Step-up authentication provides different
authentication levels for pages and portlets. The Remember me cookie is an
encrypted HTTP cookie that supports authentication.
The Remember me cookie does not extend the Portal
Personalization feature to the public area. When the Remember me cookie
identifies a user in a public area, the user is still considered anonymous from
an access control point of view.
Step-up authentication requires the LtpaToken2 for
single sign-on.
The Remember me cookie does not extend the Portal
Personalization feature to the public area. When the Remember me cookie
identifies a user in a public area, the user is still considered anonymous from
an access control point of view.
Before
setting authentication levels (By Default)
In IBM WebSphere Admin Console, go to Security >
Global security > Web and SIP security > Single sign-on (SSO). Enable
Interoperability Mode and Web inbound
security attribute propagation.
Enable
Remember Me Cookie Only
- Go to wp_profile_root/ConfigEngine/properties/wkplc.properties, change value of enable_rememberme to empty value
enable_rememberme=true
to
enable_rememberme=
- In wkplc.properties,change value for the following parameters:
sua_user
The key that is used to
encrypt the Cookie information. The value
does not need to match to a real user.
sua_user=
to
sua_user=samplerememberuser
sua_serversecret_password
The encryption key for the
information used in the RememberMe cookie, which is part of the step-up
authentication. This does not need to be an existing password.
sua_serversecret_password=
to
sua_serversecret_password=samplerememberpassword
- Run The following Command
ConfigEngine.bat enable-rememberme -DWasPassword=password
- Restart the Portal server.
- Login to Portal server,you will see remember me option.
- Logout and Login again.
Enable step-up authentication only
- Go to wp_profile_root/ConfigEngine/properties/wkplc.properties, change value of enable_rememberme to false
enable_rememberme=true
to
enable_rememberme=false
- Run The following Command
ConfigEngine.bat enable-stepup-authentication
- Restart the Portal Server
- Now Resource Permission of pages and portlets has additional authentication levels:
Set the Authentication Level to Standard if you want anonymous and identified users to view the page or
portlet. The Standard level has the following
two states that are based on the access control setting for the page or portlet:
- If anonymous users have access to the page or portlet, no authentication is required.
- If only authenticated users have access to the page or portlet, authentication is required.
Authenticated
Set
the Authentication Level to Authenticated if you want anonymous and identified users to log in to view the page or
portlet.
Enable Both step-up
authentication and Remember me
- Go to wp_profile_root/ConfigEngine/properties/wkplc.properties, change value of enable_rememberme to true
enable_rememberme=
to
enable_rememberme=true
- In wkplc.properties,change value for the following parameters:
The key that is used to
encrypt the Cookie information. The value
does not need to match to a real user.
sua_user=
to
sua_user=samplerememberuser
sua_serversecret_password
The encryption key for the
information used in the RememberMe cookie, which is part of the step-up
authentication. This does not need to be an existing password.
sua_serversecret_password=
to
sua_serversecret_password=samplerememberpassword
- run The following Command
ConfigEngine.bat enable-stepup-authentication
- In IBM WebSphere Admin Console,Click Resources > Resource Environment > Resource Environment Providers. > WP RememberMeConfigService .Create a custom property j2eeAuthenticate and value is true.
- Restart the Portal Server
- Login to Portal server,you will see remember me option.
- Logout and Login again.
- Now Resource Permission of pages and portlets has additional authentication levels (Standard,Identified,Authenticated )
Identified
Set the Authentication Level
to Identified if you want to control whether content is displayed to an
unauthenticated user based on the existence of a persistent HTTP cookie. This option
is intended for pages and portlets that are visible to anonymous users. An
example is the Remember me on this computer option during login. This option
generates the com.ibm.portal.RememberMe
cookie.If a user previously authenticated to WebSphere Portal and then returns
with the com.ibm.portal.RememberMe
cookie, the user is "identified" and the content displays. If a user
attempts to access WebSphere Portal without the com.ibm.portal.RememberMe cookie, the user is asked to authenticate
before the content is displayed.
CAUTION:
Do not set the Access level to identified for the
Login portlet. This action causes problems when a user logs in to WebSphere
Portal.
- I have created a page called test,with friendly url :testpage. I have set authencation level to identified.
- Since you checked rememberme option,now you can login into the page directly with out entering crendential.
http://wpportal85.sample.com:10039/wps/myportal/Home/testpage
It is very nice & useful.And also very informative article ,I also get some information from
ReplyDeleteAgility Insight