string is unsafe if transmitted over HTTP, and therefore should be combined with SSL/TLS (HTTPS).
For more information, see WebDAV Authentication Configuration Settings
in the OpenText Filr : Administrative UI Reference.
If you plan to use Basic authentication over a non-secure connection (HTTP), you need to modify the registry on each Windows 7 client workstation, as described in Allowing Basic Authentication over an HTTP Connection on Windows 7. The registry modification allows users to use WebDAV with Microsoft Office 2007. However, Microsoft Office 2010 is not supported.
Digest Authentication: Applies MD5 cryptographic, one-way hashing with nonce values to a password before sending it over the network. This option is more safe than Basic Authentication when used over HTTP.
For more information, see WebDAV Authentication Configuration Settings
in the OpenText Filr : Administrative UI Reference.
If your Filr system is fronted by NetIQ Access Manager, you must use the designated WebDAV authentication method:
Product Fronting Filr |
Designated Authentication Method |
---|---|
NetIQ Access Manager |
If your Filr installation is fronted by NetIQ Access Manager, as described in see During the Filr appliance configuration, select basic when configuring WebDAV, as described in see |
If you are using WebDAV functionality with Filr on Windows 7 with a secure (HTTPS) connection, ensure that the Filr server certificate requirements are met. If all of the requirements are not met, various Windows 7 services fail.
Filr server certificate requirements:
You must use a trusted server certificate that is accepted by Windows 7. This server certificate must be signed by a trusted certificate authority (CA) such as VeriSign or Equifax.
NOTE:You can use a self-signed certificate only if the certificate is imported into the Trusted Root Certification Authorities store on each Windows 7 client computer.
The trusted server certificate must be issued to a name that exactly matches the domain name of the URL that you are using it for. This means that it must match the URL of your Filr site.
The date range for the trusted server certificate must be valid. You cannot use an expired server certificate.
The Windows 7 system must be adjusted to enable FIPS-compliant algorithms for encryption, hashing, and signing, unless you are using OpenText Access Manager 4.1.1 or later.
From the Start menu, type Local Security Policy, then press Enter.
Expand Local Policies, then select Security Options.
Enable the following setting:
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
If your environment does not require the use of Microsoft Office, you might consider migrating users to OpenOffice 3.1 or later as their document editor. Using OpenOffice 3.1 or later provides seamless integration between the WebDAV server and Filr, regardless of which operating system is being used.
If you do not want your Filr users to use the “Edit with Application” functionality, then disable WebDAV for the Filr site.
To disable WebDAV for a Filr site, perform the following steps or review the KB article.
In a text editor, open the /opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/classes/config/ssf-ext.properties file.
Add the following setting:
access.webdav.enable=false
IMPORTANT:
Due to security concerns about the NPAPI cross platform plug-in architecture, Google’s Chrome browser version 45 and later and Microsoft’s Edge browser have discontinued support for the Java browser plug-in. Because Filr’s “Edit with Application” functionality relies on the plug-in, “Edit with Application” is no longer supported in these browsers.
OpenText anticipates that other browser vendors might also discontinue support for the Java browser plug-in in the near future.
Users can use the “Edit with Application” functionality to edit a file only if WebDAV is enabled on the Filr site. If you do not want your Filr users to use the “Edit with Application” functionality, then disable WebDAV for the Filr site. See Disabling WebDAV for Filr Site.
If you are using a browser that still supports the NPAPI plug-in architecture, you can leverage “Edit with Application” functionality.
If you are using “Edit with Application” functionality over HTTP, no additional setup is required. However, if you are using “Edit with Application” functionality over HTTPS on Windows 7, ensure that you have met the Filr server certificate requirements, as described in Meeting Filr Certificate Requirements on Windows 7.
For more information about editing Filr documents in Microsoft Office with Windows 7, see “TID 7006717: Document editing failure with Windows 7 and Microsoft Office” in the Support Knowledgebase.
Mapping a OpenText Filr folder as a WebDAV folder on the client computer allows access to Filr files from a WebDAV-compliant file navigation tool such as Windows Explorer or Nautilus.
When you map a Filr folder as a WebDAV folder on Windows 7, ensure that all Filr server certificate requirements are met, as described in Meeting Filr Certificate Requirements on Windows 7.
Configuring Windows to use a self-signed certificate with OpenText Filr is a two-step process. The first step is accomplished by the Filr administrator on the Filr server, and the second step is accomplished by each Filr user on his or her Windows workstation.
Ensure that the following prerequisites are met in order to configure Windows to use a self-signed certificate with Filr:
The self-signed server certificate must be issued to a name that exactly matches the domain name of the URL that you use it for. This means that it must match the URL of your Filr site.
The date range for the trusted server certificate must be valid. You cannot use an expired server certificate.
Each Windows 7 workstation user must import the self-signed certificate of the Filr server into the Trusted Root Certification Authorities store.
In a controlled corporate environment where the system administrator sets up each client workstation before use, this certificate can be preinstalled on each Windows 7 workstation. This can minimize end-user error and frustration.
Launch the Internet Explorer browser.
Click Tools > Internet Options to display the Internet Options dialog box.
Click the Security tab, then select Trusted sites.
Click Sites.
In the Add this website to the zone field, specify the URL of the Filr web site, then click Add > Close.
Browse to your Filr site.
(Conditional) If a prompt displays indicating that there is a problem with this web site’s security certificate, complete the following steps:
Click Continue to this website (not recommended).
Click Certificate Error at the right of the address bar, then click View certificates.
Click Install Certificate, then click Next in the wizard.
Select Place all certificates in the following store.
Click Browse, browse to and select Trusted Root Certification Authorities, then click OK.
In the wizard, click Next, then click Finish.
(Conditional) If a Security Warning dialog box displays, click Yes.
Click OK to close the Certificate Import Wizard.
Click OK to close the Certificate window.
Shut down all instances of the Internet Explorer browser, then restart the browser.
Browse to the Filr site. You should no longer see the certificate error message.
If you continue to see the certificate error message, the server’s self-signed certificate might not match the site URL, as described in Administrator Configuration Responsibilities.
Each Windows 10 workstation user must import the self-signed certificate of the Filr server into the Trusted Root Certification Authorities store.
In a controlled corporate environment where the system administrator sets up each client workstation before use, this certificate can be preinstalled on each Windows 10 workstation. This can minimize end-user error and frustration.
On the workstation, click Start > Run, then enter mmc and click OK.
In the Console, click File > Add/Remove Snap-in
In the Add or Remove Snap-ins window, select Certificates in left panel and click Add to move to right panel, then click OK.
Select Computer account and click Next.
Select the Local computer option, then click Finish.
Click OK.
To import trusted certificate, expand Certificates. Right-click Personal > All tasks > Import.
In the Certificate Import Wizard, click Next.
Click Browse to select the self-signed_cert.crt certificate file and click Next.
For more about self-signed certificate, see Exporting a Self-Signed Certificate.
Select Place all certificates in the following store and click Next.
Click Finish to import the certificate.
Click OK.
Browse to the Filr site. You should no longer see the certificate error message.
If you continue to see the certificate error message, the server’s self-signed certificate might not match the site URL, as described in Administrator Configuration Responsibilities.
You can modify the Windows registry to allow Basic authentication to WebDAV over an HTTP connection. This registry change allows users to use Microsoft Office 2007 on the Windows 7 operating system, but does not allow them to use Microsoft Office 2010. Microsoft Office 2010 is not supported with Basic Authentication over an HTTP connection.
To modify the Windows registry:
On each Windows 7 workstation, click Start > Run, then specify regedit in the Open field.
Click OK.
In the Registry Editor window, navigate to the following registry entry:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\WebClient\Parameters\BasicAuthLevel
Change the value of this registry entry to 2.
Navigate to the Services interface, then restart the WebClient service.