test

Sun Java System Portal Server 7.1 Developer Sample Guide

Chapter 6 Customizing Authentication

Portal Server supports a number of authentication schemes, including LDAP, anonymous, membership, UNIX, and more.

This chapter contains instructions for:

Using UNIX Authentication with LoginProvider

ProcedureTo Use UNIX Authentication with LoginProvider

  1. Change directories to the default/LoginProvider directory.

    For example:


    cd PortalServer-DataDir/portals/portal-ID/desktop/default/LoginProvider

  2. Copy the display_UnixAuth.template file to display.template.

    For example,


    cp display_AuthUnix.template display.template

  3. Add the service from the Access Manager administration console.

  4. Setup authentication configuration for UNIX

    Note –

    To use LDAP authentication, the authentication module is already enabled for the default organization. You only need to copy display_AuthLDAP.template to display.template.

Configuring LDAP Authentication for UserInfoProvider

Out of the box, the UserInfo channel allows the user to edit and maintain their Membership password (change their own password). To change the user’s authentication module to only LDAP, the administrator has to customize the UserInfoProvider to acknowledge LDAP authenticated users.

ProcedureTo Enable End User Password Maintenance for LDAP Authentication

  1. Create an LDAP passwordHandler template. The template name format is passwordHandler-authType.template.

    You can copy an existing template in the Userinfo template directory. For example,


    cd PortalServer-DataDir/portals/portal-ID/desktop/default/UserInfo/html
cp passwordHandler-Membership.template passwordHandler-LDAP.template

  2. Optionally, modify the descriptive text within passwordHandler-authType.template.

    For example, in the passwordHandler-LDAP.template file, change the Membership to LDAP.

  3. Add the authentication module name to the channel’s authTypes display profile Collection.

    Use the psadmin utility subcommand to add the entry to the UserInfoProvider <Provider> element. For example:

    1. Add the entry LDAP to the authTypes collection for the UserInfoProvider as shown (in bold) below:


      <Collection name="authTypes" advanced="true"> <String value="Membership"/> <String value="LDAP"/> </Collection>

      Here, based on the user’s SSOToken authentication type, the appropriate authType will be used.

    2. Import the modified display profile document using the psadmin modify-display-profile subcommand.

  4. Restart the web container.

  5. Access the portal desktop as an LDAP authenticated user and edit the user info channel.

    Verify that the password field is displayed.

  6. Modify the user’s password and select finished

  7. Logout and login to the Desktop with the new credentials.