Sun Java System Portal Server 6 2004Q2 Desktop Customization Guide |
Chapter 8
Customizing the Anonymous DesktopThis chapter describes customizations you can make for the anonymous Desktop. This chapter contains the following sections:
When you install the sample portal, a copy of the anonymous Desktop display profile is located in the portal-server-install-root/SUNWps/samples/desktop/dp-anon.xml file, with the support files located in the /etc/opt/SUNWps/desktop/anonymous directory.
Configuring Anonymous AuthenticationSun Java System Portal Server software supports two methods for implementing anonymous authentication:
When you install Portal Server software, by default the installation program enables anonymous authentication to the Desktop of the default organization using the Authentication-less User ID attributes. To implement this feature, the installation program creates a user account, authlessanonymous, and sets up access for this user within the following two Desktop Services global attributes:
This section describes how to enable and disable both types of anonymous authentication. See the Administering Users And Services chapter in the Portal Server Administration Guide for more information on enabling and disabling anonymous authentication.
To Enable Anonymous Log In
- Log in to the Sun Java System Identity Server software administration console as administrator.
- Register the Anonymous service for the selected organization and create its template.
- Add Anonymous to the Authentication menu in the Core service (for the selected organization).
- Create the anonymous user account for the selected organization.
To Disable Anonymous Log In
- Log in to the Identity Server software administration console as administrator.
- Unregister the Anonymous service for the selected organization.
- Remove Anonymous from the Authentication menu in the Core service (for the selected organization).
- Remove the anonymous user account for the selected organization.
To Enable Authentication-less (authlessanonymous) Log In
- Log in to the Identity Server software administration console as administrator.
- Create the auhthlessanonymous account with a password of authlessanonymous for the selected organization.
- Select the Service Configuration tab.
- Click on the Desktop node.
The Desktop attributes page appears in the data pane.
- Add the following value to the Authorized Authentication-less user IDs attribute:
uid=authlessanonymous,ou=People,dc=organization|authlessanonymous
Substitute the appropriate organization name for organization.
- Set the Default Authentication-less user ID attribute to the following:
uid=authlessanonymous,ou=People,dc=organization
Substitute the appropriate organization name for organization.
- Log out from the Identity Server software administration console.
- Verify that authentication-less authentication works. That is, close all current browsers and start a new browser with the following URL:
http://hostname:port/portal/dt
To Disable Authentication-less (authlessanonymous) Log In
By default, the sample portal is registered for Authentication-less (authlessanonymous) authentication. This is different from Anonymous authentication, which the sample portal, by default, is not registered for. The Anonymous Desktop uses Portal Server software for authentication; the Authless Desktop does not pass through the authentication process at all and is handled internally in the Desktop servlet.
To disable authentication-less log in:
- Log in to the Identity Server software administration console as administrator.
- Select the Service Configuration tab.
- Click on the Desktop node.
The Desktop attributes page is displayed in the data pane.
- Remove the value(s) from the Authorized Authentication-less user IDs attribute.
- Remove the value from the Default Authentication-less user ID attribute so that it is blank.
- Log out from the Identity Server software administration console.
- Verify that you cannot reach the Anonymous Desktop. That is, close all current browsers and start a new browser with the following URL:
http://hostname:port/portal/dt
Accessing the Anonymous DesktopTo Access the Anonymous Desktop through the Identity Server Host Name (obj.conf File)
To enable users to access the Anonymous Desktop without typing the fully qualified domain name, you need to modify the Web-Container-Instance/config/obj.conf file.
For authentication-less (authlessanonymous):
NameTrans fn="redirect" from="/index.html" url="http://hostname:port/portal/dt?desktop.suid=uid=authlessanonymous,ou=Peop le,dc=organization"
For anonymous:
NameTrans fn="redirect" from="/index.html" url=http://hostname:port/amserver/login?org=organization&module=Anonymous
For a specific organization:
Make sure psservername is the fully qualified domain name of your Portal Server software host, and organization is the name of the appropriate Identity Server software organization.
To Access the Anonymous Desktop through the Portal Server Host Name (index.html File)
To access the Desktop login page using a URL in the following form http://psservername, add some JavaScript to the web server’s index.html file.
- Add the following Javascript to the index.html file.
<HTML>
<HEAD>
<SCRIPT>
document.location.href="/portal/dt?desktop.suid=uid=authlessano nymous,ou=People,dc=organization,dc=com" <-- for authless anonymous
</SCRIPT>
</HEAD>
</HTML>
This example assumes that /portal/dt is the user’s redirect URL.
- Verify that you can now access the Desktop by just typing the server name in the browser.
Disabling the Initial Identity Server Software Login Page and Always Use Anonymous Log InTo always use Anonymous Log In
- Log in to the Identity Server software administration console as administrator.
- Navigate to the default organization or sub-organization.
- Choose Services from the View menu.
- Click the Properties icon next to Core.
- For the Authentication Menu, make sure Anonymous is selected and deselect all other entries.
- Click Save.
- Create the anonymous user. With the desired organization selected, choose Users from the Show menu.
- Click New.
- Select the services for the anonymous user.
Typically, you select Desktop and NetMail.
- Type in the Create User screen with the following information.
- Click the create button to create the user.
When users type the URL to access the portal server in a browser, the anonymous Desktop comes up, bypassing the Identity Server software login page. This Desktop will have the login channel, where users can log in if desired.
Modifying the Anonymous Banner and Menu BarTo change the banner for the Anonymous Desktop, you need to modify the /etc/opt/SUNWps/desktop/anonymous/banner.template file. To modify the menu bar, you need to modify the /etc/opt/SUNWps/desktop/anonymous/menubar.template file.
To Change the Banner for the Anonymous Desktop
Replace [surl:/images/productName.jpg] with a reference to an alternate image. For example, if you use identity-server-install-root/SUNWam/public_html/images/newimage.gif, then use /images/newimage.gif as your replacement text. The [surl:] tag references image files from the Portal Server software web application archive. Your own custom images need to be placed elsewhere, so the [surl:] tag is not used.
Adding the Login Channel to the Anonymous Desktop of a Newly Created OrganizationThe default organization in the sample portal is configured with the login channel on the Anonymous Desktop. This enables new users who do not already have a membership user account to sign up for a membership user account. The login channel is also the only way a user can log in when anonymous is the sole authentication module selected.
As you add new organizations, you might want to set up the login channel on the Anonymous Desktop of the new organization.
To Add the Login Channel to the Anonymous Desktop of a Newly Created Organization
- Use the Identity Server software administration console to create the new organization (this example uses company22.com as the initial organization and sesta.com as the new one), register the appropriate services (Core, Membership, LDAP, Desktop, NetMail, User, and so on), create the service templates, and assign policies to execute Desktop and NetMail.
See the Portal Server Administration Guide for details.
Tip
Make sure that the Desktop policy contains the rule to execute the Desktop, and that in the Core service you add Membership to the Authentication Menu.
- In the Identity Server software administration console, choose Organizations from the View menu in the Identity Management tab.
- Navigate to the newly created organization.
- Create a user account for the authless session.
- Choose Users from the View menu then click New.
- Select Desktop and NetMail for services then click Next.
The Create User page opens in the data pane.
- Type values for the required fields. This example uses authlessanonymous as the user ID and authlessanonymous as the password.
- When done click Create.
The authlessanonymous user ID appears in the list of users.
- Add the authlessanonymous user ID to the list of authorized users for the global Desktop service.
- Choose Service Configuration tab.
- Click the Properties arrow icon next to Portal Desktop.
The Desktop attributes page opens in the data pane.
- Type the following for the Authorized Authentication-less User IDs attribute:
uid=authlessanonymous,ou=People,dc=sesta,dc=com|authlessanonymous
- Click Add.
- Click Save.
- Load the display profile for the organization by using the dpadmin command.
This example uses the dp-org.xml file as the display profile for the new organization, sesta.com.
/opt/SUNWps/bin/dpadmin add -u "uid=amAdmin,ou=People,dc=sesta,dc=com" -w password -d "dc=sesta,dc=com" /opt/SUNWps/samples/desktop/dp-org.xml
- Copy the sample anonymous display profile, dp-anon.xml, to a new file.
For example,
<Reference value="Login"/>
...
<String name="Login" value="1"/>
...
<String value="Login"/>
...
<Boolean name="Login" value="false"/>
...
<Channel name="Login" provider="LoginProvider">
You do not want to modify the sample dp-anon.xml file, as you may want to have it as a backup in case need it for reloading that for your default organization.
- Edit the dp-anon-sesta.xml display profile file to change every instance of the Login channel to LoginSesta.
The lines of the dp-anon-sesta.xml display profile to be changed look like this:
<Reference value="Login"/>
...
<String name="Login" value="1"/>
...
<String value="Login"/>
...
<Boolean name="Login" value="false"/>
...
<Channel name="Login" provider="LoginProvider">
- Load the anonymous display profile for the authless user ID by using the dpadmin command.
/opt/SUNWps/bin/dpadmin add -u "uid=amAdmin,ou=People,dc=sesta,dc=com" -w password -d "uid=authlessanonymous,ou=People,dc=sesta,dc=com" dp-anon-sesta.xml
- Create the channel templates for the new login channel.
- Change directories to the /etc/opt/SUNWps/desktop/desktoptype directory.
cd /etc/opt/SUNWps/desktop/desktoptype
- Copy the Login directory contents to a new directory, LoginSesta.
cp -r Login LoginSesta
- Change directories to the LoginSesta directory.
cd /etc/opt/SUNWps/desktop/desktoptype/LoginSesta
- Change the Form action value from /amserver/login to /amserver/login?org=sesta.com in all the display template files (display.html, display_AuthLDAP.html, and display_AuthUnix.html).
- Change the “Sign me up” URL from <A HREF=”/amserver/login?module...> to <A HREF=”amserver/login?org=sesta.com&module...> in all the display template files.
- Set the Desktop type for the authless user.
- In the Identity Server software administration console, select the newly created organization.
- Choose Users from the View menu.
- Click the Properties arrow icon next to the authlessanonymous user ID.
- Select Edit at the end of the Desktop line in the data pane.
- In the popup window, type anonymous in the Desktop Type field and select Customize in the drop-down menu next to the text field.
- Click Save.
- Access the authless anonymous Desktop for the new organization by typing the following URL:
http://psserver:port/portal/dt?desktop.suid=uid=authlessanonymous,ou=Pe ople,dc=sesta,dc=com
Modifying the Default Desktop (Container) for authlessanonymous UserTo change the default channel name for authlessanonymous user from JSPTabContainer to another container, for example, JSPTableContainer, perform the following:
To Change the Default Channel Name for Authlessanonymous User
- Log in to the administration console and select Users View for your organization.
- Select authlessanonymous and Portal Desktop from the View pull-down menu for authlessanonymous users.
- Select the Edit link.
- Change the Default Channel Name and select Customize from the pull-down menu.
- Select Save.
- Validate the change to the Desktop.