Step-up authentication provides different
authentication levels for pages and portlets. The Remember me cookie is an
encrypted HTTP cookie that supports authentication.
The Remember me cookie does not extend the Portal
Personalization feature to the public area. When the Remember me cookie
identifies a user in a public area, the user is still considered anonymous from
an access control point of view.
Step-up authentication requires the LtpaToken2 for
single sign-on.
The Remember me cookie does not extend the Portal
Personalization feature to the public area. When the Remember me cookie
identifies a user in a public area, the user is still considered anonymous from
an access control point of view.
Before
setting authentication levels (By Default)
In IBM WebSphere Admin Console, go to Security >
Global security > Web and SIP security > Single sign-on (SSO). Enable
Interoperability Mode and Web inbound
security attribute propagation.
Enable
Remember Me Cookie Only
- Go to wp_profile_root/ConfigEngine/properties/wkplc.properties,
change value of enable_rememberme to
empty value
enable_rememberme=true
to
enable_rememberme=
- In wkplc.properties,change value
for the following parameters:
sua_user
The key that is used to
encrypt the Cookie information. The value
does not need to match to a real user.
sua_user=
to
sua_user=samplerememberuser
sua_serversecret_password
The encryption key for the
information used in the RememberMe cookie, which is part of the step-up
authentication. This does not need to be an existing password.
sua_serversecret_password=
to
sua_serversecret_password=samplerememberpassword
- Run The following Command
ConfigEngine.bat enable-rememberme -DWasPassword=password
- Restart the Portal server.
- Login
to Portal server,you will see remember me option.
Enable step-up authentication only
- Go to wp_profile_root/ConfigEngine/properties/wkplc.properties,
change value of enable_rememberme to
false
enable_rememberme=true
to
enable_rememberme=false
- Run The
following Command
ConfigEngine.bat enable-stepup-authentication
- Restart the Portal Server
- Now Resource Permission of pages and portlets has
additional authentication levels:
Standard
Set the Authentication Level to Standard if you want anonymous and identified users to view the page or
portlet. The Standard level has the following
two states that are based on the access control setting for the page or portlet:
- If anonymous users have access to the page or
portlet, no authentication
is required.
- If only authenticated users have access to the page
or portlet, authentication
is required.
Authenticated
Set
the Authentication Level to Authenticated if you want anonymous and identified users to log in to view the page or
portlet.
Enable Both step-up
authentication and Remember me
- Go to wp_profile_root/ConfigEngine/properties/wkplc.properties,
change value of enable_rememberme to
true
enable_rememberme=
to
enable_rememberme=true
- In wkplc.properties,change value
for the following parameters:
sua_user
The key that is used to
encrypt the Cookie information. The value
does not need to match to a real user.
sua_user=
to
sua_user=samplerememberuser
sua_serversecret_password
The encryption key for the
information used in the RememberMe cookie, which is part of the step-up
authentication. This does not need to be an existing password.
sua_serversecret_password=
to
sua_serversecret_password=samplerememberpassword
- run The
following Command
ConfigEngine.bat enable-stepup-authentication
- In IBM WebSphere Admin Console,Click Resources > Resource Environment > Resource Environment Providers. > WP RememberMeConfigService .Create a custom property j2eeAuthenticate and value is true.
- Restart the Portal Server
- Login to Portal server,you
will see remember me option.
- Now Resource Permission of pages and portlets has
additional authentication levels (Standard,Identified,Authenticated )
Identified
Set the Authentication Level
to Identified if you want to control whether content is displayed to an
unauthenticated user based on the existence of a persistent HTTP cookie. This option
is intended for pages and portlets that are visible to anonymous users. An
example is the Remember me on this computer option during login. This option
generates the com.ibm.portal.RememberMe
cookie.If a user previously authenticated to WebSphere Portal and then returns
with the com.ibm.portal.RememberMe
cookie, the user is "identified" and the content displays. If a user
attempts to access WebSphere Portal without the com.ibm.portal.RememberMe cookie, the user is asked to authenticate
before the content is displayed.
CAUTION:
Do not set the Access level to identified for the
Login portlet. This action causes problems when a user logs in to WebSphere
Portal.
- I have created a page
called test,with friendly url :testpage. I have set authencation level to identified.
- Since you checked rememberme option,now you can login
into the page directly with out entering crendential.
http://wpportal85.sample.com:10039/wps/myportal/Home/testpage