Chapter 6, Managing Portal Server End-User Behavior Tracking
Chapter 10, Managing the Portal Server Single Sign-On Adapter
Portal Server administrators manage a variety of functions, including tasks for the following:
Multiple portals and Portal Server instances
The Desktop
Search server
Secure Remote Access server
Single Sign-On (SSO) adapters
This chapter provides information about Portal Server components and the ways for managing a portal:
A Portal Server deployment has a number of components that affect portal administration. These components include the following:
Common agent container – a standalone Java program that implements a container for Java management applications. For more information, see Solaris 10 What's New.
Portal Administration Server – a management application that performs authentication and access control check for users accessing Portal Server MBeans. This server uses a JMXTM interface and is implemented as a common agent container module. A portal administration server instance runs on each host that the Portal Server product is installed.
Portal domain repository – a hierarchical data store that contains information about how Portal Server MBeans are organized. Some Portal Server MBeans also store configuration data in this repository. The default Portal domain repository is a subtree in the same LDAP server that Access Manager uses.
On stand-alone Gateway installations, communicating with the LDAP server from the Gateway is prohibited. An additional Portal domain repository on the Gateway file system is used to contain only local Gateway MBeans information.
Portal data store – Back-end storage, such as a relational database management system (RDBMS) or LDAP server, or in the File System, for configuration data and other Portal Server resources that facilitate content delivery by a portal.
Portal Administrative MBeans – Loaded by Portal administration server in the common agent container server to perform portal administrative tasks.
Portal administration command-line interface (psadmin) – Provides administrative tools for various Portal Server components. For more information, see Using the psadmin Command-line Interface.
Portal management console (psconsole) – Provides a browser interface for administering various portal server resources. For more information, see Using the Portal Server Management Console.
Monitoring MBeans – Help capture Portal Server runtime resource information. For more information, see Chapter 7, Monitoring Portal Server Activity
Local File System Data – Portal data stored in the local file system. The data includes configuration files, provider-based templates and JSPTM syntax files, resource bundle files, and customized provider-based Java classes.
For more information about Portal Server components, see the Sun JavaTM System Portal Server 7.1 Deployment Planning Guide.
The Portal Server management console, which simplifies a variety of portal administration tasks, is a Java 2 Platform, Enterprise Edition (J2EETM) application that:
Is accessible through a web browser
Logs messages to a debug log according to configured debug level
Logs setting changes that include name and value pairs
Uses Java Management Extensions (JMX) technology to communicate with portal administrative MBeans in the Portal Administration Server to connect to the portal data store
The management console enables portal administrators to perform the following activities:
Manage the Desktop and content delivery
Track user behavior to help portal administrators diagnose, troubleshoot, and analyze issues related to end-user activities and how end users interact with various Portal Server components
Obtain runtime statistics about Portal Server's Desktop and Secure Remote Access components
Log information about Portal Server applications
The management console's user interface arranges administration functions into pages. Across the top of each page is a tab strip. The tabs present pages that group management functions in an organized manner. To navigate from page to page, administrators click a tab. The tabs provided are the following:
Common Tasks – Displays links that provide direct access to tasks that portal administrators frequently perform
Portals – Lists deployed portals by their portal IDs so that portal administrators can select a specific portal
Search Server – Lists names of specific search servers so that portal administrators can access pages for managing a specific search server
Secure Remote Access – Allows portal administrators to manage how remote users securely access a portal and its services over the Internet
SSO Adapter – Allows portal administrators to manage how end users gain authenticated access to applications after signing in once
Portal Server administrators can provide and limit access to content on a portal through the definitions of the identities of specific end users. You can set up portal pages, attributes and access policies so that portal content is available to specific entities. These entities include the following:
A specific organization
A specific suborganization
A role
An individual end-user
Only administrators with SuperAdmin permission can access the Portal Server management console. Users access the Portal Server management console using a browser client from a distinct uniform resource identifier (URI).
Type this URL in your browser: http://hostname:port/psconsole
The name of the system that the management console is running on.
The management console's port number assigned during installation.
In the text boxes, type the Admin User Name and Password.
The admin user should be a top-level administrator. A typical Admin User Name is amadmin.
Click the Log In button.
The management console's Common Tasks page is displayed.
Portal Server provides an administration tag library for developing administration portlets that enable a portal to be managed from the Desktop instead of from the management console. Administrators can use this tag library to do the following:
Modify out-of-the-box administration portlets
Develop portlets with new administration functionality
Support user management, provider management, and portlet and WSRP management tasks
Create and administer channels that are based on JSPProvider
Write custom administration portlets with a custom user interface
Write administrative portlets to manage any custom channel
Administrators can use administration portlets to grant delegated administration status to other users, called delegated administrators. Portal Server provides a sample set of administration portlets that can be used to design a basic Desktop for delegated administrators.
For more information, see Sun Java System Portal Server 7.1 Developer Sample Guide and Tag Library for Delegated Administration.
Portal Server software provides a command-line interface (CLI). The CLI allows portal administrators to do the following:
Perform administrative tasks by typing commands using the keyboard
Automate regularly recurring management tasks by incorporating them into scripts
The CLI offers a number of psadmin subcommands for managing portal tasks. These include subcommands for:
Managing multiple portals and portal instances
Deploying portal and portlet WAR files
Managing the search server
Managing Secure Remote Access server
Managing monitoring
Managing portal logging
Most subcommands commands are written specifically to mimic functions in the browser interface. For management functions that have no special commands, administrators use standard UNIX commands.
If you installed Portal Server on Sun Java System Web Server, you must start the Web Server administration server before you invoke psadmin commands.
For information about all psadmin subcommands, see the Sun Java System Portal Server 7.1 Command Line Reference.
This chapter explains multiple portals and how to manage a portal and Portal Server instances. The topics provided include the following:
Multiple portals share the same user set. The features of multiple portals include the following:
A portal is identified by a URL. For example: http://hr.xyz.com/portal or http://eng.xyz.com/portal
Multiple portals share the same user repository — the same Access Manager and the Directory server. You use Access Manager to manage end users, and you do not need to synchronize end-user data in LDAP with any other repository. All related data related to end users resides in only one directory server.
You can deploy multiple portals and Portal Server instances on one or more hosts. For example, one host may have two portal server instances serving content for one portal and three Portal Server instances serving another portal. Each Portal Server instance must run inside a different web container instance.
All portals share these components:
Rewriter - Although this component is shared, you can define a different rule set for each portal.
SSO Adapter - Although this component is shared, you can define a different adapter for each portal.
All Secure Remote Access services
The following components have a one-to-one relationship with portals:
Desktop - Each portal has an independent Desktop.
Subscriptions - This is configured differently per portal.
WSRP - Producer and Consumer - Independent set of Producers and Configured Producers for each portal.
Search can have a many-to-many relationship with portals:
One portal can use one search server.
Many portals can use a single search server.
Each portal can use more than one search server.
End users see different content for different portals and can customize the each portal's Desktop. Single sign-on between portals is possible. An end user who has access to two portals at a corporation would typically experience the following sequence:
Types in a URL for Portal One and authenticates using the corporate identify.
Views personalized content on Portal One.
Types in a URL for Portal Two without needing to provide authentication.
Views personalized content on Portal Two.
Portals that use different Access Managers are not multiple portals. They are independent and unrelated portals, each with its own set of users.
Access Manger can be a collection of its own instances, all using the same set of Directory Server instances. Different Access Managers are two unrelated Access Managers, not different instances of the same Access Manager.
A portal consists of one or more portal server instances that deliver the same content and are mapped to a single Uniform Resource Locator (URL). The content and services delivered by a portal are common to all its instances.
Multiple portals share the same user set. These portals can be deployed on one or more hosts, but they all share the same user repository — the same Access Manager and the Directory server.
Portals that use different Access Managers are not multiple portals. They are independent and unrelated portals, each with its own set of users.
Access Manger can be a collection of its own instances, all using the same set of Directory Server instances. Different Access Managers are two unrelated Access Managers, not different instances of the same Access Manager.
This section explains how to complete the following tasks:
You can view a list of Portal Servers that are already set up.
During Portal Server installation, a default portal named portal1 is created. You can also create a new portal server using the Create Portal wizard.
Select the Portals tab.
Click the New Portal button to launch the wizard.
Provide a unique name for the Portal Server, for example, portal5.
Type a URI that enables end users to access the Portal Server, for example, /portal.
Select a web container type.
The available types are the following:
Sun JavaTM System Web Server 6.0
Sun Java System Web Server 7.x
Sun Java System Application Server 8.x
BEA WebLogic 8.1SP4/SP5
IBM WebSphere 5.1.1.6
(Optional) Change the default web container instance properties.
For information, see Creating a New Portal in Sun Java System Portal Server 7.1 Configuration Guide.
Verify the information you supplied.
Click Finish to create the new portal.
(Optional) View the log file to monitor the process.
Templates for webcontainer.properties for supported web containers are in the portal-install-dir/template directory.
You can delete all existing instances of a portal on all hosts and clean up the portal's data in the Access Manager LDAP directory.
Select the Portals tab.
From the list of portals, select the portal you want to remove, and click the Delete Portal button.
You can archive the following portal data in a par file:
Data stored in the Access Manager directory
Desktop file system files, located by default in the /var/opt/SUNWportal/portals/portal-id/desktop directory
Desktop customized classes, located by default in the /var/opt/SUNWportal/portals/portal-id/desktop/classes directory
Portal Server web applications, located by default in the /var/opt/SUNWportal/portals/portal-id/war directory
Portal Server web source data, located by default in the /var/opt/SUNWportal/portals/portal-id/web-src directory
After you archive data, you can import the data to the same portal or to a different portal. To export a portal from psconsole:
Select the Portals tab.
Select a portal from the table.
Click the Export button.
Specify the par file location on the Portal Server machine and what you want to export:
All Desktop data — the exported par includes file system data and display profile data
File system data only — the exported par file includes only the desktop file system data, which is data deployed into the portal desktop and portal web-src
Display profile data only — the exported par includes only display profile data
This command does not support user data in the Directory Server.
You can import into any portal any portal data that you previously exported.
Select the Portals tab.
Select a portal from the table.
The Import Desktop Data page appears.
Click the Import button and specify the following:
Redeploy the portal web applications.
Schedule a time to run the psadmin redeploy command.
Plan to do this step off hours or in system maintenance mode, when your system is not in production. This action redeploys the portal war file, and it logs out users who are running a Desktop, causing them to lose their work.
Run the psadmin redeploy command.
psadmin redeploy -u amadmin -f passwordfile -p portalID --allwebapps
This command does not support user data in the Directory Server.
A Portal Server instance is a web application deployed to a web container. An instance uses a particular Portal Server context URI to serve requests on a specific network port. Each Portal Server instance is associated with a single Portal.
A server instance listens on a particular port, bound to either one IP address or any IP address of the host. For the Portal Server, a server instance corresponds to a deployment container process listening on a port and running a single Java™ Virtual Machine (JVM™ software).
Sun Java™ System Web Server and Sun Java™ System Application Server support multiple instances.
This section explains how to complete the following tasks:
You can view a list of Portal Server instances that are already set up.
Select the Portals tab.
Click the name of Portal Server from the table.
Select the Server Instances tab.
The table displays all the instances of the Portal Server you selected.
Create a new instance for an existing Portal Server on your web container instance.
Start the web container instance.
Start the administration server of the web container.
Select the Portals tab.
Select the name of a Portal Server.
Select the Server Instances tab.
Click on the New Instance button to launch the wizard.
Provide the name of the portal identifier.
Select a web container type.
The available types are the following:
Sun Java System Web Server 7
Sun Java System Application Server 8.2
BEA WebLogic 8.1SP4
IBM WebSphere 5.1.1.6
(Optional) Change the default web container instance properties.
For information, see Creating a Portal on the Same Node in Sun Java System Portal Server 7.1 Configuration Guide.
Verify the information you supplied, and click Finish to create the new portal instance.
A progress bar displays the status of this procedure. When the procedure is complete, a results page is provided.
Click Finish to create your new portal instance.
You can delete an instance of a Portal Server.
Select the Portals tab.
Select the name of a Portal Server.
Select the Server Instances tab.
From the table, select the instance you want to remove.
Click Delete Instance button.
Portal Server administrators can provide and limit access to content on a portal through the definitions of the identities of specific end users. You can set up portal pages, attributes and access policies so that portal content is available to specific entities. These entities include the following:
A specific organization
A specific suborganization
A role
An individual end-user
To manage organizations, roles, and end-users, Portal Server administrators must use both the Portal Server management console and the Sun JavaTM System Access Manager console. This chapter explains how Portal Server administrators can do this using Access Manager. This chapter provides the following topics:
This chapter explains how to use Access Manager that is installed and configured to support Legacy Mode. For information about Legacy Mode and Realm Mode, see the Sun Java System Access Manager Administration Guide
Portal Server uses Sun Java System Access Manager services to manage attributes that are specific to Portal Server end users and applications. You must use the Access Manager console to manage tasks related to identity.
To control who has access to a portal site, Portal Server administrators must use the following tools:
The Portal Server management console is a browser interface that allows administrators to manage the following:
Portals and portal instances
Search
Remote access
Single sign-on
Display profile documents
Containers and channels
The Sun Java System Access Manager console is a browser interface that allows administrators with different levels of access to do the following:
Create and remove realms and organizations
Create and delete users to and from those organizations
Manage services
Set up enforcement policies that protect and limit access to organization resources
Portal Server administrators must use Access Manager to perform the following tasks:
Manage identity-based objects, including users, roles, and organizations, to administer and assign appropriate access to users according to roles they have within organizations or suborganizations
Delegate administrative functions to specific end users by authorizing the end users to administer organizations, suborganizations, users, policy, roles, and channels
Access Manager uses the lightweight directory access protocol (LDAP).
For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.
New organizations inherit services that are registered at the top-level Access Manager organization. Typical services that new organizations inherit include the following:
Access Manager Configuration
Authentication Configuration
Authentication Modules
Core
LDAP
Policy configuration
New organizations use LDAP authentication, and LDAP service settings are inherited from the corresponding global service.
For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.
Log in to the Access Manager console.
For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.
Under Identity Management, select Organizations from the View menu.
Click New to create a new organization.
Specify the organization attributes.
For example:
TestOrganization
TestOrganization
Click OK.
Type this URL in your browser:
http://host:port/amserver/UI/Login?org=organizationalias
The name of the system that the console is running on.
The console's port number assigned during installation.
The value assigned to the Organization Alias attribute field.
Before the Portal is accessible, you must add several services to an organization. The services that you must add to the organization include the following:
Portal Server configuration
portalID Desktop
portalID Subscriptions
SSO Adapter
portalID WSRP Consumer
Mobile Application configuration
Mobile Address Book
Mobile Calendar
Mobile Mail
Optional services that you can add include the following:
Portal requires several services to be added to an organization before the Portal Server is accessible to the organization. After you add Portal services to the organization, use the Portal Server management console to administer Portal Server settings.
Log in to the Access Manager console.
For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.
Under Identity Management, select Organizations from the View menu.
Click your organization.
For example: TestOrganization
In the View menu for the organization, select Services.
Click Add.
Select the following services, if they are available in your deployment:
Click OK.
After you add all of the Portal services to an organization, you must use the Access Manager console to add the services to newly created end-users so that they can access the Portal Desktop and whatever Portal services they need.
The Access Manager Administration service allows you to specify which services are dynamically added to end-user entries when they are created. If your Portal deployment allows users to be created, such as a "Sign-Me Up" feature, specify the Required Services setting in the Access Manager console for your organization.
Add Portal services to the organization. See Adding Portal Services to Organizations.
Log in to the Access Manager console.
For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.
Add the Administration Service.
Specify the setting for Administration Service Required Services.
This setting specifies whether to assign all services in the required services list to a new end user.
Log out of the Access Manager console.
Portal Server uses Access Manager services to store application and user-specific attributes. To enable you to administer portal-related functions for an LDAP directory node (DN), the Portal Server management console provides details about the DN in a location bar, a horizontal strip below the row of tabs.
The location bar enables you to do the following:
Identify the currently selected node
View up to 10 organization DNs
Change to another directory name
A directory name can be a organization, role, or user name.
The location bar provides the following functions:
Select DN – Use this drop-down menu to display the following directory node types:
Default organizations defined when Portal Server was installed.
Nodes that administrators set up using the Add DNs button.
Selected DN – Identifies which DN is currently chosen.
Enter DN – Enables you to go to any DN that is already defined by typing in its full name.
You can select a new DN without adding it to the location bar.
Select the Add button next to the location bar.
Select the name of the DN using one of the following methods:
Click the Set Current DN button.
The window closes, and the Selected DN field displays the new directory node. The directory node is not added to the location bar selections.
When you add a directory node to the location bar menu, it is stored as a cookie so that the directory node is available in the same browser across sessions.
Select the name of the DN using one of the following methods:
Select the name of the directory node.
(Optional) Edit the short name field to change the name that the directory node in the drop-down menu displays.
Click the Add button.
The directory node is added to the Select DN menu.
You can delete a directory node from the drop-down list displayed in the location bar. The directory node itself is not removed. To remove a directory name from the LDAP database, you must use Access Manager.
You cannot remove default organizations that were defined during installation.
From the Select DN drop-down menu, select the DN that you want to delete.
Click the Delete button next to the Select DN drop-down menu button.
The selected directory node is removed.
This chapter describes the Sun JavaTM System Portal Server Desktop and how to manage it.
This section describes the key components of Portal Server desktop. The following topics are discussed:
While installing Portal Server, you create an initial organization. The installer then imports the display profile global level document, and the default organization display profile, based on the input parameters you specify.
After that, each time you create a new organization, suborganization, or role, the display profile is not automatically loaded. However, the new organization, suborganization, or role inherits the display profile defined from its parent. If there are specific entries to the newly created organization, suborganization, or role, you must manually load the display profile.
The display profile creates the display configuration for the standard Desktop by defining the following three items:
Specifies the name and the Java class for the provider. A provider is a template used to generate content, which is displayed in the channel.
Specifies the run time configuration of an instance of the provider class. A channel is a unit of content, often arranged in rows and columns. You can also have channels of channels, called container channels.
Specify the values for provider and channel properties. Properties defined in a provider usually specify default values for the channels that are derived from the provider. The display configurations for the channels include properties such as the title, description, channel width, and so on. The properties defined in the channel usually specify the specific value for that channel that is different from the default value.
Container properties define the display definition about how to display the contained channels in the container, including: the layout of the container (thin-wide, wide-thin, or thin-wide-thin); a list of the contained channels; the position of the channel (the row and column number); and the window state of the contained channels (minimized or detached).
The display profile exists only to provide property values for channels. It does not actually define the overall layout or organization of what users see on their Desktops. However, the display profile does indirectly control some aspects of channel presentation, such as column layout for a table container or how the table container draws channels in a table.
The system reports errors when you try to save a display profile document containing invalid XML. The error messages appear as a title, a message, and a sub-message. The title of the message box is “Invalid XML document.” The message appears as one of the following:
Failed to parse XML...
Missing doctype in the XML
Failed to sore DP...
Invalid XML input...
If you receive an “Invalid XML document” error, you must correct the error to be able to save the XML document.
The display document syntax is as follows:
<?xml version="1.0" encoding="utf-8" standalone="no"?> <DOCTYPE DisplayProfile SYSTEM " jar://resources/psdp.dtd"> <DisplayProfile version="1.0" priority="xxx"> <Properties> ... </Properties> </Channels> ... </Channels> <Providers> ... </Providers> </DisplayProfile> |
The Desktop merges all documents in a user's display profile merger set and uses the result to configure the user's desktop. A display profile merger set consists of all the display profile documents associated with a user. Display profiles are defined at different levels in the Portal Server organization tree. Display profile documents from the various levels of the tree are merged or combined to create the user's display profile.
For example, the user's display profile document is merged with the role display profile documents (if any), the organization's display profile document, and the global display profile document to form the user's display profile.
The Desktop display profile and other configuration data are defined as service attributes such as parent container, desktop type and edit container of the portal Desktop service under the Sun Java System Access Manager service management framework. When an organization adds for the Portal Desktop service from the Sun Java System Access Manager management console, all users within the organization inherit the Portal Desktop service attributes in their user profiles. These attributes are queried by the Portal Desktop to determine how information will be aggregated and presented in the Portal Desktop.
See Managing Desktop Attributes
This section discusses how to manage the desktop content. For more information on the desktop, see Understanding the Standard Desktop in Sun Java System Portal Server 7 Technical Overview.
This section describes how to deploy and undeploy portlets, and how to modify portlet preferences.
Portlets are web applications that process requests and generate content within the context of a portal. Portlets are managed by the Portlet Container (an implementation of the Portlet Specification as defined by the JSR 168 Expert Group).
A portlet can only be deployed on a selected DN node once. If a portlet has already been deployed on the same DN node, you should undeploy the portlet and deploy it. If your require a portlet to be on multiple sub organizations or roles, then deploy the portlet on the portal global DN or the parent organization.
Select the Portals tab.
Select a portal server from Portals.
From the Select DN drop-down menu, select any DN.
Click Deploy Portlet to start the wizard.
Ensure the selected portal and selected DN are the ones where you want to deploy the portlet, and click Next.
Specify a portlet war file, the roles file, and the users file.
The roles file and the users files are optional. The war file, the roles file, and the users file can be located either on the local machine, or on the remote portal server system.
Select the button for either the local system or the remote portal server system.
Verify the information provided, and click Next.
An information page appears when the portlet is deployed.
Follow the instructions to deploy a portlet.
Select the Portals tab.
Select a portal server from Portals.
From the Select DN drop-down menu, select any DN.
Click Undeploy Portlet to launch the wizard.
Modify the configuration attributes as necessary.
Click Undeploy to record the changes.
Click the Common Tasks tab, then Manage Channel and Containers from the submenu.
Select a portal and the DN where the portlet is deployed.
The navigation tree with available channels and portlets is displayed.
From the navigation tree on the left frame, select the portlet channel.
The preferences table and properties table is displayed on the right frame.
In the preferences table, click Edit Values link of a preference you want to modify.
In the preferences wizard, type the new value in the text field, and click OK.
When you done with modifying preferences, click Save.
Click Close.
This section describes how to manage portal server channels and containers from the management console.
The following topics are discussed:
The desktop for a user is rendered by starting a desktop parent container. You can customize the parent container attribute at every organization, role and user DNs. The content for a desktop at a particular DN is provided by iterating the child containers and channels that selected to be to be displayed inside the desktop parent container.
Usually, the desktop parent container contains a few tab or table containers. Each tab container under the list of selected nodes of the parent container will display a tab on the user desktop. The channels that appear under the tab are the channels inside the tab container.
The bottom left frame of the Channels and Container Management in the portal management console has two components:
View Type menu
Channels and Container tree
Items in the View Type menu and the nodes displayed in the tree are dependent on content of the merged Display Profile XML.
The tree contains container and channel nodes. There are three types of channels that deliver content to the desktop:
Provider (native) channels
Portlet channels
Remote portlet channels
You can click on any of the node links in the tree to display properties and actions on the right frame.
There are two types of items in the View Type menu:
Display Profile XML Tree
Desktop Views
See To View Display Profile XML Tree and Desktop Views
The tree displays a complete set of channels and containers in the merged Display Profile (DP) XML. The root element in the DP XML Tree is DP_ROOT, which is the parent of all the channels and containers of the display profile. You can create a channel directly under DP_ROOT, or in a container under DP_ROOT.
The nodes listed under the DP XML Tree is not always displayed on the desktop. Some nodes in the display profile are never referenced or included in the hierarchy of the desktop container.
For example, the desktop default container JSPTabContainer has two containers, tab1 and tab2. If tab1 contains ch1 and ch2, and tab2contains ch3 and ch4, then there are five channels defined in the DP XML Tree. The DP XML Tree references ch1 to ch4 in the container hierarchy, but ch5 is not. So, only ch1 to ch4 will display on the desktop.
Desktop views are top level containers available in the merged display profile. You can set each desktop views as the parent container for the desktop at the DN. When you select a desktop view, the tree provides a visual hierarchy of the channels and containers that has a role in rendering content to the desktop.
Channels and containers displayed under the desktop views have two states:
Selected and visible on the desktop
Available for selection
In this state, channels and containers icons are displayed in grey color.
You can change the state of channels and containers in a desktop view by clicking the task link on the right frame. To display a tool tip about the state, place the mouse over a container or channel icon. The tool tip also displays the fully qualified name of the node.
Select the Portals tab.
Select a portal server under Portals, then any DN from the Select DN drop-down menu.
Under Tasks, click Manage Containers and Channels.
From the View Type drop-down menu select DP XML Tree or a Desktop View.
This section discusses the properties of channels and containers, and how to modify them.
You can perform the following tasks:
The properties displayed when you click on the node in the tree are top level properties or channel level properties. These properties are defined at the provider level and you can customize these properties for a channel. However, new properties added to a channel cannot be added to the provider. This is the reason you cannot add new properties at the channel level.
The properties table displays client type and locale. There is no column to show the type of the property, however, the following convention is followed:
Value column has a wide text field for a maximum of 30 characters.
Value column has a narrow text field for a maximum of 5 characters.
Value is a radio button.
Name is a link.
Value column has an Edit Values link. Clicking this link opens a wizard to add and remove values.
The name is a link showing Edit Values link. Name and value pairs may be added to an empty collection to behave like a map, and the Edit Values disappears. If values are added to an empty collection using Edit Values wizard, the collection behaves as a List and the name link disappears.
In addition to the Name and Value columns, the properties table has two more columns:
Displays if the property is advanced or basic. The advanced properties generally are for experienced administrators.
Any property may be in three possible states:
Default – Value assigned at the provider.
Inherited – Values modified at some level above. For example, if the current node is a role, then the property may have been customized at the organization of the role. This organization may be the parent organization, or parent of the parent organization. When the property is inherited it is a link. Clicking this link shows all the possible parent nodes in the hierarchy from where this property was inherited from.
Customized – Value defined at this node.
There are buttons in the properties table:
Removes values defined at this node from the display profile. This may result in properties to be inherited from some parent in the hierarchy if the properties are customized there. If the value has not been customized anywhere in the hierarchy, the value defined at the provider is displayed and the state will show as Default.
Saves additions, deletions, and changes of value.
Ignores changes and resets values to last saved state from the data store.
Clears all sorts.
Table may be sorted by clicking on any column title. When you click the Name button first to sort by name, a + appears next to the Category and State buttons. Click the + to apply the next sort criteria.
Sets the table preferences.
Unless modified, the client type and locale are set to default.
From the New Property wizard you can edit the values and save. You can also add new name and value pairs.
Select the Portals tab.
Select a portal from Portals.
From Select DN drop-down menu, select any DN.
Under Task, click Manage Channels and Containers.
Select a container in the tree on left frame to display Edit Properties page on the right frame.
Click the New Property button to launch the wizard.
Select the property type, and click Next.
Type a Name, select a Value, and specify if the property is advanced or not.
Collection property behaves like a map when it contains name and value pairs. Property of type Collection can be nested. The property path above the table will change to display the current nesting and you can navigate back.
Any trailing values are optional. For example, the value may be en or en_US, but cannot be US only. The standard Java format for specifying a locale is followed.
Click Finish to create the property.
Click Close to display the new property in the table.
Collection property behaves like a List when it contains only values.
Select the Portals tab.
Select a portal from Portals.
From Select DN drop-down menu, select any DN.
Under Task, click Manage Channels and Containers.
Select a container in the tree on left frame to display Edit Properties page on the right frame.
Click the Edit Values link of a property to launch the wizard.
Make your changes.
Click Close.
The edit properties page will update number of values in the list.
Select the Portals tab.
Select a portal from Portals.
From Select DN drop-down menu, select any DN.
Under Task, click Manage Channels and Containers.
Select a channel or container in the tree on left frame to display Edit Properties page on the right frame.
Change the properties, and click Save.
This section discusses how to create and delete channels and containers from the portal management console.
Select the Portals tab.
Select a portal from Portals.
From Select DN drop-down menu, select any DN.
Under Task, click Manage Channels and Containers.
Select a container in the tree on left frame to display Edit Properties page on the right frame.
Under Tasks, click New Channel or Container to launch the wizard.
In the wizard, ensure that the selected portal and selected DN is where you want to create the channel or container and click Next.
Create a container or channel from the wizard.
To create a container, perform the following steps:
To create a channel, perform the following steps:
Select a channel type.
Select a channel from the following three types:
If you select Provider Channel, a list of provider channels are displayed.
If you select JSR 168 Portlet Channel, a list of portlet channels are displayed.
If you select WSRP Remote Portlet Channel, select the registered producer and the remote portlet from the drop-down menu.
Type a name in the Channel or Container Name text field, and click Next.
Review your selections, and click Finish.
A message confirms the creation of the channel.
Click Close.
Select the Portals tab.
Select a portal from Portals.
From Select DN drop-down menu, select any DN.
Under Tasks, click Manage Channels and Containers.
Select a container in the tree on left frame to display Edit Properties page on the right frame.
Under Tasks, click Select Channels or Containers to Delete.
Under Type, select Channel or Container.
Available channels and containers are displayed.
Select a channel or container, and click Delete.
This section describes how to create a tab form the portal server management console.
Select the Portals tab.
Select a portal from Portals.
From Select DN drop-down menu, select ay DN.
Under Tasks, click Manage Channels and Containers.
From the tree on the left frame, select a tab container.
Under Tasks in the right frame, click New Tab to launch the wizard.
This section discusses how to display channels and containers on the end-user Desktop. Channels and containers can also be made available on the content page so that the end user can select them to display on the Desktop.
Select the Portals tab.
Select a portal from Portals.
Under Tasks, click Manage Containers and Channels.
Select a container in the tree on left frame to display Edit Properties page on the right frame.
Under Tasks, click Show or Hide Channels and Containers on Portal Desktop.
Under Ready For Use, select a channel or container.
Using the Add button, move the channels to appear on the Content Page or Portal Desktop.
Click Save.
This section discusses how to manage Desktop attributes. For more information, see Understanding Desktop Attributes.
Desktop attributes for the top level organization is different from different levels of the organization tree. You can change the location bar to TopLevel to see global Desktop attributes, and then select other distinguished names for organization or role Desktop attributes.
Select the Portals tab.
Select a portal server under Portals, then Desktop.
From the Select DN drop-down menu, select any DN.
Modify the configuration attributes as necessary under Desktop Attributes.
The following options are available:
Sets the conflict resolution level for the Desktop service template used to resolve conflicts when multiple Desktop templates are merged. This attribute applies only to Organizations and Roles and doesn't apply to Users and Global DN.
Identifies which default container is rendered when the Desktop is called with an unspecified provider. The value for the Parent Container can be one of the containers which is defined as a TopLevelContainer that can draw a header and footer on the portal page. A container is a Top Level container if the display profile property TopLevel is set to true.
Specifies which default edit container to use to wrap the content when one is not specified in the URL. This container will be used by the parent container to draw the edit pages when the edit link is clicked on the channel title bar.
The comma separated list used by the Desktop lookup operation when searching for templates and JSPs. The lookup starts at the first element in the list and each element represents a sub directory under the Desktop template base directory. e.g., "sampleportal,foo" in which case the lookup would be sampleportal directory, foo directory, default directory in that order.
Specifies whether the Desktop attributes are displayed to the users associated with the role. This dynamic attribute is mainly used for role-based delegated administration in administration tag library. This attribute enabled to show, allows the delegated administrators to administer channels/containers inherited from the parent organizations. This attribute applies only to Organizations and Roles.
Sets the priority of the display profile document. Display profile documents are merged from low priority to high priority. A lower number represents a lower priority. For example, a 1 is a lower priority than a 2. High priority documents override values set in lower priority documents using merge semantics (unless a lower priority document has locked the object for merging).
The display profile priority is not stored as Desktop service attribute.
The following attributes apply only to Global (top level) DN.
Enables the validation for XML parsing.
Enables Identity Federation so that a user can associate, connect or bind multiple internet service providers, local identities, enabling them to have one network identity.
Specifies the unique identifier of the host that provides the network identity of a user.
Specifies the session reap interval in seconds.
Specifies the idle time in seconds after which the session is terminated.
Specifies the maximum number of client sessions allowed at any given time.
When enabled, allows anonymous Desktop for the selected portal.
Prevents users with a network identity on a hosted provided to access the portal Desktop by providing a user name and password.
List of User IDs authorized to access the Desktop without authenticating.
Click Save to record the changes.
Otherwise, click Reset to undo any edits.
To modify global attributes, Change the DN in the location bar drop-down to TopLevel.
This section describes how to manage the Sun Java System Portal Server display profile. For more information, see Understanding the Display Profile.
You can perform the following tasks from the portal management console:
You can download the display profile to a file.
Select the Portals tab.
Select a portal server under Portals.
From Select DN drop-down menu, select any DN.
Click Download Display Profile under Tasks.
The browser's download window pops up.
Select a location and Click Save.
This step may vary from browser to browser.
You can upload the display profile to a file.
Select the Portals tab.
Select a portal server under Portals.
From Select DN drop-down menu, select any DN.
Click Upload Display Profile under Tasks.
Choose a display profile file to upload using the Browse button.
The file should be located on local machine based on the user's browser settings.
Click Upload.
Select the Portals tab.
Select a portal server under Portals.
From Select DN drop-down menu, select any DN.
Click Remove Display Profile under Tasks.
Click OK in the warning dialog box to confirm deletion.
Sun JavaTM System Portal Server supports Web Services for Remote Portlets (WSRP). This chapter presents guidelines and best practices for using WSRP. This chapter contains the following sections:
WSRP 1.0 is an OASIS standard that simplifies integration of remote applications and content into portals. The WSRP standard defines presentation-oriented, interactive web services with a common, well-defined interface and protocol for processing user interactions and for providing presentation fragments suited for mediation and aggregation by portals as well as conventions for publishing, finding and binding such services.
Because the WSRP interfaces are common and well-defined, all web services that implement the WSRP standard plug into all WSRP compliant portals – a single, service-independent adapter on the portal side is sufficient to integrate any WSRP service. As a result, WSRP is the means for content and application providers to provide their services to organizations running portals with no programming effort required.
See the WSRP 1.0 standard for more information:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsrp
The implementation of the WSRP 1.0 standard in Portal Server includes both the WSRP consumer and the WSRP producer. The WSRP producer implementation supports publishing JSR 168 portlets for use by a remote WSRP consumer. The JSR 168 portlets are deployed locally on a portal server. These portlets can be published by an instance of the WSRP producer.
Another portal server, through its WSRP consumer, can subscribe to these remote portlets. While local portlets can be expected to provide a large part of the base functionality for portals, remote portlets allow the potential to bind to a variety of remote portlets without installation effort or code running locally on the consuming portal server.
This section discusses the following topics:
Create a producer if you want to offer locally deployed portlets remotely to other portals that act as WSRP consumers. A portal can host multiple producers. The consumer can import remote portlets offered by a producer. Based on the portlets that you want to provide to WSRP consumers, you may create one or more producers. A producer can support registration or it does not require registration. If a producer supports registration, then consumers must register to work with the producer.
Registration is used to build a technical or business relationship between the consumer and the producer. While creating a producer, you can define any one of the following registration mechanisms: in-band registration or out-of-band registration:
If the producer requires registration and enabled in-band registration: the consumer can provide the details through WSRP interface and register with the producer. Consumer is also provided an option to register through out-of-band communication. That is, consumer can provide the registration handle obtained through out-of-band communication.
If the producer requires registration and enabled out-of-band registration: the consumer should obtain the registration handle through out-of-band communication and provide the registration handle during registration. Out-of-band registration happens with manual intervention such as phone calls, email, and so on. For a producer that supports out-of-band registration, the producer gets the details about the consumer through out-of-band communication, and it creates a registration handle for the consumer. The registration handle is communicated to the consumer through out-of-band communication.
Select the Portals tab.
Select a portal server from Portals.
Click the WSRP tab.
From the Select DN drop-down menu select any DN, and click the Producer tab.
The WSRP Producers table displays all producers that are created.
Organizations are created in Sun Java System Identity Server. Select the DN of an organization or suborganization based on the availability of portlets.
Click New to create a new producer.
Type the name to identify the producer.
Select Required for Registration.
Select Supported for Inband Registration if you wish the consumer to enter the details, while adding the configured producer, using Sun Java System Portal Server application interface.
To add a registration property, click Add Row. Enter the values. Enter the name of the registration property and description.
Registration properties are the details that you want to get from the consumer while the consumer registers to a specific producer. The registration properties entered by the consumer can be validated through the Registration Validation class.
Select Supported for out-of-band Registration if you wish the consumer to provide the details through out-of-band communication, such as phone calls, email, and so on.
Click Next.
The Review screen displays the details that you entered. Review details. You can click Previous and change the details you entered.
Click Finish.
For a producer that does not require registration, consumer is not required to enter any information or get any information through out-of-band communication. In this case, the consumer can not customize (or edit) the portlets offered by the producer. The producer that does not support registration provides Read-Only portals to the consumers.
Select the Portals tab.
Select a portal server from Portals.
Click the WSRP tab.
Select DN.
The Configured Producers table displays all producers that are already configured.
Click New.
Type the name of the producer.
Select Registration not required.
Click Finish.
A newly created Producer should be enabled for a consumer to register. A producer can be enabled by adding one or more portlets.
A producer can be disabled. But, all the consumers registered with the disabled producer will not be able to access the portlets offered by the producer.
In the Producer tab, click the producer name link.
The Edit Properties screen appears. The screen displays WSDL (Web Services Definition Language) URL. WSDL URL is a unique URL for a specific producer through which the consumer accesses the producer.
Add one or more published portlets to the producer.
The producer must have at least one published portlet to enable it. The screen displays all published portlets associated with the portal in which the producer is created.
Select a portlet, and click Add.
Edit the Registration Validation Class field if required.
Registration Validator is used to validate the registration properties that are entered by the consumer. You can also customize this class based on the needs.
Click Save. Now, the Enable check box displayed in the screen can be edited. Select Enable and click Save.
You can also edit other properties of the producer.
You can customize the RegistrationValidator class. Using this class, you can process the registration properties. For example, verifying the zip code of the customer. RegistrationValidator is the SPI for registration validation in the WSRP producer. For more information on customizing the validation class, see http://portalID/portal/javadocs/desktop. You can also refer to WSRP: Validating Registration Data in Sun Java System Portal Server 7.1 Developer’s Guide.
For a producer that supports registration, a registration handle needs to be generated for a specific consumer. After generating the registration handle, it needs to be communicated to the consumer to register with the producer through out-of-band communication. Consumer needs to enter the registration handle, while registering with the producer.
Click the Consumer Registration tab.
The screen displays all consumers that are already registered to the specific producer.
Click New.
Type details, such as name, status, consumer agent, and method.
A unique name to identify the consumer.
Can be Enabled or Disabled.
Specifies the name and version of the consumer's vendor. Consumer Agent Name should be ProductName.MajorVersion.MinorVersion, where ProductName identifies the product the consumer installed for its deployment, and majorVersion and minorVersion are vendor-defined indications of the version of its product. This string can then contain any additional characters/words the product or consumer wishes to supply.
Specifies whether the Consumer has implemented portlet URLs in a manner that supports HTML markup containing forms with method, get.
Click Next.
The screen displays the registration property values that are specified while creating the producer.
Enter the values, and click Next. Click Finish.
Publishing a producer stores producer details in any one of the repositories, such as Sun Java System Service Registry Server or an ebXML Registry server. After a producer is published, you can search for the details of the producer using the application interface or using the command-line interface. For details on setting up Sun Java System Service Registry Server, see the Service Registry 3.1 Administration Guide.
You need to configure Sun Java System Portal Server for Registry to publish the producer details to the registry.
Create the directory, /soar/3.0/jaxr-ebxml/security, in the machine where Portal Server is installed.
Copy keystore.jks from Registry Server's /var/opt/SUNWsrvc-registry/3.0/data/security directory to /soar/3.0/jaxr-ebxml/security.
Select the Portals tab.
Select a portal server from Portals.
Click SSO Adapter from the submenu.
Click JES-REGISTRY-SERVER.
The Edit Meta-adapter - JES-REGISTRY-SERVER screen appears.
Type the details.
If you are accessing the registry server through a proxy:
Hostname of the proxy server.
Proxy password if proxy server required authentication.
Port on which proxy server is available.
Proxy username if proxy server required authentication.
If you are not using a proxy server:
Password that is required to get the key from the keystore.
The key alias that is present in the keystore that is to be used for authenticating with the registry server.
Location of the keystore relative to /soar/3.0/jaxr-ebxml/.
Password used to open the keystore.
URL of the registry server where publish request should be sent. This URL should accept SOAP requests.
URL of the registry server where search request should be sent. This URL should accept SOAP requests.
The following steps explain how to publish a producer to the Registry Server:
Create organization data and producer data files.
Organization data file can contain the following entries:
org.name=Sun Microsystems
org.description=Description
org.primarycontact.name=Henry
org.primarycontact.phoneno=1234567
org.primarycontact.email=someone@host.com
The org.name and org.description should be similar as that of the details in Identity Server unless the Registry is deployed internally.
The producer data file should have the following entries:
producer.name=Producer_name
producer.description=Producer_Description
producer.id=Producer_ID
It is not a must that you should create all the data files. But, for searching the details of producer, organization, or portlet, you should have created at least one file associated with that.
Stop and restart the common agent container:
/usr/lib/cacao/bin/cacaoadm stop
/usr/lib/cacao/bin/cacaoadm start
To publish the produce details, use the following command:
./psadmin publish-registry -u amadmin -f password_file -p portal1 -m producer -U producer_data_file -O organization_data_file -T portlet -L --debug
The portlet file specifies the portlets that are offered by WSRP producer. The portlets list is specified as a string within double quotes and elements separated by space. For example, "NotepadPortlet BookmarkPortlet WeatherPortlet."
You can check the log file by using the following command: more var/opt/SUNWportal/logs/admin/portal.admin.cli.0.0.log
The following section explains how to search for a producer:
Create a Search Producer data file.
Search Producer data file can contain the following:
producer.name=producer_name
producer.description=producer_description
The Search Producer data file contains a description of the producer to search for in the registry. Use the character % as a wildcard. For example, %acme% in producer.name any WSRP Producer that contains the string "acme" in its name.
To search the registry, use the following command:
./psadmin search-registry -m consumer -u amadmin -f ps_password -C search_producer_datafile -p portal1
Create a search Portlet data file.
Search Portlet data file can contain the following:
portlet.name=portlet_name
portlet.description=portlet_description
The Search Portlet data file contains a description of the portlet to search for in the registry. Use the character % as a wildcard. For example, %stock% in portlet.name locates any Portlet that contain the string "stock" in its name.
To search based on portlet details, use the following command:
./psadmin search-registry -m consumer -u amadmin -f ps_password -D search_portlet_datafile
Create a Search Organization data file.
Search Organization data file should contain the following:
organization.name=organization_name
organization.description=organization_description
The Search Organization data file contains a description of the organization to search for in the registry. Use the character % as a wildcard. For example, %acme% in organization.name locates any organization that contains the string "acme" in its name.
To search based on the organization data file, use the following command:
./psadmin search-registry -m consumer -u amadmin -f ps_password -L search_organization_datafile -p portal1
This section explains the activities need to be performed at the consumer side.
The following topics are discussed:
To communicate with the portlets offered by the producer, a consumer needs to add a configured producer. If a producer requires registration, add a configured producer using the following methods:
By entering the registration property values (in-band registration)
By entering the registration handle (out-of-band registration)
If the producer does not require registration, the consumer is not required to enter any details while adding a configured producer.
Select the Portals tab.
Select a portal server from Portals.
Click the WSRP tab.
Select any DN and click New.
Type the configured producer name. Select the identity propagation mechanism. By default, None is selected.
Identity propagation mechanism allows the users of the consumer portal to present their credentials to the producer portal. It is a mechanism by which users can federate their identity from consumer portal to the producer portal.
Type the WSDL URL, and click Next.
You can also search for a WSDL URL based on the producer or portlet. The search result displays WSDL URL of a producer only if the producer is published.
If the producer requires registration, you can register the producer in two methods: by entering the registration property values (in-band registration) or entering the registration handle (out-of-band registration). Click Next.
If you selected the first method in step 7, enter the registration properties and click Next. If you selected the second method, enter the registration handle obtained through out-of-band communication, and click Next.
Review the details and click Finish.
psadmin create-configured-producer
Identity propagation is a mechanism by which the WSRP consumer supplies the identity of the user to the WSRP producer web service. It is a federation mechanism where the user federates its identity between the consumer and producer. After a successful federation, the consumer portal propagates the user identity to the producer portal. The WSRP producer, after receiving the user credentials from the consumer, validates the credentials and allows or denies access to the resource in the specified user context.
The user has two identities for each portal. That is, one for producer portal and the other for consumer portal. The user federates these identities using the identity propagation mechanism provided. This provides a single-sign on mechanism for the consumer and the producer portal. When the user logs into the portal through the consumer portal, the user gets the content that the user gets when logs directly into the producer portal. The changes that the user makes using the federated identity would be available when the user logs into the producer portal.
Sun Java System WSRP producer supports the following identity propagations:
SSO Token: Select if both the producer portal and the consumer portal are connected to the same Access Manager instance. Typically recommended in configurations where both the producer portal and consumer portal are deployed within the same organization.
WSS User Name Token Profile (username only): Uses the WSS specification where the user name is propagated as WS Security headers from the consumer portal to the producer portal.
WSS User Name Token Profile (with password digest): WS Security headers send the user ID that is targeted at the producer with the password in the Digest form.
WSS User Name Token Profile (with password text): WS Security headers send the user's user ID that is targeted at the producer with the password in the Text form.
In the above list, the last three options implement the OASIS WSS Username token profile specification. This specification describes how to use the Username Token with the Web Services. WSS specification describes how a web service consumer can supply a Username Token by identifying the requestor by username, and optionally using a password to authenticate that identity to the web service producer.
Many portal vendors support and implement the OASIS WSS Username token profile specification. Use one of the three options when interoperability is required.
There are two levels of identity propagation mechanism in Portal Server. First, the administrator of the consumer portal discovers that the producer portal supports one of the above specified identity propagation mechanisms. The administrator may allow the users to send their identity. Portal Server consumer supports all the above mentioned Identity Propagation Mechanisms.
After the consumer is created, the administrator has to create remote channels based on the identity propagation mechanism supported by the consumer. After the channels are available on the user Desktop, they are ready to accept identity propagation.
The identity propagation mechanism is set at the producer automatically. Portal Server checks for authentication from Sun SSO, then OASIS user name token profile, and then the No Identity Propagation mode.
Only new users can use the Digest Password facility after running the configuration command to store the LDAP passwords in plain text
Creation of a consumer should involve selecting the WSSO Username Token Profile (with Digest Password) option for User Identity Propagation Mechanism.
The Web Services SSO Portlet must be edited to select the appropriate Web service URL (producer) and provide the new username and password.
Do the following to configure Sun Java System WSRP Producer to accept Digest Passwords.
Run the command /opt/SUNWdsee/ds6/bin/dscfg set-server-prop pwd-storage-scheme:CLEAR to change the password storage scheme of the Directory Server so that plain text passwords are stored.
It is assumed that the default installed location of the Directory Server is /opt/SUNWdsee.
Create a new user in the AM console, to ensure that the Username Token Profile with Password Digest can be used.
When using the WSS User Name Token Profile (with PasswordDigest), communication between the producer portal and consumer portal should be secure because the password is sent in plain text between the consumer and the producer.
Two different consumers that point to the same producer URL should use the same identity propagation mechanism types.
You can create user token profiles to authenticate user credentials if the user uses identity propagation mechanism. You can define the user name and password for specific Web service that the producer offers.
Log in to Portal Server Desktop.
In the WebServices SSO Portlet, click the Edit button.
In the Create NewToken Profile section, select the WebService URL for which you want to create a user token profile.
Type the user name and password. Click Add.
You can also edit or remove an existing user token profile.
After the consumer configures the producer, use the Update Service Description option to update any changes made to the producer later. For example, addition of new portlets or changes to the registration properties after the registration.
Select the Portals tab.
Select a portal server from Portals.
Click the WSRP tab.
Select DN (Distinguished Name).
Click the configured producer link.
In the Edit Configured Producer screen, click Update Service Description.
psadmin update-configured-producer-service-description
WSRP supports the concept of user categories, which are included in the service description of the producer. Mapping user categories to the roles allows the user to map the roles that are defined in the consumer portal to the roles that are defined in the portlet. Sun Java System Portal Server maps Java System Access Manager's roles to the portlet's roles. These roles can be mapped to the corresponding WSRP user categories.
You can perform the following tasks:
Roles can be defined in the portlet while deploying the portlet.
The roles defined in the portlet must exist in the Access Manger of the producer.
The following task creates a role in amconsole in Sun Java System Access Manager and Portlets.
Log in to the Access Manager console.
Create a role and add a user to it.
In webxml of the portlet application, add the following code:
<security-role>
<role-name>PS_TEST_DEVELOPER_ROLE<role-name>
</security-role>
Add the following lines in portlet.xml of the portal.
<security-role-ref>
<role-name>PS_TEST_DEVELOPER_ROLE<role-name>
<role-link>PS_TEST_DEVELOPER_ROLE<role-link>
</security-role-ref>
Create the portlet application war file.
Create a roles file with the following entry.
cn\=AM_TEST_DEVELOPER_ROLE,o\=DeveloperSample,dc\=india,dc\=sun,dc\=com=PS_TEST_DEVELOPER_ROLE
Deploy the portlet using the following command.
/opt/SUNWportal/bin/psadmin deploy-portlet -u amadmin -f ps_password -d "o=DeveloperSample,dc=india,dc=sun,dc=com"-p portal1 -i stockprice-8080 --rolesfile rolesfile TestPortlet.war
Do the following to map user categories to role:
In the Consumer tab, click the producer name link.
The Edit Configured Producer screen displays the following: User Category: The roles in the producer portlet. Local Roles: The roles that are defined at the consumer's Sun Java System Access Manager.
In the User Categories to Role Mapping section, map user categories to the roles defined at the consumer, and click OK.
The Sun Java System Portal Server implementation of WSRP Consumer maps common user attributes stored in the user entry on the Sun Java System Directory Server to the standard set of user attributes that the WSRP specification mandates.
If a consumer portlet uses any of the attributes that are not specified in the LDAP schema, create a custom object class to store these attributes and add this object class to the user entry. After attributes are created, map the LDAP attribute to the corresponding WSRP attribute using Sun Java System Access Manager management console.
Proxies need to be configured for consumer and for web container XML files.
You can perform the following tasks:
Run ./cacaoadm get-param java-flags.
Copy the values and paste it to ./cacaoadm set-param java-flags.
Now add the following to the command: -Dhttp.proxyHost=webcache.canada.sun.com -Dhttp.proxyPort=8080 -Dhttp.proxyUser=Proxyuser -Dhttp.proxyPassword=Password
Press Enter.
Restart the common agent container server.
Edit the following file:
vi /var/opt/SUNWappserver/domains/domain1/config/domain.xml
Set the following JVM options:
Dhttp.proxyHost
Dhttp.proxyPort
Dhttp.proxyUser
Dhttp.proxyPassword
This section describes how to administer the Sun Java System Portal Server Web Services for Remote Portlets (WSRP) service. The tasks to administer a WSRP producer are:
A WSRP producer is created with the following:
Name of the producer instance (must be unique for the entire portal server)
Whether registration is required. When registration is required, all WSRP consumers must register with this producer instance before making requests. Requests from unregistered WSRP consumers will be denied.
Whether in-band registration is supported. In-band registration allows WSRP consumers to register programmatically. Otherwise, out-of-band registration is required with manual contact (such as email or telephone) between the WSRP consumer administrator and the WSRP producer administrator to set up and exchange access to a registration handle.
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Producers from the submenu.
From Select DN drop-down menu choose any DN.
From WSRP Producers click New to launch the wizard
Follow the instructions to create the specified producer.
For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference
You can edit the WSRP Producer as follows:
Add or remove portlets from the published list
Change the requirement on registration
This option should be modified for an existing producer.
Enable or disable in-band registration
Specify the Registration Validator Class. The registration validator class is used by the WSRP Producer to validate that the values sent by the WSRP consumer are acceptable.
Add new registration properties. Any change in properties will apply to subsequent consumers registering with the producer.
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Producers from the submenu.
From Select DN drop-down menu choose any DN.
Select a WSRP producer and modify the configuration attributes as necessary
For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference
Click Save to record the changes.
Each consumer registration represents a remote WSRP consumer that has established a relationship with the WSRP producer. A WSRP producer that supports allows multiple WSRP consumers to register with it. The registration mechanism allows a WSRP consumer to describe its capabilities to a WSRP producer.
A WSRP consumer is added out of band (such as by email or telephone). The information entered when adding a consumer registration must match the capabilities of the WSRP consumer that is given the registration handle. Consumer registrations allow a WSRP producer to scope artifacts (such as portlet preferences) that a WSRP consumer creates on the WSRP producer.
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Producers from the submenu.
From Select DN drop-down menu choose any DN.
Select a WSRP producer, then Consumer Registrations.
Click New to launch the wizard.
Follow the instructions to create the specified consumer registration.
For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference
psadmin create-consumer-registration
You can edit existing consumer registrations manually. Note that this could also be done via in-band registration from the WSRP Consumer end. Ensure that both out of band and in band registration are not used simultaneously.
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Producers from the submenu.
From Select DN drop-down menu choose any DN.
Select producers, then select a WSRP producer, then Consumer Registrations.
Select a consumer registration and modify the configuration attributes as necessary.
For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference
Click Save to record the changes.
This section describes the tasks to administer the WSRP Consumer:
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Producers from the submenu.
From Select DN drop-down menu choose any DN.
Under Configured Producer click New to launch the wizard
Follow the instructions to create the specified configured producer.
For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference
psadmin create-configured-producer
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Consumer from the submenu.
From Select DN drop-down menu choose any DN.
Select a configured producer and modify the configuration attributes as necessary.
Use the Update Service Description option to update any changes made to the producer. See Updating Service Description.
For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference
Click Save to record the changes.
The WSRP consumer sends the consumer name to producers during registration. The value specified for the consumer name is used as the default unless a value is specified for consumer name at the organization or suborganization level.
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Consumer from the submenu.
From Select DN drop-down menu choose any DN.
Under WSRP Consumer, click Edit.
Specify the consumer name.
Click OK.
This chapter describes how to track Sun Java System Portal Server user behavior.
This chapter contains the following sections:
Portal Server user behavior tracking (UBT) provides a way to track end-user activity on the Portal Server application. User activity on Portal Desktop is captured into a ubt log file. The ubt log file is recorded in a W3C standard Extended Log File Format. From this log file, you can create various end-user behavior tracking reports using the Portal Server console or the psadmin generate-ubt-report command. You can also use third-party tools such asAWStats to generate UBT reports.
You can also enable UBT from the UBTConfig.properties file. Go to /var/opt/SUNWportal/portals/portalID/config/UBTConfig.properties and set com.sun.portal.ubt.enable=true.
The table shows the list of UBT reports, their description, and the available format of the reports.
Table 6–1 User Behavior Tracking Reports
Report Name |
Report Description |
Report Formats |
---|---|---|
Portal User Identity Report |
This report lists users along with time of their last portal access. Users are grouped as per the server they accessed, domain they belong to, and relative DN. |
HTML or PDF |
Portal User Login Rate |
This report shows the rate of logins into portal. | |
Portal Channel View Report |
This report lists users viewing a channel along with number of times they viewed that channel. The channels are grouped as per the containers they belong to. |
HTML or PDF |
User Customization of Portal Containers |
This report shows the portal container customization. Container customization usually refers to content, layout or theme changes on the Desktop. |
HTML or PDF |
Portal Request Rate |
This report shows the rate of request of each top container every hour over a period of time. The top container request is considered a page request. |
HTML or PDF |
User Customization of Portal Channels |
This report lists end users along with the actions they performed on the channels. Users are grouped by the containers they access, and by channels on which they performed actions. |
HTML or PDF |
Portlet Actions Report |
This report shows the rate of portlet action requests in the portal. |
HTML or PDF |
Portlet Render Report |
This report shows the number of times a portlet is displayed in a portlet mode in a particular window state. In MINIMIZED window state, a portlet is not rendered, and the count for this state is not displayed. |
HTML or PDF |
Portal User Login Rate Report |
This report shows the rate of logins into the portal. |
HTML or PDF |
This section has information on how to enable user behavior tracking and generate reports.
You can perform the following tasks from the portal server management console:
By default, UBT logging on a Portal Server application is not enabled.
Select the Common Tasks tab.
Under Reports and Logs, click Portal Usage Reports to launch the wizard.
From Select Portal drop-down menu select a portal instance, and click OK.
The User Behavior Tracking page is displayed.
Click the Settings submenu and enable UBT logging under Common Properties.
For more information on Common Properties, Handler Properties and Event Settings, see Sun Java System Portal Server 7.1 Technical Reference
For all other properties, default values are already set and are sufficient for UBT to work. To apply the changes to all instances of Portal Server, click the Apply to All Instances button. Otherwise, click the Apply to Selected Instance button.
Access the portal Desktop and make sure user behavior tracking log files are generated.
By default, user behavior tracking logs are written into /PortalData-Dir/portals/PortalID/logs/instanceID/ubt.0.0.log file.
Select the Common Tasks tab.
Under Reports and Logs, click Portal Usage Reports to launch the wizard.
From Select Portal drop-down menu select a portal instance, and click OK.
The User Behavior Tracking page is displayed.
Click the Reports submenu.
Eight reports are listed. All these reports can be generated either in PDF or HTML format. See Table 6–1 for more information.
This chapter describes how to set up the Sun JavaTM System Portal Server monitoring.
This Chapter contains the following sections:
Monitoring helps record runtime resource information about portal server. Desktop monitoring keeps record of information on requests received by portal server for content, edit, and process types. It also records information on the minimum, maximum and average response time for each type of request for the different channels of portal server.
Information gathered from monitoring portal activity is useful to optimize portal response time either by moving channels that need a higher response time to separate secondary tab, or by setting the time-out property for Desktop channels based on cache hits.
The Java Virtual Machine (JVM) in a portal server collects monitoring data for the Desktop. Monitoring information can be viewed on portal server management console, or can be accessed using psadmin monitoring subcommands. See Sun Java System Portal Server 7.1 Command Line Reference.
Monitoring uses Java Management Extensions (JMXTM technology) and registers Management Beans (MBeans) in the portal server instance's MBeansServer that represents portal server Desktop and portal Desktop channels. Each MBean attribute represents monitoring data collected for each resource. The portal management console and psadmin monitoring subcommands communicate with MBeans to collect and present monitoring data for a portal server instance.
Monitoring can be configured by accessing monitoring properties stored in /var/opt/SUNWportal/portals/portalID/config/instanceID/monitoring.properties file. Monitoring is enabled by default. To disable monitoring, set com.sun.portal.monitoring.MonitoringContext.monitoring.disable property to true. When the JVM restarts, monitoring is disabled.
You can also enable or disable monitoring from the portal management console.
Select the Portals tab.
Select a portal server under Portals.
Click the Monitoring tab.
Click Settings submenu.
Select a portal server instance.
Click Enable Monitoring or Disable Monitoring button.
Select the Portals tab.
Select a portal server under Portals.
Click the Monitoring tab.
Click Desktop Request/Response Statistics from the submenu.
Select the Portals tab.
Select a portal server under Portals.
Click the Monitoring tab.
Click Channel Action Statistics from the submenu.
From Select DN drop-down menu choose an organization.
Select the server from the Server Instance drop-down menu.
Monitoring collects seven types of data requests received by the Desktop. Each type of request is represented as MBean with type DesktopRequestStatistic, and name MBean property as the request type. For example, type=DesktopRequestStatistics,name=Content name properties help identify Desktop content request statistics.
The seven types of requests are explained in the following list:
The number of times Desktop successfully served content requests, and the time taken for it.
The number of times Desktop successfully served edit requests , and the time taken for it.
The number of times Desktop could not serve a request due to some exception during request processing. Exception information is logged in portal server log files.
The number of times Desktop responded to local authentication requests.
The number of times user logged out from portal server, and how long it took to log out
The number of times Desktop responded to pre-login requests.
The number of times Desktop processed edit requests, and the time taken for it
You can view the Desktop statistics from the portal management console.
Each type of channel action is represented as MBean with type ChannelActionStatistic along with additional name properties that identify the channel. To know the full MBean name, use the command psadmin get-monitoring-mbean-names.
Portal Desktop presents cached content view for a channel based on time-out channel property
The types of channel actions that are monitored for each Desktop channel are explained in the following list:
The number of times channel provider successfully generated the content view, and the response time for it.
The number of times channel provider successfully presented the edit view, and the response time for it.
The number of times channel provider processed the edit view.
You can view the Desktop statistics from the portal management console.
This chapter describes how to obtain Sun JavaTM System Portal Server log information.
This chapter contains the following sections:
Portal Server supports logging across all components. The logs and log configuration are uniform across portal components. Seven standard log levels range from severe to fine grain. The logs can be routed to different files or data sinks and can consist of a single file or multiple files; that is, one for each component.
Log levels can be set for each module and sub-module, and logs can be routed to separate files for each module and sub-module within each component.
You can set up and manage Portal Server logging using the following components:
Log Viewer
Common Logger settings
Specific Logger settings
You can manage portal logging from the portal management console.
Select the Portals tab.
Select a portal server under Portals.
Click Logging, then Log Viewer from the submenu.
From the Instance Name drop-down menu, select a portal instance.
The Search Criteria and Search Results page for the log viewer is displayed.
Enter the values for the Search Criteria, and click Search.
The following search options are available:
File name that has the log content.
Messages at the selected level or higher appear in the log. The available levels are SEVERE, WARNING, INFO, CONFIG, FINE, FINER, and FINEST. The default level is INFO, so the log will contain messages of INFO, WARNING, or SEVERE levels.
To ensure that the messages you want to view appear in the log, first set the appropriate log levels on the Specific Logger Settings page.
Displays log messages of a certain time period.
You can view 100 most recent log entries, or type a time period in the From and To text boxes.
If you choose a Specific Range:
Both the From Date and To Date values are required
The From Date value cannot be later than the To Date value
The To Date value cannot be later than Today's Date
The From Time and To Time values are optional. If the From Time value is specified, then the To Time value has to be specified. For the Time value, the syntax must take the form hh:mm:ss.SSS. SSS stands for milliseconds. For example, 18:20:10.000
You can customize the Search Results page using the following steps:
Select the Portals tab.
Select a Portal Server under Portals.
Click Logging, then select a portal server from the Instance Name drop-down menu.
In the Log Viewer Results table, click the Timestamp column header to sort the messages.
Click the details link to view a formatted log message in a new window.
Select the Portals tab.
Select a Portal Server under Portals.
Click Logging, then Common Logger settings from the submenu.
From the Instance Name drop-down menu, select a portal instance.
Modify the configuration attributes as necessary.
The following options are available:
Log Level — You can choose what information to view in a log file by selecting a log level setting.
The choices for Log level include:
Severe - errors visible to users
Warning - user warnings
Info - informative for users
Config - static setup information for developers
Fine - basic tracing information
Finer - detailed tracing information
Finest - complete tracing information
Off - can be used to turn off logging
All - indicates that all messages should be logged
Limit — Specify the size of the log file in bytes. If the log file size exceeds this value, the log file will be rotated based on file count. The default value is 5 megabytes.
File Count — When the log reaches the specified size in bytes, create a new empty file with the generation number (%g in the File Pattern) incremented by 1. The default value is 2. To turn off log file rotation, set the value to 0.
Append — Specify whether the new message is to be appended to the existing file. Default is true.
Filter — To filter log records that are sent to destinations such as portal log or a destination specified by a custom log handler, you can plug in a custom log filter. The custom filter must implement the interface java.util.logging.Filter. Type the absolute class name of the filter in the field. Also put the filter class in the Application Server classpath so that the filter is installed during server startup.
Custom Handlers — To send logs to a destination other than portal log, you can plug in a custom log handler. The custom handler must extend the class java.util.logging.Handler (a JSR 047 compliant API). Type the absolute class name of the handler in the field. Also put the handler class in the Application Server classpath so that the handler is installed during server startup. You can specify more than one handler. Use comma to separate multiple names.
Use Web Container Log File — To disable portal logging administration and route all logs to the web container log file, chose Yes, other chose No. Default is No.
Click Apply to the Selected Instance or Apply to All Instances to record the changes.
Select the Portals tab.
Select a Portal Server from Portals.
Click Logging, then Specific Logger settings from the submenu.
From the Instance Name drop-down menu, select a portal instance.
Modify the configuration attributes as necessary.
The following options are available:
Logger Name – Click the logger name to get the configuration details of the logger.
Log Level – You choose what information to view in the log file for the logger by selecting a log level setting or you can inherit the log level from the parent logger. For example, if the log level of debug.com.sun.portal is INFO and the log level of debug.com.sun.portal.desktop is Inherit Parent Logger Level, then its value will also be INFO.
Log File Merge Strategy – For a logger, you can choose whether you want the log messages in the same log file as parent (Log to Parent Log File) or the log should go to a separate file (Log to Separate Log File).
Parent Handler – For a logger, if the Log File Merge Strategy is set to Log to Separate Log File, you can choose whether you want the messages to be logged to both the separate log file as well as the parent log file (Inherit Parent Handlers) or log to separate file only (Do not Inherit Parent Handlers).
Parent Handler – For a logger, if the Log File Merge Strategy is set to Log to Separate Log File, you can choose whether you want the messages to be logged to both the separate log file as well as the parent log file (Inherit Parent Handlers) or log to separate file only (Do not Inherit Parent Handlers).
Stacktrace – For a logger, you can choose whether you want the stacktrace to be logged for all levels (Print Stack Trace for All Levels) or for only till WARNING log level (Print Stack Trace till Warning Level).
If Log File Merge Strategy value is Log to Parent Log File, Parent Handler and stacktrace values are ignored. If Log File Merge Strategy value is Log to Separate Log File, and if Parent Handler value is Inherit Parent Handlers, the Stacktrace value Print Stack Trace for All Levels is not valid.
Click Apply to the Selected Instance or Apply to All Instances to record the changes.
This chapter describes the Sun JavaTM System Portal Server subscriptions component and how to manage it. The chapter contains following topics:
Subscriptions enable end users to create a profile covering many sources of information, including categories, discussions, and searchable documents. The profile is updated with the latest information each time the end user accesses the Subscriptions channel. The Subscriptions channel summarizes the number of items of relevant information that match each profile entry that the end user defines for categorized document or discussions.
You can match the following types of content using the search server:
New documents in a target category from a specified range of days
New relevant comments within a discussion from a specified range of days
Document hits against saved searches
The result is displayed as a link that shows the number of matching information to the profile entry. This link redirects the end user to a more detailed view of the match itself.
In case of a category subscription, the link redirects the end user to the search channel, which summarizes the specific documents of interest in a standard category search result format. The Subscriptions channel acts as the doorway to a more detailed view for the end user.
The Profiler function provides email notifications when the content of specified interests has changed. The Profiler obtains subscription details for end users from the Access Manager, fetches the results from the Search server, and sends email notifications to end users. You can schedule the Profiler to run at a specific time at the organization level.
You can enable or disable subscriptions. Subscriptions can be set up at the:
Root Level
Organization Level
End-User Level
Select the Portals tab.
Select a portal server under Portals.
Click the Subscriptions tab.
Set the subscriptions level by choosing one of the following, and set the default values:
From the Select DN drop-down menu, choose TopLevel [Global].
Administering subscriptions at the TopLevel sets the system-wide default maximum number of subscriptions for each type, or for categories, discussions, and saved searches.
Specifies the maximum number of categories that a user can subscribe to.
Specifies the maximum number of discussions that a user can subscribe to.
Specifies the maximum number of searches that can be saved.
From the Select DN drop-down menu, choose any Organization.
Administering Subscriptions at the Organization level overwrites the system-wide default maximum number of subscription per type (that is, for categories, discussions, and for saved searches).
The host system that serves as the SMTP server to route Email notifications to the end users.
Subscription profiler email address from which the user receives email notification. Email should be in the form ID@domain.
The URL of the Profiler channel that is used to render the content of the Email notification to the user. It should be in the form of http://HOST:PORT/portal/dt?
provider=profiler&desktop.suid=UID_OF_AUTHLESSANONYMOUS_USER
The URL of the default search server. Profiler Default Search is only used for backward compatibility with user profiles created with Portal Server 6.3.x. It should be in the format http://HOST:PORT/search1/search
The maximum number of result hits that any given end user subscriptions in the organization will see in email notification sent to a user. For example, if the value is 5, a saved search with a large scope like “*” is limited with five most relevant results.
The maximum number of categories that a user can subscribe to.
The maximum number of discussions that a user can subscribe to.
The maximum number of searches the end user can save.
From the Select DN drop-down menu, choose any User.
Administering Subscriptions at the Organization User level edits user’s Subscriptions settings. The administrator can maintain the user’s service data.
Update user subscriptions
Delete user subscriptions
Allows users to receive email notifications by selecting Enabled.
For each type of subscription, add or remove subscriptions. The format of:
label | target category | scope | lapsed time | rating | server | database | status |
where
Refers to a logical reference given to the edited subscription and it must be a string. This is a required field.
Must be of the string format ABC:DEF:GHI
Refers to a search query and it must be of a string format that is a valid search string, including search operators.
Must be one of the following numbers:
0 = forever
1 = since yesterday
7 = since last week
30 = since last month
180 = since last 6 months
365 = since last year
This is the minimum rating that a matching document should be to be selected as a match for the subscription.
Values are number
–1 = irrelevant
0 = routine
1 = interesting
2 = important
3 = must read
This is the URL of the search server that will be queried to find content matching subscription's criteria.
Target search server database where subscription searches for potential matches. This is a single value database.
Boolean value that marks whether the subscriptions is active or inactive.
Active means the subscriptions is to be evaluated.
Inactive means the subscriptions is dormant.
label | target discussion | scope | lapsed time | rating | server | database | status |
where:
Refers to a logical reference given to the edited subscription and it must be a string. This is a required field.
Parent node of the discussion thread from which subscriptions will try to find matching content for other defined criteria.
Refers to a search query. scope must be a string format that is a valid search string, including search operators.
Must be one of the following numbers:
0 = forever
7 = since last week
30 = since last month
180 = since last 6 months
365 = since last year
This is the minimum rating that a matching document should be to be selected as a match for the subscription.
Values are number
–1 = irrelevant
0 = routine
1 = interesting
2 = important
3 = must read
This is the URL of the search server that will be queried to find content matching subscription's criteria.
Target search server database where subscription searches for potential matches. This is a single value database.
Boolean value that marks whether the subscriptions is active or inactive.
Active means the subscriptions is to be evaluated.
Inactive means the subscriptions is dormant.
label | scope | lapsed time | rating | server | database | status |
where
Refers to a logical reference given to the edited subscription and it must be a string. This is a required field.
Refers to a search query and if must be of a string format that is a valid search string, including search operators.
Must be one of the following numbers:
0 = forever
1 = since yesterday
7 = since last week
30 = since last month
180 = since last 6 months
365 = since last year
This is the minimum rating that a matching document should be to be selected as a match for the subscription.
Values are number
–1 = irrelevant
0 = routine
1 = interesting
2 = important
3 = must read
This is the URL of the search server that will be queried to find content matching subscription's criteria.
Target search server database where subscription searches for potential matches. This is a single value database.
Boolean value that marks whether the subscriptions is active or inactive.
Active means the subscriptions is to be evaluated.
Inactive means the subscriptions is dormant.
Click Save.
This section describes the discussions channel and how to manage it.
This section contains the following:
The Discussions channel is based on the DiscussionProvider, similar to the search channel’s JavaServer PagesTM (JSPTM) files. The discussion channel has a query portion and a display portion, and uses Desktop themes.
The DiscussionProvider:
Uses the Desktop themes
Is based on JSP technology
Retrieves data from the back-end Search service using search tag libraries and API
Discussions and comments are stored as different Resource Descriptors (RDs) in the discussion database. The DiscussionProvider supports:
A full view (using the Discussions channel) and an abbreviated view (using the DiscussionLite channel) that:
Starts a new discussion from the discussion channel
Posts replies to an existing discussion
Starts a new discussion based on web documents from the search channel
A Discussion List that:
Retrieves main posts sorted by last-modified date
Has pagination so users can access older discussion
A discussion view that displays each discussion subtree. The main item is displayed in detail and the subtree is displayed below the main item. View discussion includes:
Several filters on the page. A document display can be based on filters such as document rating (irrelevant, routine, interesting, important, and must read).
Display preference can be set to threaded or flat display.
Expansion threshold to help control displayed items in the subtree. The users can choose to expand only highly rated documents, or expand all or collapse all. Default value is collapse all. Expand all displays all the filtered comments, shows a description of the discussion, provides a menu for rating the discussion, and allows the user to post a reply.
Support to search within a discussion. The user also has the option to set these preferences through the channel edit page.
Commenting and rating a discussion. For example, users can:
Add a comment on an existing discussion.
Rate all discussions and comments. User rating is not immediately visible. The rating calculation is based on an algorithm, and the rating for any comment goes up gradually. For example, a comment must be rated important three times before it is marked as important.
Searching all discussions and within a discussion. These functions are routed to the search provider. Users can also search by rating in Advance Search.
Subscriptions. Authenticated users can choose to subscribe to a particular discussion by selecting the subscribe link. The request is handled by the SubscriptionProvider.
You can create a DiscussionProvider channel and manage it from the portal server management console:
End users can configure the discussion channel using the channel edit page.
Select the Portals tab.
Select a portal server under Portals.
From the Select DN drop-down menu, select any DN.
Select the container where you want to create the channel.
The container Task and Properties are displays on the right panel.
Under Tasks, click New Channel or Container to launch the wizard.
From the Select Portal drop-down menu, select a portal server.
From the Select DN drop-down menu, select any DN.
Under Type, select channel, and click Next.
Under Channel Type, select Provider Channel, and click Next.
From the Provider drop-down menu, select DiscussionProvider, and click Next.
Type a name for the channel in the text box, and click Next.
Review the channel information, and click Finish.
Click Close.
The channel based on DiscussionProvider is created.
Select the Portals tab.
Select a portal server under Portals.
From the Select DN drop-down menu, choose the DN where the DiscussionProvider channel resides.
Select DP XML Tree as the View Type from the drop-down menu for a listing of all the channels and containers under DP_ROOT.
Select the container where the channel resides.
The container Tasks and Properties page displays.
Click Select Channel or Container to delete.
Select the DiscussionProvider channel.
Click Delete.
Select the Portals tab.
Select a portal server under Portals.
Choose DN organization where the DiscussionProvider channel resides from Select DN drop-down menu.
Select DP XML Tree as the View Type from the drop-down menu for a listing of all the channels and containers under DP_ROOT.
Select the DiscussionProvider channel you want to configure.
For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference.
The DiscussionLite channel displays the top 20 recent discussion titles and the date. Discussions are sorted by creation date (last modified), and the newest discussion is displayed first. Titles can be reconfigured.
The DiscussionLite channel view has links for:
Viewing each discussion.
Viewing all discussions that target the Discussions Channel.
Starting a discussion.
By default, the channel is displayed in a single container, and all links are brought up in a JSPDynamicSingleContainer.
Properties can be configured from the management console. By default, the end user cannot edit properties of this channel.
This chapter describes how to configure the single sign-on (SSO) adapter in order to adjust options available to end users. This chapter contains the following sections:
The single sign-on adapter service allows end users to use applications, such as a portal server provider or any other web application, to gain authenticated access to various resource servers after signing in once. The resource servers that can be accessed depend on the implementations of the SSO Adapter interface that are available in the system.
Portal Server provides SSO Adapters for the following resource servers: Address Book, Calendar, and Mail. Single Sign-On for the Instant Messaging channel is not achieved through SSO Adapter but through the use of the Sun Java System Portal Server authentication method. For information on this method, see the authMethod property in Instant Messaging Channel . The Address Book, Calendar, and Mail services are available through the products:
Sun Java System Calendar Server 5.1.1, 6.0, 6 2006Q2
Sun Java System Sun Java System Messaging Server 5.2, 6.0, 6 2006Q2
Resource servers are typically accessed by an application using a standard application programming interface (API), such as the JavaMailTM API for accessing a mail server. To create an authenticated connection using the API, the API must be provided the configuration data for the connection. The purpose of the SSO Adapter is to provide this configuration data, and the SSO Adapter service is used to store that data.
The SSO Adapter service defines two levels of data, meta-adapters and adapters. A meta-adapter defines a class of connections that are going to be made available to users. A single meta-adapter is used by many users. It defines data values that are the same for all users that use the meta-adapter including default values and identification of what values can be edited by a user. Therefore, meta-adapters are defined at a global service level.
An adapter builds upon a meta-adapter by providing data values that are specific to an organization, role, or user. An adapter references a meta-adapter, and takes data values from the meta-adapter for those properties that are not editable by the user. When an end user changes the user-editable properties of an adapter, that adapter would then apply only to that one user.
A Sun Java System Sun Java System Portal Server communication channel that uses the SSO Adapter service references either a meta-adapter or an adapter to get data values needed to obtain a connection to a resource server. If the channel references a meta-adapter, and the user saves configuration information, the reference is changed to refer to an adapter instead. The adapter then references the meta-adapter.
All administration for the SSO Adapter is done either through the Portal Server console web application or the psadmin command-line interface. The default deployment URI for Portal Server console is /psconsole. The default location for the psadmin CLI is /opt/SUNWportal/bin for Solaris.
A meta-adapter defines a class of connections that are going to be made available to users. A single meta-adapter is used by many users.
You can perform the following tasks using meta-adapters:
Select the SSO Adapter tab.
From List of Meta-Adapters click New Meta—Adapter to launch the wizard.
Follow the instructions and then click OK to create the specified Meta-Adapter.
psadmin create-ssoadapter-template
The only list of adapters allowed by the CLI is by DN.
An adapter builds upon a meta-adapter by providing data values that are specific to an organization, role, or user. An adapter references a meta-adapter, and takes data values from the meta-adapter for those properties that are not editable by the user. When an end user changes the user-editable properties of an adapter, that adapter would then apply only to that one user.
You can perform the following tasks using SSO Adapter configurations:
Select the SSO Adapter tab.
Select a meta-adapter under List of Meta-adapters.
Click View Adapters for Selected Meta-adapter.
Click New Adapter.
The New adapter page appears.
Provide the configuration attributes as necessary.
Click OK.
Select the SSO Adapter tab.
Click View Adapters for Locations.
From the Select DN drop-down menu, choose any DN.
The list of Adapters appears.
Select an adapter and modify the configuration attributes as necessary.
Click OK.
psadmin set-ssoadapter-property
Without logging in, end users have access to any read-only communication channels that administrators have configured. However, end users are usually prevented from editing these channels.
Select the SSO Adapter tab.
From SSO Adapter Tasks, click Edit list of users allowed to access SSO Adapters without authentication.
From User locations, click Add Users.
From Users Found table, choose users.
Click Add Selected Users.
The Anonymous Users function is available only through Portal Server management console.