Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Portal Server 6 2004Q2 Desktop Customization Guide 

Chapter 8
Customizing the Anonymous Desktop

This chapter describes customizations you can make for the anonymous Desktop. This chapter contains the following sections:

When you install the sample portal, a copy of the anonymous Desktop display profile is located in the portal-server-install-root/SUNWps/samples/desktop/dp-anon.xml file, with the support files located in the /etc/opt/SUNWps/desktop/anonymous directory.

Configuring Anonymous Authentication

Sun Java System Portal Server software supports two methods for implementing anonymous authentication:

When you install Portal Server software, by default the installation program enables anonymous authentication to the Desktop of the default organization using the Authentication-less User ID attributes. To implement this feature, the installation program creates a user account, authlessanonymous, and sets up access for this user within the following two Desktop Services global attributes:

This section describes how to enable and disable both types of anonymous authentication. See the Administering Users And Services chapter in the Portal Server Administration Guide for more information on enabling and disabling anonymous authentication.

    To Enable Anonymous Log In
  1. Log in to the Sun Java System Identity Server software administration console as administrator.
  2. Register the Anonymous service for the selected organization and create its template.
  3. Add Anonymous to the Authentication menu in the Core service (for the selected organization).
  4. Create the anonymous user account for the selected organization.
    To Disable Anonymous Log In
  1. Log in to the Identity Server software administration console as administrator.
  2. Unregister the Anonymous service for the selected organization.
  3. Remove Anonymous from the Authentication menu in the Core service (for the selected organization).
  4. Remove the anonymous user account for the selected organization.
    To Enable Authentication-less (authlessanonymous) Log In
  1. Log in to the Identity Server software administration console as administrator.
  2. Create the auhthlessanonymous account with a password of authlessanonymous for the selected organization.
  3. Select the Service Configuration tab.
  4. Click on the Desktop node.

    5. The Desktop attributes page appears in the data pane.

  5. Add the following value to the Authorized Authentication-less user IDs attribute:

    6. uid=authlessanonymous,ou=People,dc=organization|authlessanonymous

    Substitute the appropriate organization name for organization.

  6. Set the Default Authentication-less user ID attribute to the following:

    7. uid=authlessanonymous,ou=People,dc=organization

    Substitute the appropriate organization name for organization.

  7. Log out from the Identity Server software administration console.
  8. Verify that authentication-less authentication works. That is, close all current browsers and start a new browser with the following URL:

    9. http://hostname:port/portal/dt

    To Disable Authentication-less (authlessanonymous) Log In

By default, the sample portal is registered for Authentication-less (authlessanonymous) authentication. This is different from Anonymous authentication, which the sample portal, by default, is not registered for. The Anonymous Desktop uses Portal Server software for authentication; the Authless Desktop does not pass through the authentication process at all and is handled internally in the Desktop servlet.

To disable authentication-less log in:

  1. Log in to the Identity Server software administration console as administrator.
  2. Select the Service Configuration tab.
  3. Click on the Desktop node.

    4. The Desktop attributes page is displayed in the data pane.

  4. Remove the value(s) from the Authorized Authentication-less user IDs attribute.
  5. Remove the value from the Default Authentication-less user ID attribute so that it is blank.
  6. Log out from the Identity Server software administration console.
  7. Verify that you cannot reach the Anonymous Desktop. That is, close all current browsers and start a new browser with the following URL:

    8. http://hostname:port/portal/dt

Accessing the Anonymous Desktop

    To Access the Anonymous Desktop through the Identity Server Host Name (obj.conf File)

To enable users to access the Anonymous Desktop without typing the fully qualified domain name, you need to modify the Web-Container-Instance/config/obj.conf file.

  1. Edit the web server’s obj.conf file.
  2. After the line Object name=default, which is at the top, add the following lines, depending on whether you want authentication-less (authless anonymous) or anonymous access.
  1. Save the file and restart Portal Server software.

    2. /etc/init.d/amserver start

    Users can now view the Anonymous Desktop by typing the Portal Server software host name in their browser. The fully qualified domain name is no longer required.

    To Access the Anonymous Desktop through the Portal Server Host Name (index.html File)

To access the Desktop login page using a URL in the following form http://psservername, add some JavaScript™ to the web server’s index.html file.

  1. Add the following Javascript to the index.html file.

    		2.

    <HTML>

        <HEAD>

            <SCRIPT>

                document.location.href="/portal/dt?desktop.suid=uid=authlessano nymous,ou=People,dc=organization,dc=com" <-- for authless anonymous

            </SCRIPT>

        </HEAD>

    </HTML>

    This example assumes that /portal/dt is the user’s redirect URL.

  2. Verify that you can now access the Desktop by just typing the server name in the browser.

Disabling the Initial Identity Server Software Login Page and Always Use Anonymous Log In

    To always use Anonymous Log In
  1. Log in to the Identity Server software administration console as administrator.
  2. Navigate to the default organization or sub-organization.
  3. Choose Services from the View menu.
  4. Click the Properties icon next to Core.
  5. For the Authentication Menu, make sure Anonymous is selected and deselect all other entries.
  6. Click Save.
  7. Create the anonymous user. With the desired organization selected, choose Users from the Show menu.
  8. Click New.
  9. Select the services for the anonymous user.

    10. Typically, you select Desktop and NetMail.

  10. Type in the Create User screen with the following information.
    • UserID - anonymous
    • First Name - (blank)
    • Last Name - anonymous
    • Full Name - anonymous
    • Password - anonymous
    • Password (confirm) - anonymous
  11. Click the create button to create the user.

    12. When users type the URL to access the portal server in a browser, the anonymous Desktop comes up, bypassing the Identity Server software login page. This Desktop will have the login channel, where users can log in if desired.

Modifying the Anonymous Banner and Menu Bar

To change the banner for the Anonymous Desktop, you need to modify the /etc/opt/SUNWps/desktop/anonymous/banner.template file. To modify the menu bar, you need to modify the /etc/opt/SUNWps/desktop/anonymous/menubar.template file.

    To Change the Banner for the Anonymous Desktop
  1. Edit the banner.template file.
  2. Make your modifications.

    3. For example, you could change the following line to a background color or image of your choice:

    <td bgcolor="#333366"><img src="[surl:/images/productName.gif]" width="274 " height="38" alt="Sun Java System Portal Server"></td>

  1. Place your file in the appropriate directory.

    2. You can place your custom image files under the web server document root or you can deploy them in a custom web application archive. See the web server documentation for information on how to deploy a web application archive.

  1. Modify the menubar.template file. You could also make a new menubar.template file to replace the default one.

Adding the Login Channel to the Anonymous Desktop of a Newly Created Organization

The default organization in the sample portal is configured with the login channel on the Anonymous Desktop. This enables new users who do not already have a membership user account to sign up for a membership user account. The login channel is also the only way a user can log in when anonymous is the sole authentication module selected.

As you add new organizations, you might want to set up the login channel on the Anonymous Desktop of the new organization.

    To Add the Login Channel to the Anonymous Desktop of a Newly Created Organization
  1. Use the Identity Server software administration console to create the new organization (this example uses company22.com as the initial organization and sesta.com as the new one), register the appropriate services (Core, Membership, LDAP, Desktop, NetMail, User, and so on), create the service templates, and assign policies to execute Desktop and NetMail.

    2. See the Portal Server Administration Guide for details.

    Tip

    Make sure that the Desktop policy contains the rule to execute the Desktop, and that in the Core service you add Membership to the Authentication Menu.

  2. In the Identity Server software administration console, choose Organizations from the View menu in the Identity Management tab.
  3. Navigate to the newly created organization.
  4. Create a user account for the authless session.
    1. Choose Users from the View menu then click New.
    2. Select Desktop and NetMail for services then click Next.

      3. The Create User page opens in the data pane.

    3. Type values for the required fields. This example uses authlessanonymous as the user ID and authlessanonymous as the password.
    4. When done click Create.

      5. The authlessanonymous user ID appears in the list of users.

  5. Add the authlessanonymous user ID to the list of authorized users for the global Desktop service.
    1. Choose Service Configuration tab.
    2. Click the Properties arrow icon next to Portal Desktop.

      3. The Desktop attributes page opens in the data pane.

    3. Type the following for the Authorized Authentication-less User IDs attribute:

      4. uid=authlessanonymous,ou=People,dc=sesta,dc=com|authlessanonymous

    4. Click Add.
    5. Click Save.
  6. Load the display profile for the organization by using the dpadmin command.

    7. This example uses the dp-org.xml file as the display profile for the new organization, sesta.com.

    /opt/SUNWps/bin/dpadmin add -u "uid=amAdmin,ou=People,dc=sesta,dc=com" -w password -d "dc=sesta,dc=com" /opt/SUNWps/samples/desktop/dp-org.xml

  7. Copy the sample anonymous display profile, dp-anon.xml, to a new file.

    8. For example,

    <Reference value="Login"/>

    ...

    <String name="Login" value="1"/>

    ...

    <String value="Login"/>

    ...

    <Boolean name="Login" value="false"/>

    ...

    <Channel name="Login" provider="LoginProvider">

    You do not want to modify the sample dp-anon.xml file, as you may want to have it as a backup in case need it for reloading that for your default organization.

  8. Edit the dp-anon-sesta.xml display profile file to change every instance of the Login channel to LoginSesta.

    9. The lines of the dp-anon-sesta.xml display profile to be changed look like this:

    <Reference value="Login"/>

    ...

    <String name="Login" value="1"/>

    ...

    <String value="Login"/>

    ...

    <Boolean name="Login" value="false"/>

    ...

    <Channel name="Login" provider="LoginProvider">

    Note

    Do not change LoginProvider to LoginSestaProvider. The provider name must stay the same.

  9. Load the anonymous display profile for the authless user ID by using the dpadmin command.

    10. /opt/SUNWps/bin/dpadmin add -u "uid=amAdmin,ou=People,dc=sesta,dc=com" -w password -d "uid=authlessanonymous,ou=People,dc=sesta,dc=com" dp-anon-sesta.xml

  10. Create the channel templates for the new login channel.
    1. Change directories to the /etc/opt/SUNWps/desktop/desktoptype directory.

      2. cd /etc/opt/SUNWps/desktop/desktoptype

    2. Copy the Login directory contents to a new directory, LoginSesta.

      3. cp -r Login LoginSesta

    3. Change directories to the LoginSesta directory.

      4. cd /etc/opt/SUNWps/desktop/desktoptype/LoginSesta

    4. Change the Form action value from /amserver/login to /amserver/login?org=sesta.com in all the display template files (display.html, display_AuthLDAP.html, and display_AuthUnix.html).
    5. Change the “Sign me up” URL from <A HREF=”/amserver/login?module...> to <A HREF=”amserver/login?org=sesta.com&module...> in all the display template files.
  11. Set the Desktop type for the authless user.
    1. In the Identity Server software administration console, select the newly created organization.
    2. Choose Users from the View menu.
    3. Click the Properties arrow icon next to the authlessanonymous user ID.
    4. Select Edit at the end of the Desktop line in the data pane.
    5. In the popup window, type anonymous in the Desktop Type field and select Customize in the drop-down menu next to the text field.
    6. Click Save.
    7. Access the authless anonymous Desktop for the new organization by typing the following URL:

      8. http://psserver:port/portal/dt?desktop.suid=uid=authlessanonymous,ou=Pe ople,dc=sesta,dc=com

Modifying the Default Desktop (Container) for authlessanonymous User

To change the default channel name for authlessanonymous user from JSPTabContainer to another container, for example, JSPTableContainer, perform the following:

    To Change the Default Channel Name for Authlessanonymous User
  1. Log in to the administration console and select Users View for your organization.
  2. Select authlessanonymous and Portal Desktop from the View pull-down menu for authlessanonymous users.
  3. Select the Edit link.
  4. Change the Default Channel Name and select Customize from the pull-down menu.
  5. Select Save.
  6. Validate the change to the Desktop.


Previous      Contents      Index      Next     

Copyright 2004 Sun Microsystems, Inc. All rights reserved.