Part I Managing Sun Java System Portal Server

• Chapter 1, Understanding Portal Server Management

• Chapter 2, Managing Portals and Portal Server Instances

• Chapter 3, Managing Organizations, Roles, and Users

• Chapter 4, Managing the Portal Server Desktop

• Chapter 5, Web Services for Remote Portlets

• Chapter 6, Managing Portal Server End-User Behavior Tracking

• Chapter 7, Monitoring Portal Server Activity

• Chapter 8, Managing Portal Server Logging

• Chapter 9, Managing Portal Server Subscriptions

• Chapter 10, Managing the Portal Server Single Sign-On Adapter

Chapter 1 Understanding Portal Server Management

Portal Server administrators manage a variety of functions, including tasks for the following:

• Multiple portals and Portal Server instances

• The Desktop

• Search server

• Secure Remote Access server

• Single Sign-On (SSO) adapters

This chapter provides information about Portal Server components and the ways for managing a portal:

• Understanding Portal Server Components

• Using the Portal Server Management Console

• Using the Portal Server Administration Tag Library and Portlets

• Using the psadmin Command-line Interface

Understanding Portal Server Components

A Portal Server deployment has a number of components that affect portal administration. These components include the following:

• Common agent container – a standalone Java program that implements a container for Java management applications. For more information, see Solaris 10 What's New.

• Portal Administration Server – a management application that performs authentication and access control check for users accessing Portal Server MBeans. This server uses a JMX^TM interface and is implemented as a common agent container module. A portal administration server instance runs on each host that the Portal Server product is installed.

• Portal domain repository – a hierarchical data store that contains information about how Portal Server MBeans are organized. Some Portal Server MBeans also store configuration data in this repository. The default Portal domain repository is a subtree in the same LDAP server that Access Manager uses.

  On stand-alone Gateway installations, communicating with the LDAP server from the Gateway is prohibited. An additional Portal domain repository on the Gateway file system is used to contain only local Gateway MBeans information.

• Portal data store – Back-end storage, such as a relational database management system (RDBMS) or LDAP server, or in the File System, for configuration data and other Portal Server resources that facilitate content delivery by a portal.

• Portal Administrative MBeans – Loaded by Portal administration server in the common agent container server to perform portal administrative tasks.

• Portal administration command-line interface (psadmin) – Provides administrative tools for various Portal Server components. For more information, see Using the psadmin Command-line Interface.

• Portal management console (psconsole) – Provides a browser interface for administering various portal server resources. For more information, see Using the Portal Server Management Console.

• Monitoring MBeans – Help capture Portal Server runtime resource information. For more information, see Chapter 7, Monitoring Portal Server Activity

• Local File System Data – Portal data stored in the local file system. The data includes configuration files, provider-based templates and JSP^TM syntax files, resource bundle files, and customized provider-based Java classes.

For more information about Portal Server components, see the Sun Java^TM System Portal Server 7.1 Deployment Planning Guide.

Using the Portal Server Management Console

The Portal Server management console, which simplifies a variety of portal administration tasks, is a Java 2 Platform, Enterprise Edition (J2EE^TM) application that:

• Is accessible through a web browser

• Logs messages to a debug log according to configured debug level

• Logs setting changes that include name and value pairs

• Uses Java Management Extensions (JMX) technology to communicate with portal administrative MBeans in the Portal Administration Server to connect to the portal data store

The management console enables portal administrators to perform the following activities:

• Manage the Desktop and content delivery

• Track user behavior to help portal administrators diagnose, troubleshoot, and analyze issues related to end-user activities and how end users interact with various Portal Server components

• Obtain runtime statistics about Portal Server's Desktop and Secure Remote Access components

• Log information about Portal Server applications

About the Browser Interface

The management console's user interface arranges administration functions into pages. Across the top of each page is a tab strip. The tabs present pages that group management functions in an organized manner. To navigate from page to page, administrators click a tab. The tabs provided are the following:

• Common Tasks – Displays links that provide direct access to tasks that portal administrators frequently perform

• Portals – Lists deployed portals by their portal IDs so that portal administrators can select a specific portal

• Search Server – Lists names of specific search servers so that portal administrators can access pages for managing a specific search server

• Secure Remote Access – Allows portal administrators to manage how remote users securely access a portal and its services over the Internet

• SSO Adapter – Allows portal administrators to manage how end users gain authenticated access to applications after signing in once

Portal Server administrators can provide and limit access to content on a portal through the definitions of the identities of specific end users. You can set up portal pages, attributes and access policies so that portal content is available to specific entities. These entities include the following:

• A specific organization

• A specific suborganization

• A role

• An individual end-user

To Log In to the Management Console

Only administrators with SuperAdmin permission can access the Portal Server management console. Users access the Portal Server management console using a browser client from a distinct uniform resource identifier (URI).

1. Type this URL in your browser: http://hostname:port/psconsole

   hostname

   The name of the system that the management console is running on.

   port

   The management console's port number assigned during installation.

2. In the text boxes, type the Admin User Name and Password.

   The admin user should be a top-level administrator. A typical Admin User Name is amadmin.

3. Click the Log In button.

   The management console's Common Tasks page is displayed.

Using the Portal Server Administration Tag Library and Portlets

Portal Server provides an administration tag library for developing administration portlets that enable a portal to be managed from the Desktop instead of from the management console. Administrators can use this tag library to do the following:

• Modify out-of-the-box administration portlets

• Develop portlets with new administration functionality

• Support user management, provider management, and portlet and WSRP management tasks

• Create and administer channels that are based on JSPProvider

• Write custom administration portlets with a custom user interface

• Write administrative portlets to manage any custom channel

Administrators can use administration portlets to grant delegated administration status to other users, called delegated administrators. Portal Server provides a sample set of administration portlets that can be used to design a basic Desktop for delegated administrators.

For more information, see Sun Java System Portal Server 7.1 Developer Sample Guide and Tag Library for Delegated Administration.

Using the psadmin Command-line Interface

Portal Server software provides a command-line interface (CLI). The CLI allows portal administrators to do the following:

• Perform administrative tasks by typing commands using the keyboard

• Automate regularly recurring management tasks by incorporating them into scripts

The CLI offers a number of psadmin subcommands for managing portal tasks. These include subcommands for:

• Managing multiple portals and portal instances

• Deploying portal and portlet WAR files

• Managing the search server

• Managing Secure Remote Access server

• Managing monitoring

• Managing portal logging

Most subcommands commands are written specifically to mimic functions in the browser interface. For management functions that have no special commands, administrators use standard UNIX commands.

If you installed Portal Server on Sun Java System Web Server, you must start the Web Server administration server before you invoke psadmin commands.

For information about all psadmin subcommands, see the Sun Java System Portal Server 7.1 Command Line Reference.

Chapter 2 Managing Portals and Portal Server Instances

This chapter explains multiple portals and how to manage a portal and Portal Server instances. The topics provided include the following:

• Understanding Multiple Portals

• Setting Up Portals

• Setting Up Portal Server Instances

Understanding Multiple Portals

Multiple portals share the same user set. The features of multiple portals include the following:

• A portal is identified by a URL. For example: http://hr.xyz.com/portal or http://eng.xyz.com/portal

• Multiple portals share the same user repository — the same Access Manager and the Directory server. You use Access Manager to manage end users, and you do not need to synchronize end-user data in LDAP with any other repository. All related data related to end users resides in only one directory server.

• You can deploy multiple portals and Portal Server instances on one or more hosts. For example, one host may have two portal server instances serving content for one portal and three Portal Server instances serving another portal. Each Portal Server instance must run inside a different web container instance.

All portals share these components:

• Rewriter - Although this component is shared, you can define a different rule set for each portal.

• SSO Adapter - Although this component is shared, you can define a different adapter for each portal.

• All Secure Remote Access services

The following components have a one-to-one relationship with portals:

• Desktop - Each portal has an independent Desktop.

• Subscriptions - This is configured differently per portal.

• WSRP - Producer and Consumer - Independent set of Producers and Configured Producers for each portal.

Search can have a many-to-many relationship with portals:

• One portal can use one search server.

• Many portals can use a single search server.

• Each portal can use more than one search server.

End users see different content for different portals and can customize the each portal's Desktop. Single sign-on between portals is possible. An end user who has access to two portals at a corporation would typically experience the following sequence:

• Types in a URL for Portal One and authenticates using the corporate identify.

• Views personalized content on Portal One.

• Types in a URL for Portal Two without needing to provide authentication.

• Views personalized content on Portal Two.

Portals that use different Access Managers are not multiple portals. They are independent and unrelated portals, each with its own set of users.

Access Manger can be a collection of its own instances, all using the same set of Directory Server instances. Different Access Managers are two unrelated Access Managers, not different instances of the same Access Manager.

Setting Up Portals

A portal consists of one or more portal server instances that deliver the same content and are mapped to a single Uniform Resource Locator (URL). The content and services delivered by a portal are common to all its instances.

Multiple portals share the same user set. These portals can be deployed on one or more hosts, but they all share the same user repository — the same Access Manager and the Directory server.

Portals that use different Access Managers are not multiple portals. They are independent and unrelated portals, each with its own set of users.

Access Manger can be a collection of its own instances, all using the same set of Directory Server instances. Different Access Managers are two unrelated Access Managers, not different instances of the same Access Manager.

This section explains how to complete the following tasks:

• To List Portals

• To Create a Portal

• To Delete a Portal

• To Export Portal Data

• To Import Portal Data to a Portal

To List Portals

You can view a list of Portal Servers that are already set up.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

Equivalent psadmin Command

psadmin list-portals

To Create a Portal

During Portal Server installation, a default portal named portal1 is created. You can also create a new portal server using the Create Portal wizard.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Click the New Portal button to launch the wizard.

4. Provide a unique name for the Portal Server, for example, portal5.

5. Type a URI that enables end users to access the Portal Server, for example, /portal.

6. Select a web container type.

   The available types are the following:

   • Sun Java^TM System Web Server 6.0

   • Sun Java System Web Server 7.x

   • Sun Java System Application Server 8.x

   • BEA WebLogic 8.1SP4/SP5

   • IBM WebSphere 5.1.1.6

7. (Optional) Change the default web container instance properties.

   For information, see Creating a New Portal in Sun Java System Portal Server 7.1 Configuration Guide.

8. Verify the information you supplied.

9. Click Finish to create the new portal.

10. (Optional) View the log file to monitor the process.

    1. Log in to the machine where portal is to be created.

    2. Run the psdadmin set-logger command.

       ./psadmin set-logger -u uid -f password -m component-type -O logger-name

Equivalent psadmin Command

psadmin create-portal

Templates for webcontainer.properties for supported web containers are in the portal-install-dir/template directory.

To Delete a Portal

You can delete all existing instances of a portal on all hosts and clean up the portal's data in the Access Manager LDAP directory.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. From the list of portals, select the portal you want to remove, and click the Delete Portal button.

Equivalent psadmin Command

psadmin delete-portal

To Export Portal Data

You can archive the following portal data in a par file:

• Data stored in the Access Manager directory

• Desktop file system files, located by default in the /var/opt/SUNWportal/portals/portal-id/desktop directory

• Desktop customized classes, located by default in the /var/opt/SUNWportal/portals/portal-id/desktop/classes directory

• Portal Server web applications, located by default in the /var/opt/SUNWportal/portals/portal-id/war directory

• Portal Server web source data, located by default in the /var/opt/SUNWportal/portals/portal-id/web-src directory

After you archive data, you can import the data to the same portal or to a different portal. To export a portal from psconsole:

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal from the table.

4. Click the Export button.

5. Specify the par file location on the Portal Server machine and what you want to export:

   • All Desktop data — the exported par includes file system data and display profile data

   • File system data only — the exported par file includes only the desktop file system data, which is data deployed into the portal desktop and portal web-src

   • Display profile data only — the exported par includes only display profile data

Equivalent psadmin Command

psadmin export

This command does not support user data in the Directory Server.

To Import Portal Data to a Portal

You can import into any portal any portal data that you previously exported.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal from the table.

   The Import Desktop Data page appears.

4. Click the Import button and specify the following:

   • The par file path for the imported data. The par file must be located on the Portal Server system.

   • Whether to continue if the storage structure of the portal does not match the archived file you want to import.

5. Redeploy the portal web applications.

   1. Schedule a time to run the psadmin redeploy command.

      Plan to do this step off hours or in system maintenance mode, when your system is not in production. This action redeploys the portal war file, and it logs out users who are running a Desktop, causing them to lose their work.

   2. Run the psadmin redeploy command.

      psadmin redeploy -u amadmin -f passwordfile -p portalID --allwebapps

Equivalent psadmin Command

psadmin import

This command does not support user data in the Directory Server.

Setting Up Portal Server Instances

A Portal Server instance is a web application deployed to a web container. An instance uses a particular Portal Server context URI to serve requests on a specific network port. Each Portal Server instance is associated with a single Portal.

A server instance listens on a particular port, bound to either one IP address or any IP address of the host. For the Portal Server, a server instance corresponds to a deployment container process listening on a port and running a single Java™ Virtual Machine (JVM™ software).

Sun Java™ System Web Server and Sun Java™ System Application Server support multiple instances.

This section explains how to complete the following tasks:

• To List Portal Server Instances

• To Create a Portal Server Instance

• To Delete a Portal Server Instance

To List Portal Server Instances

You can view a list of Portal Server instances that are already set up.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Click the name of Portal Server from the table.

4. Select the Server Instances tab.

   The table displays all the instances of the Portal Server you selected.

Equivalent psadmin Command

psadmin list-portals

To Create a Portal Server Instance

Before You Begin

• Create a new instance for an existing Portal Server on your web container instance.

• Start the web container instance.

• Start the administration server of the web container.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select the name of a Portal Server.

4. Select the Server Instances tab.

5. Click on the New Instance button to launch the wizard.

6. Provide the name of the portal identifier.

7. Select a web container type.

   The available types are the following:

   • Sun Java System Web Server 7

   • Sun Java System Application Server 8.2

   • BEA WebLogic 8.1SP4

   • IBM WebSphere 5.1.1.6

8. (Optional) Change the default web container instance properties.

   For information, see Creating a Portal on the Same Node in Sun Java System Portal Server 7.1 Configuration Guide.

9. Verify the information you supplied, and click Finish to create the new portal instance.

   A progress bar displays the status of this procedure. When the procedure is complete, a results page is provided.

10. Click Finish to create your new portal instance.

Equivalent psadmin Command

psadmin create-instance

To Delete a Portal Server Instance

You can delete an instance of a Portal Server.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select the name of a Portal Server.

4. Select the Server Instances tab.

5. From the table, select the instance you want to remove.

6. Click Delete Instance button.

Equivalent psadmin Command

psadmin delete-instance

Chapter 3 Managing Organizations, Roles, and Users

Portal Server administrators can provide and limit access to content on a portal through the definitions of the identities of specific end users. You can set up portal pages, attributes and access policies so that portal content is available to specific entities. These entities include the following:

• A specific organization

• A specific suborganization

• A role

• An individual end-user

To manage organizations, roles, and end-users, Portal Server administrators must use both the Portal Server management console and the Sun Java^TM System Access Manager console. This chapter explains how Portal Server administrators can do this using Access Manager. This chapter provides the following topics:

• Understanding How to Use Access Manager With Portal Server

• Creating New Organizations for Portal Server

• Navigating to Specific Nodes

This chapter explains how to use Access Manager that is installed and configured to support Legacy Mode. For information about Legacy Mode and Realm Mode, see the Sun Java System Access Manager Administration Guide

Understanding How to Use Access Manager With Portal Server

Portal Server uses Sun Java System Access Manager services to manage attributes that are specific to Portal Server end users and applications. You must use the Access Manager console to manage tasks related to identity.

To control who has access to a portal site, Portal Server administrators must use the following tools:

• The Portal Server management console is a browser interface that allows administrators to manage the following:

  • Portals and portal instances

  • Search

  • Remote access

  • Single sign-on

  • Display profile documents

  • Containers and channels

• The Sun Java System Access Manager console is a browser interface that allows administrators with different levels of access to do the following:

  • Create and remove realms and organizations

  • Create and delete users to and from those organizations

  • Manage services

  • Set up enforcement policies that protect and limit access to organization resources

Portal Server administrators must use Access Manager to perform the following tasks:

• Manage identity-based objects, including users, roles, and organizations, to administer and assign appropriate access to users according to roles they have within organizations or suborganizations

• Delegate administrative functions to specific end users by authorizing the end users to administer organizations, suborganizations, users, policy, roles, and channels

Access Manager uses the lightweight directory access protocol (LDAP).

For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.

Creating New Organizations for Portal Server

New organizations inherit services that are registered at the top-level Access Manager organization. Typical services that new organizations inherit include the following:

• Access Manager Configuration

  • Authentication Configuration

• Authentication Modules

  • Core

  • LDAP

  • Policy configuration

New organizations use LDAP authentication, and LDAP service settings are inherited from the corresponding global service.

For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.

To Create a New Organization to Use with Portal Server

1. Log in to the Access Manager console.

   For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.

2. Under Identity Management, select Organizations from the View menu.

3. Click New to create a new organization.

4. Specify the organization attributes.

   For example:

   Name

   TestOrganization

   Organization Aliases

   TestOrganization

5. Click OK.

To Access a New Organization

Type this URL in your browser:

http://host:port/amserver/UI/Login?org=organizationalias

host

The name of the system that the console is running on.

port

The console's port number assigned during installation.

organizationalias

The value assigned to the Organization Alias attribute field.

Adding Portal Services to Organizations

Before the Portal is accessible, you must add several services to an organization. The services that you must add to the organization include the following:

• Portal Server configuration

  • portalID Desktop

  • portalID Subscriptions

  • SSO Adapter

  • portalID WSRP Consumer

• Mobile Application configuration

  • Mobile Address Book

  • Mobile Calendar

  • Mobile Mail

Optional services that you can add include the following:

• Secure Remote Access configuration

  • Access List

  • NetFile

  • Netlet

  • Proxylet

To Add Portal Services to an Organization

Portal requires several services to be added to an organization before the Portal Server is accessible to the organization. After you add Portal services to the organization, use the Portal Server management console to administer Portal Server settings.

1. Log in to the Access Manager console.

   For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.

2. Under Identity Management, select Organizations from the View menu.

3. Click your organization.

   For example: TestOrganization

4. In the View menu for the organization, select Services.

5. Click Add.

6. Select the following services, if they are available in your deployment:

   • Mobile Application Configuration

     • Mobile Address Book

     • Mobile Calendar

     • Mobile Fax

     • Mobile Mail

   • Portal Server Configuration

     • portalID Desktop

     • portalID Subscriptions

     • SSO Adapter

   • Remote Portlets (WSRP)

     • portalID WSRP Consumer

   • Secure Remote Access Configuration

     • Access List

     • NetFile

     • Netlet

     • Proxylet

7. Click OK.

To Specify Required Portal Services for New Users

After you add all of the Portal services to an organization, you must use the Access Manager console to add the services to newly created end-users so that they can access the Portal Desktop and whatever Portal services they need.

The Access Manager Administration service allows you to specify which services are dynamically added to end-user entries when they are created. If your Portal deployment allows users to be created, such as a "Sign-Me Up" feature, specify the Required Services setting in the Access Manager console for your organization.

Before You Begin

Add Portal services to the organization. See Adding Portal Services to Organizations.

1. Log in to the Access Manager console.

   For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.

2. Add the Administration Service.

   1. Under Identity Management, select Organizations from the View menu.

   2. Click your organization.

      For example: TestOrganization

   3. In the View menu for the organization, select Services.

   4. Click Add.

   5. Select the Administration service and Click OK.

3. Specify the setting for Administration Service Required Services.

   This setting specifies whether to assign all services in the required services list to a new end user.

   1. Select the Administration service setting.

   2. For the Required Services setting, specify the following services:

      • SunPortalportalIDDesktopService

      • SunPortalportalIDSubscriptionsService

      • SunMobileAppABService

      • SunMobileAppCalendarService

      • SunMobileAppMailService

      • SunSSOAdapterService

   3. Click Save.

4. Log out of the Access Manager console.

Navigating to Specific Nodes

Portal Server uses Access Manager services to store application and user-specific attributes. To enable you to administer portal-related functions for an LDAP directory node (DN), the Portal Server management console provides details about the DN in a location bar, a horizontal strip below the row of tabs.

The location bar enables you to do the following:

• Identify the currently selected node

• View up to 10 organization DNs

• Change to another directory name

A directory name can be a organization, role, or user name.

Understanding the Location Bar

The location bar provides the following functions:

• Select DN – Use this drop-down menu to display the following directory node types:

  • Default organizations defined when Portal Server was installed.

  • Nodes that administrators set up using the Add DNs button.

• Selected DN – Identifies which DN is currently chosen.

• Enter DN – Enables you to go to any DN that is already defined by typing in its full name.

To Set a New Directory Node

You can select a new DN without adding it to the location bar.

1. Log in to the Portal Server management console.

2. Select the Add button next to the location bar.

3. Select the name of the DN using one of the following methods:

   • Select a DN listed in the window.

   • Use the Search utility:

     1. Type the search string.

        You can use wildcard characters.

        Search results are displayed by short name and corresponding directory node.

     2. Click the Search button.

4. Click the Set Current DN button.

   The window closes, and the Selected DN field displays the new directory node. The directory node is not added to the location bar selections.

To Add a Directory Node to Location Bar Selections

When you add a directory node to the location bar menu, it is stored as a cookie so that the directory node is available in the same browser across sessions.

1. Log in to the Portal Server management console.

2. Select the name of the DN using one of the following methods:

   • Using the Add button:

     1. Click the Add button next to the Select DN menu.

        The Add to DNs List pop-up window opens and displays a list of available directory nodes.

     2. Select the desired DN.

   • Using the Search utility:

     1. Use the Search menu to select the object type.

     2. Type the Search string.

        You can use wildcard characters.

        Search results are displayed by short name and corresponding DN.

     3. Select the desired DN.

3. Select the name of the directory node.

4. (Optional) Edit the short name field to change the name that the directory node in the drop-down menu displays.

5. Click the Add button.

   The directory node is added to the Select DN menu.

To Remove a Directory Node From Location Bar Selections

You can delete a directory node from the drop-down list displayed in the location bar. The directory node itself is not removed. To remove a directory name from the LDAP database, you must use Access Manager.

You cannot remove default organizations that were defined during installation.

1. Log in to the Portal Server management console.

2. From the Select DN drop-down menu, select the DN that you want to delete.

3. Click the Delete button next to the Select DN drop-down menu button.

   The selected directory node is removed.

To Display Information for a Directory Node

1. Log in to the Portal Server management console.

2. Display information about a directory node using one of the following methods:

   • Type the name of the directory node in the Enter DN text box, and click the Go button.

   • Select the name of the directory node from the Select DN menu.

Chapter 4 Managing the Portal Server Desktop

This chapter describes the Sun Java^TM System Portal Server Desktop and how to manage it.

• Understanding Portal Server Desktop Management

• Managing Portal Server Desktop Content

• Managing Desktop Attributes

• Administering the Display Profile

Understanding Portal Server Desktop Management

This section describes the key components of Portal Server desktop. The following topics are discussed:

• Understanding the Display Profile

• Understanding Desktop Attributes

Understanding the Display Profile

While installing Portal Server, you create an initial organization. The installer then imports the display profile global level document, and the default organization display profile, based on the input parameters you specify.

After that, each time you create a new organization, suborganization, or role, the display profile is not automatically loaded. However, the new organization, suborganization, or role inherits the display profile defined from its parent. If there are specific entries to the newly created organization, suborganization, or role, you must manually load the display profile.

The display profile creates the display configuration for the standard Desktop by defining the following three items:

Provider definition

Specifies the name and the Java class for the provider. A provider is a template used to generate content, which is displayed in the channel.

Channel definition

Specifies the run time configuration of an instance of the provider class. A channel is a unit of content, often arranged in rows and columns. You can also have channels of channels, called container channels.

Provider and channel property definitions

Specify the values for provider and channel properties. Properties defined in a provider usually specify default values for the channels that are derived from the provider. The display configurations for the channels include properties such as the title, description, channel width, and so on. The properties defined in the channel usually specify the specific value for that channel that is different from the default value.

Container properties define the display definition about how to display the contained channels in the container, including: the layout of the container (thin-wide, wide-thin, or thin-wide-thin); a list of the contained channels; the position of the channel (the row and column number); and the window state of the contained channels (minimized or detached).

The display profile exists only to provide property values for channels. It does not actually define the overall layout or organization of what users see on their Desktops. However, the display profile does indirectly control some aspects of channel presentation, such as column layout for a table container or how the table container draws channels in a table.

The system reports errors when you try to save a display profile document containing invalid XML. The error messages appear as a title, a message, and a sub-message. The title of the message box is “Invalid XML document.” The message appears as one of the following:

• Failed to parse XML...

• Missing doctype in the XML

• Failed to sore DP...

• Invalid XML input...

If you receive an “Invalid XML document” error, you must correct the error to be able to save the XML document.

The display document syntax is as follows:

<?xml version="1.0" encoding="utf-8" standalone="no"?>
<DOCTYPE DisplayProfile SYSTEM " jar://resources/psdp.dtd">

<DisplayProfile version="1.0" priority="xxx">
	<Properties>
	...
	</Properties>
	</Channels>
	...
	</Channels>
	<Providers>
	...
	</Providers>
</DisplayProfile>

Understanding Desktop Attributes

The Desktop merges all documents in a user's display profile merger set and uses the result to configure the user's desktop. A display profile merger set consists of all the display profile documents associated with a user. Display profiles are defined at different levels in the Portal Server organization tree. Display profile documents from the various levels of the tree are merged or combined to create the user's display profile.

For example, the user's display profile document is merged with the role display profile documents (if any), the organization's display profile document, and the global display profile document to form the user's display profile.

The Desktop display profile and other configuration data are defined as service attributes such as parent container, desktop type and edit container of the portal Desktop service under the Sun Java System Access Manager service management framework. When an organization adds for the Portal Desktop service from the Sun Java System Access Manager management console, all users within the organization inherit the Portal Desktop service attributes in their user profiles. These attributes are queried by the Portal Desktop to determine how information will be aggregated and presented in the Portal Desktop.

See Managing Desktop Attributes

Managing Portal Server Desktop Content

This section discusses how to manage the desktop content. For more information on the desktop, see Understanding the Standard Desktop in Sun Java System Portal Server 7 Technical Overview.

• Administering Portlets

• Managing Channels and Containers

Administering Portlets

This section describes how to deploy and undeploy portlets, and how to modify portlet preferences.

Portlets are web applications that process requests and generate content within the context of a portal. Portlets are managed by the Portlet Container (an implementation of the Portlet Specification as defined by the JSR 168 Expert Group).

A portlet can only be deployed on a selected DN node once. If a portlet has already been deployed on the same DN node, you should undeploy the portlet and deploy it. If your require a portlet to be on multiple sub organizations or roles, then deploy the portlet on the portal global DN or the parent organization.

• To Deploy a Portlet

• To Undeploy a Portlet

• To Modify Portlet Preferences

To Deploy a Portlet

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. From the Select DN drop-down menu, select any DN.

5. Click Deploy Portlet to start the wizard.

   1. Ensure the selected portal and selected DN are the ones where you want to deploy the portlet, and click Next.

   2. Specify a portlet war file, the roles file, and the users file.

      ---

      Note –

      The roles file and the users files are optional. The war file, the roles file, and the users file can be located either on the local machine, or on the remote portal server system.

      ---

   3. Select the button for either the local system or the remote portal server system.

      • If the upload file is from the local machine, use the browse dialog box to select the file from the local machine.

      • If the upload file is from a remote portal server system, use the file chooser dialog to choose a file from the remote machine

   4. Verify the information provided, and click Next.

   5. An information page appears when the portlet is deployed.

6. Follow the instructions to deploy a portlet.

Equivalent psadmin Command

psadmin deploy-portlet

To Undeploy a Portlet

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. From the Select DN drop-down menu, select any DN.

5. Click Undeploy Portlet to launch the wizard.

6. Modify the configuration attributes as necessary.

7. Click Undeploy to record the changes.

Equivalent psadmin Command

psadmin undeploy-portlet

To Modify Portlet Preferences

1. Log in to the Portal Server management console.

2. Click the Common Tasks tab, then Manage Channel and Containers from the submenu.

3. Select a portal and the DN where the portlet is deployed.

   The navigation tree with available channels and portlets is displayed.

4. From the navigation tree on the left frame, select the portlet channel.

   The preferences table and properties table is displayed on the right frame.

5. In the preferences table, click Edit Values link of a preference you want to modify.

6. In the preferences wizard, type the new value in the text field, and click OK.

   • To remove a value, select the value from the list and click Remove.

7. When you done with modifying preferences, click Save.

8. Click Close.

Managing Channels and Containers

This section describes how to manage portal server channels and containers from the management console.

The following topics are discussed:

• Viewing Channels and Containers

• Modifying Channels and Container Properties

• Creating and Deleting Channels and Containers

• Creating a Tab

• Displaying Channels and Containers

Viewing Channels and Containers

The desktop for a user is rendered by starting a desktop parent container. You can customize the parent container attribute at every organization, role and user DNs. The content for a desktop at a particular DN is provided by iterating the child containers and channels that selected to be to be displayed inside the desktop parent container.

Usually, the desktop parent container contains a few tab or table containers. Each tab container under the list of selected nodes of the parent container will display a tab on the user desktop. The channels that appear under the tab are the channels inside the tab container.

The bottom left frame of the Channels and Container Management in the portal management console has two components:

• View Type menu

• Channels and Container tree

Items in the View Type menu and the nodes displayed in the tree are dependent on content of the merged Display Profile XML.

The tree contains container and channel nodes. There are three types of channels that deliver content to the desktop:

• Provider (native) channels

• Portlet channels

• Remote portlet channels

You can click on any of the node links in the tree to display properties and actions on the right frame.

There are two types of items in the View Type menu:

• Display Profile XML Tree

• Desktop Views

See To View Display Profile XML Tree and Desktop Views

Display Profile XML Tree

The tree displays a complete set of channels and containers in the merged Display Profile (DP) XML. The root element in the DP XML Tree is DP_ROOT, which is the parent of all the channels and containers of the display profile. You can create a channel directly under DP_ROOT, or in a container under DP_ROOT.

The nodes listed under the DP XML Tree is not always displayed on the desktop. Some nodes in the display profile are never referenced or included in the hierarchy of the desktop container.

For example, the desktop default container JSPTabContainer has two containers, tab1 and tab2. If tab1 contains ch1 and ch2, and tab2contains ch3 and ch4, then there are five channels defined in the DP XML Tree. The DP XML Tree references ch1 to ch4 in the container hierarchy, but ch5 is not. So, only ch1 to ch4 will display on the desktop.

Desktop Views

Desktop views are top level containers available in the merged display profile. You can set each desktop views as the parent container for the desktop at the DN. When you select a desktop view, the tree provides a visual hierarchy of the channels and containers that has a role in rendering content to the desktop.

Channels and containers displayed under the desktop views have two states:

• Selected and visible on the desktop

• Available for selection

  ---

  Note –

  In this state, channels and containers icons are displayed in grey color.

  ---

You can change the state of channels and containers in a desktop view by clicking the task link on the right frame. To display a tool tip about the state, place the mouse over a container or channel icon. The tool tip also displays the fully qualified name of the node.

To View Display Profile XML Tree and Desktop Views

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals, then any DN from the Select DN drop-down menu.

   • You can also select the organization from Select DN menu in the Manage Containers and Channels page.

4. Under Tasks, click Manage Containers and Channels.

5. From the View Type drop-down menu select DP XML Tree or a Desktop View.

Modifying Channels and Container Properties

This section discusses the properties of channels and containers, and how to modify them.

You can perform the following tasks:

• To Create a Property

• To Edit a List

• To Modify Portlet Preferences

• To Modify Channel and Container Properties

• To Upload a Display Profile

Understanding Properties

The properties displayed when you click on the node in the tree are top level properties or channel level properties. These properties are defined at the provider level and you can customize these properties for a channel. However, new properties added to a channel cannot be added to the provider. This is the reason you cannot add new properties at the channel level.

The properties table displays client type and locale. There is no column to show the type of the property, however, the following convention is followed:

String

Value column has a wide text field for a maximum of 30 characters.

Integer

Value column has a narrow text field for a maximum of 5 characters.

Boolean

Value is a radio button.

Map

Name is a link.

List

Value column has an Edit Values link. Clicking this link opens a wizard to add and remove values.

Empty Collection

The name is a link showing Edit Values link. Name and value pairs may be added to an empty collection to behave like a map, and the Edit Values disappears. If values are added to an empty collection using Edit Values wizard, the collection behaves as a List and the name link disappears.

In addition to the Name and Value columns, the properties table has two more columns:

Category

Displays if the property is advanced or basic. The advanced properties generally are for experienced administrators.

State

Any property may be in three possible states:

• Default – Value assigned at the provider.

• Inherited – Values modified at some level above. For example, if the current node is a role, then the property may have been customized at the organization of the role. This organization may be the parent organization, or parent of the parent organization. When the property is inherited it is a link. Clicking this link shows all the possible parent nodes in the hierarchy from where this property was inherited from.

• Customized – Value defined at this node.

There are buttons in the properties table:

Remove Customization

Removes values defined at this node from the display profile. This may result in properties to be inherited from some parent in the hierarchy if the properties are customized there. If the value has not been customized anywhere in the hierarchy, the value defined at the provider is displayed and the state will show as Default.

Save

Saves additions, deletions, and changes of value.

Reset

Ignores changes and resets values to last saved state from the data store.

Clear All Sorts

Clears all sorts.

---

Tip –

Table may be sorted by clicking on any column title. When you click the Name button first to sort by name, a + appears next to the Category and State buttons. Click the + to apply the next sort criteria.

---

Table Preferences

Sets the table preferences.

Unless modified, the client type and locale are set to default.

To Create a Property

From the New Property wizard you can edit the values and save. You can also add new name and value pairs.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal from Portals.

4. From Select DN drop-down menu, select any DN.

5. Under Task, click Manage Channels and Containers.

6. Select a container in the tree on left frame to display Edit Properties page on the right frame.

7. Click the New Property button to launch the wizard.

8. Select the property type, and click Next.

9. Type a Name, select a Value, and specify if the property is advanced or not.

   ---

   Note –

   Collection property behaves like a map when it contains name and value pairs. Property of type Collection can be nested. The property path above the table will change to display the current nesting and you can navigate back.

   Any trailing values are optional. For example, the value may be en or en_US, but cannot be US only. The standard Java format for specifying a locale is followed.

   ---

10. Click Finish to create the property.

11. Click Close to display the new property in the table.

To Edit a List

Collection property behaves like a List when it contains only values.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal from Portals.

4. From Select DN drop-down menu, select any DN.

5. Under Task, click Manage Channels and Containers.

6. Select a container in the tree on left frame to display Edit Properties page on the right frame.

7. Click the Edit Values link of a property to launch the wizard.

8. Make your changes.

   • To add a value, type the name of the value in the New Value text box, and click Add.

   • To delete a value, select a value from the Values list, and click Remove.

9. Click Close.

   The edit properties page will update number of values in the list.

To Modify Channel and Container Properties

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal from Portals.

4. From Select DN drop-down menu, select any DN.

5. Under Task, click Manage Channels and Containers.

6. Select a channel or container in the tree on left frame to display Edit Properties page on the right frame.

7. Change the properties, and click Save.

Equivalent psadmin Command

psadmin modify-dp

Creating and Deleting Channels and Containers

This section discusses how to create and delete channels and containers from the portal management console.

• To Create a Channel or Container

• To Delete a Channel or Container

To Create a Channel or Container

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal from Portals.

4. From Select DN drop-down menu, select any DN.

5. Under Task, click Manage Channels and Containers.

6. Select a container in the tree on left frame to display Edit Properties page on the right frame.

7. Under Tasks, click New Channel or Container to launch the wizard.

   In the wizard, ensure that the selected portal and selected DN is where you want to create the channel or container and click Next.

8. Create a container or channel from the wizard.

   • To create a container, perform the following steps:

     1. Select a provider from the Container Provider drop-down menu, and click Next.

     2. Type a name in the Channel or Container Name text field, and click Next.

     3. Review your selections, and click Finish.

        A message confirms the creation of the container.

     4. Click Close

   • To create a channel, perform the following steps:

     1. Select a channel type.

        Select a channel from the following three types:

        • If you select Provider Channel, a list of provider channels are displayed.

        • If you select JSR 168 Portlet Channel, a list of portlet channels are displayed.

        • If you select WSRP Remote Portlet Channel, select the registered producer and the remote portlet from the drop-down menu.

     2. Type a name in the Channel or Container Name text field, and click Next.

     3. Review your selections, and click Finish.

        A message confirms the creation of the channel.

     4. Click Close.

Equivalent psadmin Command

psadmin add-dp

To Delete a Channel or Container

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal from Portals.

4. From Select DN drop-down menu, select any DN.

5. Under Tasks, click Manage Channels and Containers.

6. Select a container in the tree on left frame to display Edit Properties page on the right frame.

7. Under Tasks, click Select Channels or Containers to Delete.

8. Under Type, select Channel or Container.

   Available channels and containers are displayed.

9. Select a channel or container, and click Delete.

Equivalent psadmin Command

psadmin remove-dp

Creating a Tab

This section describes how to create a tab form the portal server management console.

To Create a Tab

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal from Portals.

4. From Select DN drop-down menu, select ay DN.

5. Under Tasks, click Manage Channels and Containers.

6. From the tree on the left frame, select a tab container.

7. Under Tasks in the right frame, click New Tab to launch the wizard.

Displaying Channels and Containers

This section discusses how to display channels and containers on the end-user Desktop. Channels and containers can also be made available on the content page so that the end user can select them to display on the Desktop.

To Display Channels and Containers on Desktop

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal from Portals.

4. Under Tasks, click Manage Containers and Channels.

5. Select a container in the tree on left frame to display Edit Properties page on the right frame.

6. Under Tasks, click Show or Hide Channels and Containers on Portal Desktop.

7. Under Ready For Use, select a channel or container.

8. Using the Add button, move the channels to appear on the Content Page or Portal Desktop.

   • Using the Remove button, you can move the channels or containers back to Ready For Use.

9. Click Save.

Equivalent psadmin Command

psadmin modify-dp.

Managing Desktop Attributes

This section discusses how to manage Desktop attributes. For more information, see Understanding Desktop Attributes.

Desktop attributes for the top level organization is different from different levels of the organization tree. You can change the location bar to TopLevel to see global Desktop attributes, and then select other distinguished names for organization or role Desktop attributes.

To Set Up Desktop Attributes

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals, then Desktop.

4. From the Select DN drop-down menu, select any DN.

5. Modify the configuration attributes as necessary under Desktop Attributes.

   The following options are available:

   COS Priority

   Sets the conflict resolution level for the Desktop service template used to resolve conflicts when multiple Desktop templates are merged. This attribute applies only to Organizations and Roles and doesn't apply to Users and Global DN.

   Parent Container

   Identifies which default container is rendered when the Desktop is called with an unspecified provider. The value for the Parent Container can be one of the containers which is defined as a TopLevelContainer that can draw a header and footer on the portal page. A container is a Top Level container if the display profile property TopLevel is set to true.

   Edit Container

   Specifies which default edit container to use to wrap the content when one is not specified in the URL. This container will be used by the parent container to draw the edit pages when the edit link is clicked on the channel title bar.

   Desktop Type

   The comma separated list used by the Desktop lookup operation when searching for templates and JSPs. The lookup starts at the first element in the list and each element represents a sub directory under the Desktop template base directory. e.g., "sampleportal,foo" in which case the lookup would be sampleportal directory, foo directory, default directory in that order.

   Desktop Attributes

   Specifies whether the Desktop attributes are displayed to the users associated with the role. This dynamic attribute is mainly used for role-based delegated administration in administration tag library. This attribute enabled to show, allows the delegated administrators to administer channels/containers inherited from the parent organizations. This attribute applies only to Organizations and Roles.

   Display Profile Priority

   Sets the priority of the display profile document. Display profile documents are merged from low priority to high priority. A lower number represents a lower priority. For example, a 1 is a lower priority than a 2. High priority documents override values set in lower priority documents using merge semantics (unless a lower priority document has locked the object for merging).

   ---

   Note –

   The display profile priority is not stored as Desktop service attribute.

   ---

   The following attributes apply only to Global (top level) DN.

   XML Parsing Validation

   Enables the validation for XML parsing.

   Federation

   Enables Identity Federation so that a user can associate, connect or bind multiple internet service providers, local identities, enabling them to have one network identity.

   Hosted Provider ID

   Specifies the unique identifier of the host that provides the network identity of a user.

   Session Reap Interval

   Specifies the session reap interval in seconds.

   Session Idle Time

   Specifies the idle time in seconds after which the session is terminated.

   Maximum Number of Client Sessions

   Specifies the maximum number of client sessions allowed at any given time.

   Anonymous Desktop

   When enabled, allows anonymous Desktop for the selected portal.

   Anonymous Access for Federated Users

   Prevents users with a network identity on a hosted provided to access the portal Desktop by providing a user name and password.

   Valid UIDs for Anonymous Desktop

   List of User IDs authorized to access the Desktop without authenticating.

6. Click Save to record the changes.

   Otherwise, click Reset to undo any edits.

   ---

   Note –

   To modify global attributes, Change the DN in the location bar drop-down to TopLevel.

   ---

Equivalent psadmin Command

psadmin undeploy-portlet

Administering the Display Profile

This section describes how to manage the Sun Java System Portal Server display profile. For more information, see Understanding the Display Profile.

You can perform the following tasks from the portal management console:

• To Download a Display Profile

• To Upload a Display Profile

• To Remove a Display Profile

To Download a Display Profile

You can download the display profile to a file.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals.

4. From Select DN drop-down menu, select any DN.

5. Click Download Display Profile under Tasks.

   The browser's download window pops up.

6. Select a location and Click Save.

   ---

   Note –

   This step may vary from browser to browser.

   ---

For equivalent psadmin Command

psadmin get-attribute

To Upload a Display Profile

You can upload the display profile to a file.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals.

4. From Select DN drop-down menu, select any DN.

5. Click Upload Display Profile under Tasks.

6. Choose a display profile file to upload using the Browse button.

   ---

   Note –

   The file should be located on local machine based on the user's browser settings.

   ---

7. Click Upload.

Equivalent psadmin Command

psadmin modify-dp.

To Remove a Display Profile

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals.

4. From Select DN drop-down menu, select any DN.

5. Click Remove Display Profile under Tasks.

6. Click OK in the warning dialog box to confirm deletion.

Equivalent psadmin Command

psadmin remove-dp

Chapter 5 Web Services for Remote Portlets

Sun Java^TM System Portal Server supports Web Services for Remote Portlets (WSRP). This chapter presents guidelines and best practices for using WSRP. This chapter contains the following sections:

• Understanding the WSRP Standard

• Administering the Producer

• Administering the Consumer

• Administering the WSRP Producer

• Administering the WSRP Consumer

Understanding the WSRP Standard

WSRP 1.0 is an OASIS standard that simplifies integration of remote applications and content into portals. The WSRP standard defines presentation-oriented, interactive web services with a common, well-defined interface and protocol for processing user interactions and for providing presentation fragments suited for mediation and aggregation by portals as well as conventions for publishing, finding and binding such services.

Because the WSRP interfaces are common and well-defined, all web services that implement the WSRP standard plug into all WSRP compliant portals – a single, service-independent adapter on the portal side is sufficient to integrate any WSRP service. As a result, WSRP is the means for content and application providers to provide their services to organizations running portals with no programming effort required.

See the WSRP 1.0 standard for more information:

http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsrp

The implementation of the WSRP 1.0 standard in Portal Server includes both the WSRP consumer and the WSRP producer. The WSRP producer implementation supports publishing JSR 168 portlets for use by a remote WSRP consumer. The JSR 168 portlets are deployed locally on a portal server. These portlets can be published by an instance of the WSRP producer.

Another portal server, through its WSRP consumer, can subscribe to these remote portlets. While local portlets can be expected to provide a large part of the base functionality for portals, remote portlets allow the potential to bind to a variety of remote portlets without installation effort or code running locally on the consuming portal server.

Administering the Producer

This section discusses the following topics:

• Creating a Producer That Supports Registration

• Creating a Producer That Does Not Support Registration

• Enabling and Editing WSRP Producer Properties

• Customizing Registration Validation Class

• Generating a Registration Handle

• Publishing Producer Details to ebXML Registry

• Finding a Producer

Create a producer if you want to offer locally deployed portlets remotely to other portals that act as WSRP consumers. A portal can host multiple producers. The consumer can import remote portlets offered by a producer. Based on the portlets that you want to provide to WSRP consumers, you may create one or more producers. A producer can support registration or it does not require registration. If a producer supports registration, then consumers must register to work with the producer.

Creating a Producer That Supports Registration

Registration is used to build a technical or business relationship between the consumer and the producer. While creating a producer, you can define any one of the following registration mechanisms: in-band registration or out-of-band registration:

If the producer requires registration and enabled in-band registration: the consumer can provide the details through WSRP interface and register with the producer. Consumer is also provided an option to register through out-of-band communication. That is, consumer can provide the registration handle obtained through out-of-band communication.

If the producer requires registration and enabled out-of-band registration: the consumer should obtain the registration handle through out-of-band communication and provide the registration handle during registration. Out-of-band registration happens with manual intervention such as phone calls, email, and so on. For a producer that supports out-of-band registration, the producer gets the details about the consumer through out-of-band communication, and it creates a registration handle for the consumer. The registration handle is communicated to the consumer through out-of-band communication.

To Create a Producer That Supports Registration

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. Click the WSRP tab.

5. From the Select DN drop-down menu select any DN, and click the Producer tab.

   The WSRP Producers table displays all producers that are created.

   ---

   Note –

   Organizations are created in Sun Java System Identity Server. Select the DN of an organization or suborganization based on the availability of portlets.

   ---

6. Click New to create a new producer.

7. Type the name to identify the producer.

8. Select Required for Registration.

9. Select Supported for Inband Registration if you wish the consumer to enter the details, while adding the configured producer, using Sun Java System Portal Server application interface.

10. To add a registration property, click Add Row. Enter the values. Enter the name of the registration property and description.

    ---

    Note –

    Registration properties are the details that you want to get from the consumer while the consumer registers to a specific producer. The registration properties entered by the consumer can be validated through the Registration Validation class.

    ---

11. Select Supported for out-of-band Registration if you wish the consumer to provide the details through out-of-band communication, such as phone calls, email, and so on.

12. Click Next.

    The Review screen displays the details that you entered. Review details. You can click Previous and change the details you entered.

13. Click Finish.

Equivalent psadmin Command

psadmin create-producer

Creating a Producer That Does Not Support Registration

For a producer that does not require registration, consumer is not required to enter any information or get any information through out-of-band communication. In this case, the consumer can not customize (or edit) the portlets offered by the producer. The producer that does not support registration provides Read-Only portals to the consumers.

To Create a Producer That Does Not Support Registration

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. Click the WSRP tab.

5. Select DN.

   The Configured Producers table displays all producers that are already configured.

6. Click New.

7. Type the name of the producer.

8. Select Registration not required.

9. Click Finish.

Equivalent psadmin Command

psadmin create-producer

Enabling and Editing WSRP Producer Properties

A newly created Producer should be enabled for a consumer to register. A producer can be enabled by adding one or more portlets.

A producer can be disabled. But, all the consumers registered with the disabled producer will not be able to access the portlets offered by the producer.

To Enable and Edit the Producer's Properties

1. In the Producer tab, click the producer name link.

   The Edit Properties screen appears. The screen displays WSDL (Web Services Definition Language) URL. WSDL URL is a unique URL for a specific producer through which the consumer accesses the producer.

2. Add one or more published portlets to the producer.

   ---

   Note –

   The producer must have at least one published portlet to enable it. The screen displays all published portlets associated with the portal in which the producer is created.

   ---

3. Select a portlet, and click Add.

4. Edit the Registration Validation Class field if required.

   Registration Validator is used to validate the registration properties that are entered by the consumer. You can also customize this class based on the needs.

5. Click Save. Now, the Enable check box displayed in the screen can be edited. Select Enable and click Save.

   ---

   Note –

   You can also edit other properties of the producer.

   ---

Equivalent psadmin Command

psadmin set-attribute

Customizing Registration Validation Class

You can customize the RegistrationValidator class. Using this class, you can process the registration properties. For example, verifying the zip code of the customer. RegistrationValidator is the SPI for registration validation in the WSRP producer. For more information on customizing the validation class, see http://portalID/portal/javadocs/desktop. You can also refer to WSRP: Validating Registration Data in Sun Java System Portal Server 7.1 Developer’s Guide.

Generating a Registration Handle

For a producer that supports registration, a registration handle needs to be generated for a specific consumer. After generating the registration handle, it needs to be communicated to the consumer to register with the producer through out-of-band communication. Consumer needs to enter the registration handle, while registering with the producer.

To Generate a Registration Handle

1. Click the Consumer Registration tab.

   The screen displays all consumers that are already registered to the specific producer.

2. Click New.

3. Type details, such as name, status, consumer agent, and method.

   Consumer name

   A unique name to identify the consumer.

   Status

   Can be Enabled or Disabled.

   Consumer Agent

   Specifies the name and version of the consumer's vendor. Consumer Agent Name should be ProductName.MajorVersion.MinorVersion, where ProductName identifies the product the consumer installed for its deployment, and majorVersion and minorVersion are vendor-defined indications of the version of its product. This string can then contain any additional characters/words the product or consumer wishes to supply.

   Method

   Specifies whether the Consumer has implemented portlet URLs in a manner that supports HTML markup containing forms with method, get.

4. Click Next.

   The screen displays the registration property values that are specified while creating the producer.

5. Enter the values, and click Next. Click Finish.

Publishing Producer Details to ebXML Registry

Publishing a producer stores producer details in any one of the repositories, such as Sun Java System Service Registry Server or an ebXML Registry server. After a producer is published, you can search for the details of the producer using the application interface or using the command-line interface. For details on setting up Sun Java System Service Registry Server, see the Service Registry 3.1 Administration Guide.

You need to configure Sun Java System Portal Server for Registry to publish the producer details to the registry.

To Configure Sun Java System Portal Server for Registry

1. Create the directory, /soar/3.0/jaxr-ebxml/security, in the machine where Portal Server is installed.

2. Copy keystore.jks from Registry Server's /var/opt/SUNWsrvc-registry/3.0/data/security directory to /soar/3.0/jaxr-ebxml/security.

3. Log in to the Portal Server management console.

4. Select the Portals tab.

5. Select a portal server from Portals.

6. Click SSO Adapter from the submenu.

7. Click JES-REGISTRY-SERVER.

   The Edit Meta-adapter - JES-REGISTRY-SERVER screen appears.

8. Type the details.

   If you are accessing the registry server through a proxy:

   http.proxy.host

   Hostname of the proxy server.

   http.proxy.password

   Proxy password if proxy server required authentication.

   http.proxy.port

   Port on which proxy server is available.

   http.proxy.user

   Proxy username if proxy server required authentication.

   If you are not using a proxy server:

   registry.keypassword

   Password that is required to get the key from the keystore.

   registry.keystorealias

   The key alias that is present in the keystore that is to be used for authenticating with the registry server.

   registry.keystorelocation

   Location of the keystore relative to /soar/3.0/jaxr-ebxml/.

   registry.keystorepassword

   Password used to open the keystore.

   registry.publishurl

   URL of the registry server where publish request should be sent. This URL should accept SOAP requests.

   registry.queryurl

   URL of the registry server where search request should be sent. This URL should accept SOAP requests.

To Publish Producer Details to Registry

The following steps explain how to publish a producer to the Registry Server:

1. Create organization data and producer data files.

   Organization data file can contain the following entries:

   org.name=Sun Microsystems

   org.description=Description

   org.primarycontact.name=Henry

   org.primarycontact.phoneno=1234567

   org.primarycontact.email=someone@host.com

   ---

   Note –

   The org.name and org.description should be similar as that of the details in Identity Server unless the Registry is deployed internally.

   ---

   The producer data file should have the following entries:

   producer.name=Producer_name

   producer.description=Producer_Description

   producer.id=Producer_ID

   ---

   Note –

   It is not a must that you should create all the data files. But, for searching the details of producer, organization, or portlet, you should have created at least one file associated with that.

   ---

2. Stop and restart the common agent container:

   /usr/lib/cacao/bin/cacaoadm stop

   /usr/lib/cacao/bin/cacaoadm start

3. To publish the produce details, use the following command:

   ./psadmin publish-registry -u amadmin -f password_file -p portal1 -m producer -U producer_data_file -O organization_data_file -T portlet -L --debug

   ---

   Note –

   The portlet file specifies the portlets that are offered by WSRP producer. The portlets list is specified as a string within double quotes and elements separated by space. For example, "NotepadPortlet BookmarkPortlet WeatherPortlet."

   ---

   ---

   Note –

   You can check the log file by using the following command: more var/opt/SUNWportal/logs/admin/portal.admin.cli.0.0.log

   ---

Equivalent psadmin Command

psadmin publish-registry

Finding a Producer

The following section explains how to search for a producer:

To Search a Producer

1. Create a Search Producer data file.

   Search Producer data file can contain the following:

   producer.name=producer_name

   producer.description=producer_description

   ---

   Note –

   The Search Producer data file contains a description of the producer to search for in the registry. Use the character % as a wildcard. For example, %acme% in producer.name any WSRP Producer that contains the string "acme" in its name.

   ---

2. To search the registry, use the following command:

   ./psadmin search-registry -m consumer -u amadmin -f ps_password -C search_producer_datafile -p portal1

3. Create a search Portlet data file.

   Search Portlet data file can contain the following:

   portlet.name=portlet_name

   portlet.description=portlet_description

   ---

   Note –

   The Search Portlet data file contains a description of the portlet to search for in the registry. Use the character % as a wildcard. For example, %stock% in portlet.name locates any Portlet that contain the string "stock" in its name.

   ---

4. To search based on portlet details, use the following command:

   ./psadmin search-registry -m consumer -u amadmin -f ps_password -D search_portlet_datafile

5. Create a Search Organization data file.

   Search Organization data file should contain the following:

   organization.name=organization_name

   organization.description=organization_description

   ---

   Note –

   The Search Organization data file contains a description of the organization to search for in the registry. Use the character % as a wildcard. For example, %acme% in organization.name locates any organization that contains the string "acme" in its name.

   ---

6. To search based on the organization data file, use the following command:

   ./psadmin search-registry -m consumer -u amadmin -f ps_password -L search_organization_datafile -p portal1

Equivalent psadmin Command

psadmin search-registry

Administering the Consumer

This section explains the activities need to be performed at the consumer side.

The following topics are discussed:

• Adding a Configured Producer

• Identity Propagation Mechanism

• Creating User Token Profiles Using WebServices SSO Portlet

• Configuring Digest Passwords

• Creating User Token Profiles Using WebServices SSO Portlet

• Updating Service Description

• Mapping User Categories to Roles

• Mapping Consumer Attributes

• Configuring Proxies

Adding a Configured Producer

To communicate with the portlets offered by the producer, a consumer needs to add a configured producer. If a producer requires registration, add a configured producer using the following methods:

• By entering the registration property values (in-band registration)

• By entering the registration handle (out-of-band registration)

If the producer does not require registration, the consumer is not required to enter any details while adding a configured producer.

To Add a Configured Producer

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. Click the WSRP tab.

5. Select any DN and click New.

6. Type the configured producer name. Select the identity propagation mechanism. By default, None is selected.

   ---

   Note –

   Identity propagation mechanism allows the users of the consumer portal to present their credentials to the producer portal. It is a mechanism by which users can federate their identity from consumer portal to the producer portal.

   ---

7. Type the WSDL URL, and click Next.

   ---

   Note –

   You can also search for a WSDL URL based on the producer or portlet. The search result displays WSDL URL of a producer only if the producer is published.

   ---

8. If the producer requires registration, you can register the producer in two methods: by entering the registration property values (in-band registration) or entering the registration handle (out-of-band registration). Click Next.

9. If you selected the first method in step 7, enter the registration properties and click Next. If you selected the second method, enter the registration handle obtained through out-of-band communication, and click Next.

10. Review the details and click Finish.

Equivalent psadmin Command

psadmin create-configured-producer

Identity Propagation Mechanism

Identity propagation is a mechanism by which the WSRP consumer supplies the identity of the user to the WSRP producer web service. It is a federation mechanism where the user federates its identity between the consumer and producer. After a successful federation, the consumer portal propagates the user identity to the producer portal. The WSRP producer, after receiving the user credentials from the consumer, validates the credentials and allows or denies access to the resource in the specified user context.

The user has two identities for each portal. That is, one for producer portal and the other for consumer portal. The user federates these identities using the identity propagation mechanism provided. This provides a single-sign on mechanism for the consumer and the producer portal. When the user logs into the portal through the consumer portal, the user gets the content that the user gets when logs directly into the producer portal. The changes that the user makes using the federated identity would be available when the user logs into the producer portal.

Sun Java System WSRP producer supports the following identity propagations:

• SSO Token: Select if both the producer portal and the consumer portal are connected to the same Access Manager instance. Typically recommended in configurations where both the producer portal and consumer portal are deployed within the same organization.

• WSS User Name Token Profile (username only): Uses the WSS specification where the user name is propagated as WS Security headers from the consumer portal to the producer portal.

• WSS User Name Token Profile (with password digest): WS Security headers send the user ID that is targeted at the producer with the password in the Digest form.

• WSS User Name Token Profile (with password text): WS Security headers send the user's user ID that is targeted at the producer with the password in the Text form.

In the above list, the last three options implement the OASIS WSS Username token profile specification. This specification describes how to use the Username Token with the Web Services. WSS specification describes how a web service consumer can supply a Username Token by identifying the requestor by username, and optionally using a password to authenticate that identity to the web service producer.

Many portal vendors support and implement the OASIS WSS Username token profile specification. Use one of the three options when interoperability is required.

There are two levels of identity propagation mechanism in Portal Server. First, the administrator of the consumer portal discovers that the producer portal supports one of the above specified identity propagation mechanisms. The administrator may allow the users to send their identity. Portal Server consumer supports all the above mentioned Identity Propagation Mechanisms.

After the consumer is created, the administrator has to create remote channels based on the identity propagation mechanism supported by the consumer. After the channels are available on the user Desktop, they are ready to accept identity propagation.

The identity propagation mechanism is set at the producer automatically. Portal Server checks for authentication from Sun SSO, then OASIS user name token profile, and then the No Identity Propagation mode.

Configuring Digest Passwords

Only new users can use the Digest Password facility after running the configuration command to store the LDAP passwords in plain text

Creation of a consumer should involve selecting the WSSO Username Token Profile (with Digest Password) option for User Identity Propagation Mechanism.

The Web Services SSO Portlet must be edited to select the appropriate Web service URL (producer) and provide the new username and password.

To Configure the Accept Digest Passwords

Do the following to configure Sun Java System WSRP Producer to accept Digest Passwords.

1. Run the command /opt/SUNWdsee/ds6/bin/dscfg set-server-prop pwd-storage-scheme:CLEAR to change the password storage scheme of the Directory Server so that plain text passwords are stored.

   ---

   Note –

   It is assumed that the default installed location of the Directory Server is /opt/SUNWdsee.

   ---

2. Create a new user in the AM console, to ensure that the Username Token Profile with Password Digest can be used.

Recommendations

• When using the WSS User Name Token Profile (with PasswordDigest), communication between the producer portal and consumer portal should be secure because the password is sent in plain text between the consumer and the producer.

• Two different consumers that point to the same producer URL should use the same identity propagation mechanism types.

Creating User Token Profiles Using WebServices SSO Portlet

You can create user token profiles to authenticate user credentials if the user uses identity propagation mechanism. You can define the user name and password for specific Web service that the producer offers.

To Provide User Credentials Using WebServices SSO Portlet

1. Log in to Portal Server Desktop.

2. In the WebServices SSO Portlet, click the Edit button.

3. In the Create NewToken Profile section, select the WebService URL for which you want to create a user token profile.

4. Type the user name and password. Click Add.

   You can also edit or remove an existing user token profile.

Updating Service Description

After the consumer configures the producer, use the Update Service Description option to update any changes made to the producer later. For example, addition of new portlets or changes to the registration properties after the registration.

To Update Service Description

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. Click the WSRP tab.

5. Select DN (Distinguished Name).

6. Click the configured producer link.

7. In the Edit Configured Producer screen, click Update Service Description.

Equivalent psadmin Command

psadmin update-configured-producer-service-description

Mapping User Categories to Roles

WSRP supports the concept of user categories, which are included in the service description of the producer. Mapping user categories to the roles allows the user to map the roles that are defined in the consumer portal to the roles that are defined in the portlet. Sun Java System Portal Server maps Java System Access Manager's roles to the portlet's roles. These roles can be mapped to the corresponding WSRP user categories.

You can perform the following tasks:

• To Create Roles in Portlets

• To Map User Categories to Role

Roles can be defined in the portlet while deploying the portlet.

The roles defined in the portlet must exist in the Access Manger of the producer.

To Create Roles in Portlets

The following task creates a role in amconsole in Sun Java System Access Manager and Portlets.

1. Log in to the Access Manager console.

2. Create a role and add a user to it.

3. In webxml of the portlet application, add the following code:

   <security-role>

   <role-name>PS_TEST_DEVELOPER_ROLE<role-name>

   </security-role>

4. Add the following lines in portlet.xml of the portal.

   <security-role-ref>

   <role-name>PS_TEST_DEVELOPER_ROLE<role-name>

   <role-link>PS_TEST_DEVELOPER_ROLE<role-link>

   </security-role-ref>

5. Create the portlet application war file.

6. Create a roles file with the following entry.

   cn\=AM_TEST_DEVELOPER_ROLE,o\=DeveloperSample,dc\=india,dc\=sun,dc\=com=PS_TEST_DEVELOPER_ROLE

7. Deploy the portlet using the following command.

   /opt/SUNWportal/bin/psadmin deploy-portlet -u amadmin -f ps_password -d "o=DeveloperSample,dc=india,dc=sun,dc=com"-p portal1 -i stockprice-8080 --rolesfile rolesfile TestPortlet.war

Equivalent psadmin Command

psadmin deploy-portlet

To Map User Categories to Role

Do the following to map user categories to role:

1. In the Consumer tab, click the producer name link.

   The Edit Configured Producer screen displays the following: User Category: The roles in the producer portlet. Local Roles: The roles that are defined at the consumer's Sun Java System Access Manager.

2. In the User Categories to Role Mapping section, map user categories to the roles defined at the consumer, and click OK.

Mapping Consumer Attributes

The Sun Java System Portal Server implementation of WSRP Consumer maps common user attributes stored in the user entry on the Sun Java System Directory Server to the standard set of user attributes that the WSRP specification mandates.

If a consumer portlet uses any of the attributes that are not specified in the LDAP schema, create a custom object class to store these attributes and add this object class to the user entry. After attributes are created, map the LDAP attribute to the corresponding WSRP attribute using Sun Java System Access Manager management console.

Configuring Proxies

Proxies need to be configured for consumer and for web container XML files.

You can perform the following tasks:

• To Configure Proxy for Consumers in Common Agent Container

• To Configure Web Container XML file

To Configure Proxy for Consumers in Common Agent Container

1. Run ./cacaoadm get-param java-flags.

2. Copy the values and paste it to ./cacaoadm set-param java-flags.

3. Now add the following to the command: -Dhttp.proxyHost=webcache.canada.sun.com -Dhttp.proxyPort=8080 -Dhttp.proxyUser=Proxyuser -Dhttp.proxyPassword=Password

4. Press Enter.

5. Restart the common agent container server.

To Configure Web Container XML file

1. Edit the following file:

   vi /var/opt/SUNWappserver/domains/domain1/config/domain.xml

2. Set the following JVM options:

   • Dhttp.proxyHost

   • Dhttp.proxyPort

   • Dhttp.proxyUser

   • Dhttp.proxyPassword

Administering the WSRP Producer

This section describes how to administer the Sun Java System Portal Server Web Services for Remote Portlets (WSRP) service. The tasks to administer a WSRP producer are:

• To Create a WSRP Producer

• To Edit a WSRP Producer

• To Create a Consumer Registration

• To Edit a Consumer Registration

To Create a WSRP Producer

A WSRP producer is created with the following:

• Name of the producer instance (must be unique for the entire portal server)

• Whether registration is required. When registration is required, all WSRP consumers must register with this producer instance before making requests. Requests from unregistered WSRP consumers will be denied.

• Whether in-band registration is supported. In-band registration allows WSRP consumers to register programmatically. Otherwise, out-of-band registration is required with manual contact (such as email or telephone) between the WSRP consumer administrator and the WSRP producer administrator to set up and exchange access to a registration handle.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. Click WSRP, then Producers from the submenu.

5. From Select DN drop-down menu choose any DN.

6. From WSRP Producers click New to launch the wizard

7. Follow the instructions to create the specified producer.

   For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference

Equivalent psadmin Command

psadmin create-producer

To Edit a WSRP Producer

You can edit the WSRP Producer as follows:

• Add or remove portlets from the published list

• Change the requirement on registration

  ---

  Caution –

  This option should be modified for an existing producer.

  ---

• Enable or disable in-band registration

• Specify the Registration Validator Class. The registration validator class is used by the WSRP Producer to validate that the values sent by the WSRP consumer are acceptable.

• Add new registration properties. Any change in properties will apply to subsequent consumers registering with the producer.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. Click WSRP, then Producers from the submenu.

5. From Select DN drop-down menu choose any DN.

6. Select a WSRP producer and modify the configuration attributes as necessary

   For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference

7. Click Save to record the changes.

Equivalent psadmin Command

psadmin set-attribute

To Create a Consumer Registration

Each consumer registration represents a remote WSRP consumer that has established a relationship with the WSRP producer. A WSRP producer that supports allows multiple WSRP consumers to register with it. The registration mechanism allows a WSRP consumer to describe its capabilities to a WSRP producer.

A WSRP consumer is added out of band (such as by email or telephone). The information entered when adding a consumer registration must match the capabilities of the WSRP consumer that is given the registration handle. Consumer registrations allow a WSRP producer to scope artifacts (such as portlet preferences) that a WSRP consumer creates on the WSRP producer.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. Click WSRP, then Producers from the submenu.

5. From Select DN drop-down menu choose any DN.

6. Select a WSRP producer, then Consumer Registrations.

7. Click New to launch the wizard.

8. Follow the instructions to create the specified consumer registration.

   For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference

Equivalent psadmin Command

psadmin create-consumer-registration

To Edit a Consumer Registration

You can edit existing consumer registrations manually. Note that this could also be done via in-band registration from the WSRP Consumer end. Ensure that both out of band and in band registration are not used simultaneously.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. Click WSRP, then Producers from the submenu.

5. From Select DN drop-down menu choose any DN.

6. Select producers, then select a WSRP producer, then Consumer Registrations.

7. Select a consumer registration and modify the configuration attributes as necessary.

   For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference

8. Click Save to record the changes.

Administering the WSRP Consumer

This section describes the tasks to administer the WSRP Consumer:

• To Add a Configured Producer

• To Edit a Configured Producer

• To Specify the Consumer Name

To Add a Configured Producer

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. Click WSRP, then Producers from the submenu.

5. From Select DN drop-down menu choose any DN.

6. Under Configured Producer click New to launch the wizard

7. Follow the instructions to create the specified configured producer.

   For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference

Equivalent psadmin Command

psadmin create-configured-producer

To Edit a Configured Producer

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. Click WSRP, then Consumer from the submenu.

5. From Select DN drop-down menu choose any DN.

6. Select a configured producer and modify the configuration attributes as necessary.

   ---

   Note –

   Use the Update Service Description option to update any changes made to the producer. See Updating Service Description.

   ---

   For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference

7. Click Save to record the changes.

Equivalent psadmin Command

psadmin set-attribute

To Specify the Consumer Name

The WSRP consumer sends the consumer name to producers during registration. The value specified for the consumer name is used as the default unless a value is specified for consumer name at the organization or suborganization level.

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server from Portals.

4. Click WSRP, then Consumer from the submenu.

5. From Select DN drop-down menu choose any DN.

6. Under WSRP Consumer, click Edit.

7. Specify the consumer name.

8. Click OK.

Equivalent psadmin Command

psadmin set-attribute

Chapter 6 Managing Portal Server End-User Behavior Tracking

This chapter describes how to track Sun Java System Portal Server user behavior.

This chapter contains the following sections:

• Understanding Portal Server User Behavior Tracking

• Setting Up Portal Server User Behavior Tracking

Understanding Portal Server User Behavior Tracking

Portal Server user behavior tracking (UBT) provides a way to track end-user activity on the Portal Server application. User activity on Portal Desktop is captured into a ubt log file. The ubt log file is recorded in a W3C standard Extended Log File Format. From this log file, you can create various end-user behavior tracking reports using the Portal Server console or the psadmin generate-ubt-report command. You can also use third-party tools such asAWStats to generate UBT reports.

You can also enable UBT from the UBTConfig.properties file. Go to /var/opt/SUNWportal/portals/portalID/config/UBTConfig.properties and set com.sun.portal.ubt.enable=true.

The table shows the list of UBT reports, their description, and the available format of the reports.

Setting Up Portal Server User Behavior Tracking

This section has information on how to enable user behavior tracking and generate reports.

You can perform the following tasks from the portal server management console:

• To Enable the User Behavior Tracking Logging

• To Generate User Behavior Tracking Reports

To Enable the User Behavior Tracking Logging

By default, UBT logging on a Portal Server application is not enabled.

1. Log in to the Portal Server management console.

2. Select the Common Tasks tab.

3. Under Reports and Logs, click Portal Usage Reports to launch the wizard.

4. From Select Portal drop-down menu select a portal instance, and click OK.

   The User Behavior Tracking page is displayed.

5. Click the Settings submenu and enable UBT logging under Common Properties.

   For more information on Common Properties, Handler Properties and Event Settings, see Sun Java System Portal Server 7.1 Technical Reference

   ---

   Note –

   For all other properties, default values are already set and are sufficient for UBT to work. To apply the changes to all instances of Portal Server, click the Apply to All Instances button. Otherwise, click the Apply to Selected Instance button.

   ---

6. Access the portal Desktop and make sure user behavior tracking log files are generated.

   By default, user behavior tracking logs are written into /PortalData-Dir/portals/PortalID/logs/instanceID/ubt.0.0.log file.

To Generate User Behavior Tracking Reports

1. Log in to the Portal Server management console.

2. Select the Common Tasks tab.

3. Under Reports and Logs, click Portal Usage Reports to launch the wizard.

4. From Select Portal drop-down menu select a portal instance, and click OK.

   The User Behavior Tracking page is displayed.

5. Click the Reports submenu.

   Eight reports are listed. All these reports can be generated either in PDF or HTML format. See Table 6–1 for more information.

Equivalent psadmin Command

psadmin generate-ubt-report

Chapter 7 Monitoring Portal Server Activity

This chapter describes how to set up the Sun Java^TM System Portal Server monitoring.

This Chapter contains the following sections:

• Understanding Portal Server Monitoring

• Setting Up Portal Server Monitoring

• Collecting Portal Server Monitoring Data

Understanding Portal Server Monitoring

Monitoring helps record runtime resource information about portal server. Desktop monitoring keeps record of information on requests received by portal server for content, edit, and process types. It also records information on the minimum, maximum and average response time for each type of request for the different channels of portal server.

Information gathered from monitoring portal activity is useful to optimize portal response time either by moving channels that need a higher response time to separate secondary tab, or by setting the time-out property for Desktop channels based on cache hits.

The Java Virtual Machine (JVM) in a portal server collects monitoring data for the Desktop. Monitoring information can be viewed on portal server management console, or can be accessed using psadmin monitoring subcommands. See Sun Java System Portal Server 7.1 Command Line Reference.

Monitoring uses Java Management Extensions (JMX^TM technology) and registers Management Beans (MBeans) in the portal server instance's MBeansServer that represents portal server Desktop and portal Desktop channels. Each MBean attribute represents monitoring data collected for each resource. The portal management console and psadmin monitoring subcommands communicate with MBeans to collect and present monitoring data for a portal server instance.

Setting Up Portal Server Monitoring

Monitoring can be configured by accessing monitoring properties stored in /var/opt/SUNWportal/portals/portalID/config/instanceID/monitoring.properties file. Monitoring is enabled by default. To disable monitoring, set com.sun.portal.monitoring.MonitoringContext.monitoring.disable property to true. When the JVM restarts, monitoring is disabled.

You can also enable or disable monitoring from the portal management console.

• To Enable or Disable Portal Monitoring

• To View Desktop Statistics

• To View Channel Statistics

To Enable or Disable Portal Monitoring

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals.

4. Click the Monitoring tab.

5. Click Settings submenu.

6. Select a portal server instance.

7. Click Enable Monitoring or Disable Monitoring button.

To View Desktop Statistics

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals.

4. Click the Monitoring tab.

5. Click Desktop Request/Response Statistics from the submenu.

To View Channel Statistics

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals.

4. Click the Monitoring tab.

5. Click Channel Action Statistics from the submenu.

6. From Select DN drop-down menu choose an organization.

7. Select the server from the Server Instance drop-down menu.

Collecting Portal Server Monitoring Data

Monitoring collects seven types of data requests received by the Desktop. Each type of request is represented as MBean with type DesktopRequestStatistic, and name MBean property as the request type. For example, type=DesktopRequestStatistics,name=Content name properties help identify Desktop content request statistics.

Desktop Statistics

The seven types of requests are explained in the following list:

Content

The number of times Desktop successfully served content requests, and the time taken for it.

Edit

The number of times Desktop successfully served edit requests , and the time taken for it.

Exception

The number of times Desktop could not serve a request due to some exception during request processing. Exception information is logged in portal server log files.

LocalAuth

The number of times Desktop responded to local authentication requests.

Logout

The number of times user logged out from portal server, and how long it took to log out

PreLogin

The number of times Desktop responded to pre-login requests.

Process

The number of times Desktop processed edit requests, and the time taken for it

You can view the Desktop statistics from the portal management console.

Channel Statistics

Each type of channel action is represented as MBean with type ChannelActionStatistic along with additional name properties that identify the channel. To know the full MBean name, use the command psadmin get-monitoring-mbean-names.

Portal Desktop presents cached content view for a channel based on time-out channel property

The types of channel actions that are monitored for each Desktop channel are explained in the following list:

Content

The number of times channel provider successfully generated the content view, and the response time for it.

Edit

The number of times channel provider successfully presented the edit view, and the response time for it.

Process

The number of times channel provider processed the edit view.

You can view the Desktop statistics from the portal management console.

Chapter 8 Managing Portal Server Logging

This chapter describes how to obtain Sun Java^TM System Portal Server log information.

This chapter contains the following sections:

• Understanding Portal Server Logging

• Managing Portal Server Logging

Understanding Portal Server Logging

Portal Server supports logging across all components. The logs and log configuration are uniform across portal components. Seven standard log levels range from severe to fine grain. The logs can be routed to different files or data sinks and can consist of a single file or multiple files; that is, one for each component.

Log levels can be set for each module and sub-module, and logs can be routed to separate files for each module and sub-module within each component.

Managing Portal Server Logging

You can set up and manage Portal Server logging using the following components:

• Log Viewer

• Common Logger settings

• Specific Logger settings

You can manage portal logging from the portal management console.

• To Manage the Log Viewer

• To Customize the Log Display

• To Manage Common Logger Settings

• To Manage Specific Logger Settings

To Manage the Log Viewer

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals.

4. Click Logging, then Log Viewer from the submenu.

5. From the Instance Name drop-down menu, select a portal instance.

   The Search Criteria and Search Results page for the log viewer is displayed.

6. Enter the values for the Search Criteria, and click Search.

   The following search options are available:

   Log File Name

   File name that has the log content.

   Log Level

   Messages at the selected level or higher appear in the log. The available levels are SEVERE, WARNING, INFO, CONFIG, FINE, FINER, and FINEST. The default level is INFO, so the log will contain messages of INFO, WARNING, or SEVERE levels.

   To ensure that the messages you want to view appear in the log, first set the appropriate log levels on the Specific Logger Settings page.

   Timestamp

   Displays log messages of a certain time period.

   You can view 100 most recent log entries, or type a time period in the From and To text boxes.

   If you choose a Specific Range:

   • Both the From Date and To Date values are required

   • The From Date value cannot be later than the To Date value

   • The To Date value cannot be later than Today's Date

   • The From Time and To Time values are optional. If the From Time value is specified, then the To Time value has to be specified. For the Time value, the syntax must take the form hh:mm:ss.SSS. SSS stands for milliseconds. For example, 18:20:10.000

Equivalent psadmin Command

psadmin set-logger

To Customize the Log Display

You can customize the Search Results page using the following steps:

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a Portal Server under Portals.

4. Click Logging, then select a portal server from the Instance Name drop-down menu.

5. In the Log Viewer Results table, click the Timestamp column header to sort the messages.

6. Click the details link to view a formatted log message in a new window.

To Manage Common Logger Settings

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a Portal Server under Portals.

4. Click Logging, then Common Logger settings from the submenu.

5. From the Instance Name drop-down menu, select a portal instance.

6. Modify the configuration attributes as necessary.

   The following options are available:

   General

   Log Level — You can choose what information to view in a log file by selecting a log level setting.

   The choices for Log level include:

   • Severe - errors visible to users

   • Warning - user warnings

   • Info - informative for users

   • Config - static setup information for developers

   • Fine - basic tracing information

   • Finer - detailed tracing information

   • Finest - complete tracing information

   • Off - can be used to turn off logging

   • All - indicates that all messages should be logged

   File Handler Properties

   • Limit — Specify the size of the log file in bytes. If the log file size exceeds this value, the log file will be rotated based on file count. The default value is 5 megabytes.

   • File Count — When the log reaches the specified size in bytes, create a new empty file with the generation number (%g in the File Pattern) incremented by 1. The default value is 2. To turn off log file rotation, set the value to 0.

   • Append — Specify whether the new message is to be appended to the existing file. Default is true.

   • Filter — To filter log records that are sent to destinations such as portal log or a destination specified by a custom log handler, you can plug in a custom log filter. The custom filter must implement the interface java.util.logging.Filter. Type the absolute class name of the filter in the field. Also put the filter class in the Application Server classpath so that the filter is installed during server startup.

   Other

   • Custom Handlers — To send logs to a destination other than portal log, you can plug in a custom log handler. The custom handler must extend the class java.util.logging.Handler (a JSR 047 compliant API). Type the absolute class name of the handler in the field. Also put the handler class in the Application Server classpath so that the handler is installed during server startup. You can specify more than one handler. Use comma to separate multiple names.

   • Use Web Container Log File — To disable portal logging administration and route all logs to the web container log file, chose Yes, other chose No. Default is No.

7. Click Apply to the Selected Instance or Apply to All Instances to record the changes.

Equivalent psadmin Command

psadmin set-logger

To Manage Specific Logger Settings

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a Portal Server from Portals.

4. Click Logging, then Specific Logger settings from the submenu.

5. From the Instance Name drop-down menu, select a portal instance.

6. Modify the configuration attributes as necessary.

   The following options are available:

   Logger Settings

   • Logger Name – Click the logger name to get the configuration details of the logger.

   • Log Level – You choose what information to view in the log file for the logger by selecting a log level setting or you can inherit the log level from the parent logger. For example, if the log level of debug.com.sun.portal is INFO and the log level of debug.com.sun.portal.desktop is Inherit Parent Logger Level, then its value will also be INFO.

   • Log File Merge Strategy – For a logger, you can choose whether you want the log messages in the same log file as parent (Log to Parent Log File) or the log should go to a separate file (Log to Separate Log File).

   • Parent Handler – For a logger, if the Log File Merge Strategy is set to Log to Separate Log File, you can choose whether you want the messages to be logged to both the separate log file as well as the parent log file (Inherit Parent Handlers) or log to separate file only (Do not Inherit Parent Handlers).

   • Parent Handler – For a logger, if the Log File Merge Strategy is set to Log to Separate Log File, you can choose whether you want the messages to be logged to both the separate log file as well as the parent log file (Inherit Parent Handlers) or log to separate file only (Do not Inherit Parent Handlers).

   • Stacktrace – For a logger, you can choose whether you want the stacktrace to be logged for all levels (Print Stack Trace for All Levels) or for only till WARNING log level (Print Stack Trace till Warning Level).

     ---

     Note –

     If Log File Merge Strategy value is Log to Parent Log File, Parent Handler and stacktrace values are ignored. If Log File Merge Strategy value is Log to Separate Log File, and if Parent Handler value is Inherit Parent Handlers, the Stacktrace value Print Stack Trace for All Levels is not valid.

     ---

7. Click Apply to the Selected Instance or Apply to All Instances to record the changes.

Equivalent psadmin Command

psadmin set-logger

Chapter 9 Managing Portal Server Subscriptions

This chapter describes the Sun Java^TM System Portal Server subscriptions component and how to manage it. The chapter contains following topics:

• Understanding Portal Server Subscriptions

• Setting Up Subscriptions

• Administering Portal Server Discussions

Understanding Portal Server Subscriptions

Subscriptions enable end users to create a profile covering many sources of information, including categories, discussions, and searchable documents. The profile is updated with the latest information each time the end user accesses the Subscriptions channel. The Subscriptions channel summarizes the number of items of relevant information that match each profile entry that the end user defines for categorized document or discussions.

You can match the following types of content using the search server:

• New documents in a target category from a specified range of days

• New relevant comments within a discussion from a specified range of days

• Document hits against saved searches

The result is displayed as a link that shows the number of matching information to the profile entry. This link redirects the end user to a more detailed view of the match itself.

In case of a category subscription, the link redirects the end user to the search channel, which summarizes the specific documents of interest in a standard category search result format. The Subscriptions channel acts as the doorway to a more detailed view for the end user.

The Profiler function provides email notifications when the content of specified interests has changed. The Profiler obtains subscription details for end users from the Access Manager, fetches the results from the Search server, and sends email notifications to end users. You can schedule the Profiler to run at a specific time at the organization level.

Setting Up Subscriptions

You can enable or disable subscriptions. Subscriptions can be set up at the:

• Root Level

• Organization Level

• End-User Level

To Set Up Subscriptions

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals.

4. Click the Subscriptions tab.

5. Set the subscriptions level by choosing one of the following, and set the default values:

   • From the Select DN drop-down menu, choose TopLevel [Global].

     ---

     Note –

     Administering subscriptions at the TopLevel sets the system-wide default maximum number of subscriptions for each type, or for categories, discussions, and saved searches.

     ---

     Maximum number of Categories subscriptions

     Specifies the maximum number of categories that a user can subscribe to.

     Maximum number of Discussion subscriptions

     Specifies the maximum number of discussions that a user can subscribe to.

     Maximum number of Saved searches

     Specifies the maximum number of searches that can be saved.

   • From the Select DN drop-down menu, choose any Organization.

     ---

     Note –

     Administering Subscriptions at the Organization level overwrites the system-wide default maximum number of subscription per type (that is, for categories, discussions, and for saved searches).

     ---

     Profiler SMTP

     The host system that serves as the SMTP server to route Email notifications to the end users.

     Profiler Email

     Subscription profiler email address from which the user receives email notification. Email should be in the form ID@domain.

     Profiler Provider

     The URL of the Profiler channel that is used to render the content of the Email notification to the user. It should be in the form of http://HOST:PORT/portal/dt?

     provider=profiler&desktop.suid=UID_OF_AUTHLESSANONYMOUS_USER

     Profiler Default Search

     The URL of the default search server. Profiler Default Search is only used for backward compatibility with user profiles created with Portal Server 6.3.x. It should be in the format http://HOST:PORT/search1/search

     Profiler Max Hits

     The maximum number of result hits that any given end user subscriptions in the organization will see in email notification sent to a user. For example, if the value is 5, a saved search with a large scope like “*” is limited with five most relevant results.

     Maximum Category subscriptions

     The maximum number of categories that a user can subscribe to.

     Maximum Discussion subscriptions

     The maximum number of discussions that a user can subscribe to.

     Maximum Saved Searches

     The maximum number of searches the end user can save.

   • From the Select DN drop-down menu, choose any User.

     ---

     Note –

     Administering Subscriptions at the Organization User level edits user’s Subscriptions settings. The administrator can maintain the user’s service data.

     ---

     • Update user subscriptions

     • Delete user subscriptions

     Profiler Enabled

     Allows users to receive email notifications by selecting Enabled.

     For each type of subscription, add or remove subscriptions. The format of:

     Category subscription

     label | target category | scope | lapsed time | rating | server | database | status

     where

     label

     Refers to a logical reference given to the edited subscription and it must be a string. This is a required field.

     target category

     Must be of the string format ABC:DEF:GHI

     scope

     Refers to a search query and it must be of a string format that is a valid search string, including search operators.

     lapsed time

     Must be one of the following numbers:

     • 0 = forever

     • 1 = since yesterday

     • 7 = since last week

     • 30 = since last month

     • 180 = since last 6 months

     • 365 = since last year

     rating

     This is the minimum rating that a matching document should be to be selected as a match for the subscription.

     Values are number

     • –1 = irrelevant

     • 0 = routine

     • 1 = interesting

     • 2 = important

     • 3 = must read

     server

     This is the URL of the search server that will be queried to find content matching subscription's criteria.

     database

     Target search server database where subscription searches for potential matches. This is a single value database.

     status

     Boolean value that marks whether the subscriptions is active or inactive.

     • Active means the subscriptions is to be evaluated.

     • Inactive means the subscriptions is dormant.

     Discussions subscriptions

     label | target discussion | scope | lapsed time | rating | server | database | status

     where:

     label

     Refers to a logical reference given to the edited subscription and it must be a string. This is a required field.

     target discussion

     Parent node of the discussion thread from which subscriptions will try to find matching content for other defined criteria.

     scope

     Refers to a search query. scope must be a string format that is a valid search string, including search operators.

     lapsed time

     Must be one of the following numbers:

     • 0 = forever

     • 7 = since last week

     • 30 = since last month

     • 180 = since last 6 months

     • 365 = since last year

     rating

     This is the minimum rating that a matching document should be to be selected as a match for the subscription.

     Values are number

     • –1 = irrelevant

     • 0 = routine

     • 1 = interesting

     • 2 = important

     • 3 = must read

     server

     This is the URL of the search server that will be queried to find content matching subscription's criteria.

     database

     Target search server database where subscription searches for potential matches. This is a single value database.

     status

     Boolean value that marks whether the subscriptions is active or inactive.

     • Active means the subscriptions is to be evaluated.

     • Inactive means the subscriptions is dormant.

     Saved searches

     label | scope | lapsed time | rating | server | database | status

     where

     label

     Refers to a logical reference given to the edited subscription and it must be a string. This is a required field.

     scope

     Refers to a search query and if must be of a string format that is a valid search string, including search operators.

     lapsed time

     Must be one of the following numbers:

     • 0 = forever

     • 1 = since yesterday

     • 7 = since last week

     • 30 = since last month

     • 180 = since last 6 months

     • 365 = since last year

     rating

     This is the minimum rating that a matching document should be to be selected as a match for the subscription.

     Values are number

     • –1 = irrelevant

     • 0 = routine

     • 1 = interesting

     • 2 = important

     • 3 = must read

     server

     This is the URL of the search server that will be queried to find content matching subscription's criteria.

     database

     Target search server database where subscription searches for potential matches. This is a single value database.

     status

     Boolean value that marks whether the subscriptions is active or inactive.

     • Active means the subscriptions is to be evaluated.

     • Inactive means the subscriptions is dormant.

6. Click Save.

Equivalent psadmin Command

psadmin set-attribute

Administering Portal Server Discussions

This section describes the discussions channel and how to manage it.

This section contains the following:

• Understanding DiscussionProvider

• Administering the DiscussionProvider

• DiscussionLite Channel

Understanding DiscussionProvider

The Discussions channel is based on the DiscussionProvider, similar to the search channel’s JavaServer Pages^TM (JSP^TM) files. The discussion channel has a query portion and a display portion, and uses Desktop themes.

The DiscussionProvider:

• Uses the Desktop themes

• Is based on JSP technology

• Retrieves data from the back-end Search service using search tag libraries and API

Discussions and comments are stored as different Resource Descriptors (RDs) in the discussion database. The DiscussionProvider supports:

• A full view (using the Discussions channel) and an abbreviated view (using the DiscussionLite channel) that:

• Starts a new discussion from the discussion channel

• Posts replies to an existing discussion

• Starts a new discussion based on web documents from the search channel

• A Discussion List that:

  • Retrieves main posts sorted by last-modified date

  • Has pagination so users can access older discussion

• A discussion view that displays each discussion subtree. The main item is displayed in detail and the subtree is displayed below the main item. View discussion includes:

  • Several filters on the page. A document display can be based on filters such as document rating (irrelevant, routine, interesting, important, and must read).

  • Display preference can be set to threaded or flat display.

  • Expansion threshold to help control displayed items in the subtree. The users can choose to expand only highly rated documents, or expand all or collapse all. Default value is collapse all. Expand all displays all the filtered comments, shows a description of the discussion, provides a menu for rating the discussion, and allows the user to post a reply.

  • Support to search within a discussion. The user also has the option to set these preferences through the channel edit page.

• Commenting and rating a discussion. For example, users can:

  • Add a comment on an existing discussion.

  • Rate all discussions and comments. User rating is not immediately visible. The rating calculation is based on an algorithm, and the rating for any comment goes up gradually. For example, a comment must be rated important three times before it is marked as important.

  • Searching all discussions and within a discussion. These functions are routed to the search provider. Users can also search by rating in Advance Search.

  • Subscriptions. Authenticated users can choose to subscribe to a particular discussion by selecting the subscribe link. The request is handled by the SubscriptionProvider.

Administering the DiscussionProvider

You can create a DiscussionProvider channel and manage it from the portal server management console:

• To Create a Channel from DiscussionProvider

• To Delete a DiscussionProvider Channel

• To Configure a DiscussionProvider Channel

End users can configure the discussion channel using the channel edit page.

To Create a Channel from DiscussionProvider

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals.

4. From the Select DN drop-down menu, select any DN.

5. Select the container where you want to create the channel.

   The container Task and Properties are displays on the right panel.

6. Under Tasks, click New Channel or Container to launch the wizard.

   1. From the Select Portal drop-down menu, select a portal server.

   2. From the Select DN drop-down menu, select any DN.

   3. Under Type, select channel, and click Next.

   4. Under Channel Type, select Provider Channel, and click Next.

   5. From the Provider drop-down menu, select DiscussionProvider, and click Next.

   6. Type a name for the channel in the text box, and click Next.

   7. Review the channel information, and click Finish.

   8. Click Close.

   The channel based on DiscussionProvider is created.

To Delete a DiscussionProvider Channel

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals.

4. From the Select DN drop-down menu, choose the DN where the DiscussionProvider channel resides.

   ---

   Tip –

   Select DP XML Tree as the View Type from the drop-down menu for a listing of all the channels and containers under DP_ROOT.

   ---

5. Select the container where the channel resides.

   The container Tasks and Properties page displays.

6. Click Select Channel or Container to delete.

7. Select the DiscussionProvider channel.

8. Click Delete.

To Configure a DiscussionProvider Channel

1. Log in to the Portal Server management console.

2. Select the Portals tab.

3. Select a portal server under Portals.

4. Choose DN organization where the DiscussionProvider channel resides from Select DN drop-down menu.

   ---

   Tip –

   Select DP XML Tree as the View Type from the drop-down menu for a listing of all the channels and containers under DP_ROOT.

   ---

5. Select the DiscussionProvider channel you want to configure.

   For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference.

DiscussionLite Channel

The DiscussionLite channel displays the top 20 recent discussion titles and the date. Discussions are sorted by creation date (last modified), and the newest discussion is displayed first. Titles can be reconfigured.

The DiscussionLite channel view has links for:

• Viewing each discussion.

• Viewing all discussions that target the Discussions Channel.

• Starting a discussion.

By default, the channel is displayed in a single container, and all links are brought up in a JSPDynamicSingleContainer.

Properties can be configured from the management console. By default, the end user cannot edit properties of this channel.

Chapter 10 Managing the Portal Server Single Sign-On Adapter

This chapter describes how to configure the single sign-on (SSO) adapter in order to adjust options available to end users. This chapter contains the following sections:

• Overview of the Single Sign-On Adapter

• Managing Meta-Adapters

• Managing Adapters

• Creating Anonymous Users

Overview of the Single Sign-On Adapter

The single sign-on adapter service allows end users to use applications, such as a portal server provider or any other web application, to gain authenticated access to various resource servers after signing in once. The resource servers that can be accessed depend on the implementations of the SSO Adapter interface that are available in the system.

Portal Server provides SSO Adapters for the following resource servers: Address Book, Calendar, and Mail. Single Sign-On for the Instant Messaging channel is not achieved through SSO Adapter but through the use of the Sun Java System Portal Server authentication method. For information on this method, see the authMethod property in Instant Messaging Channel . The Address Book, Calendar, and Mail services are available through the products:

• Sun Java System Calendar Server 5.1.1, 6.0, 6 2006Q2

• Sun Java System Sun Java System Messaging Server 5.2, 6.0, 6 2006Q2

Resource servers are typically accessed by an application using a standard application programming interface (API), such as the JavaMail^TM API for accessing a mail server. To create an authenticated connection using the API, the API must be provided the configuration data for the connection. The purpose of the SSO Adapter is to provide this configuration data, and the SSO Adapter service is used to store that data.

The SSO Adapter service defines two levels of data, meta-adapters and adapters. A meta-adapter defines a class of connections that are going to be made available to users. A single meta-adapter is used by many users. It defines data values that are the same for all users that use the meta-adapter including default values and identification of what values can be edited by a user. Therefore, meta-adapters are defined at a global service level.

An adapter builds upon a meta-adapter by providing data values that are specific to an organization, role, or user. An adapter references a meta-adapter, and takes data values from the meta-adapter for those properties that are not editable by the user. When an end user changes the user-editable properties of an adapter, that adapter would then apply only to that one user.

A Sun Java System Sun Java System Portal Server communication channel that uses the SSO Adapter service references either a meta-adapter or an adapter to get data values needed to obtain a connection to a resource server. If the channel references a meta-adapter, and the user saves configuration information, the reference is changed to refer to an adapter instead. The adapter then references the meta-adapter.

All administration for the SSO Adapter is done either through the Portal Server console web application or the psadmin command-line interface. The default deployment URI for Portal Server console is /psconsole. The default location for the psadmin CLI is /opt/SUNWportal/bin for Solaris.

Managing Meta-Adapters

A meta-adapter defines a class of connections that are going to be made available to users. A single meta-adapter is used by many users.

You can perform the following tasks using meta-adapters:

• To View Meta-Adapters

• To Create a Meta-Adapter

• To View Adapters

To View Meta-Adapters

1. Log in to the Portal Server management console.

2. Select the SSO Adapter tab.

   The list of meta-adapters is shown in the table.

Equivalent psadmin Command

psadmin list-ssoadapters

To Create a Meta-Adapter

1. Log in to the Portal Server management console.

2. Select the SSO Adapter tab.

3. From List of Meta-Adapters click New Meta—Adapter to launch the wizard.

4. Follow the instructions and then click OK to create the specified Meta-Adapter.

Equivalent psadmin Command

psadmin create-ssoadapter-template

To View Adapters

1. Log in to the Portal Server management console.

2. Select the SSO Adapter tab.

   • To view adapter for a DN, click View Adapter for Locations.

     1. From the Select DN drop-down menu, choose any DN.

        The adapters for selected DN are listed.

   • To view adapters for a meta—adapter, select a meta-adapter under List of Meta-Adapters.

     1. Click View Adapters for Selected Meta-adapter.

Equivalent psadmin Command

psadmin list-ssoadapters

The only list of adapters allowed by the CLI is by DN.

Managing Adapters

An adapter builds upon a meta-adapter by providing data values that are specific to an organization, role, or user. An adapter references a meta-adapter, and takes data values from the meta-adapter for those properties that are not editable by the user. When an end user changes the user-editable properties of an adapter, that adapter would then apply only to that one user.

You can perform the following tasks using SSO Adapter configurations:

• To Create an Adapter

• To Edit an Adapter Configuration Property

To Create an Adapter

1. Log in to the Portal Server management console.

2. Select the SSO Adapter tab.

3. Select a meta-adapter under List of Meta-adapters.

4. Click View Adapters for Selected Meta-adapter.

5. Click New Adapter.

   The New adapter page appears.

6. Provide the configuration attributes as necessary.

7. Click OK.

Equivalent psadmin Command

create-ssoadapter-config

To Edit an Adapter Configuration Property

1. Log in to the Portal Server management console.

2. Select the SSO Adapter tab.

3. Click View Adapters for Locations.

4. From the Select DN drop-down menu, choose any DN.

   The list of Adapters appears.

5. Select an adapter and modify the configuration attributes as necessary.

6. Click OK.

Equivalent psadmin Command

psadmin set-ssoadapter-property

Creating Anonymous Users

Without logging in, end users have access to any read-only communication channels that administrators have configured. However, end users are usually prevented from editing these channels.

To Create a List of Anonymous Users

1. Log in to the Portal Server management console.

2. Select the SSO Adapter tab.

3. From SSO Adapter Tasks, click Edit list of users allowed to access SSO Adapters without authentication.

4. From User locations, click Add Users.

5. From Users Found table, choose users.

6. Click Add Selected Users.

   ---

   Note –

   The Anonymous Users function is available only through Portal Server management console.

   ---