Sun Java System Portal Server 7.2 Administration Guide

Chapter 3 Managing Organizations, Roles, and Users

Portal Server administrators can provide and limit access to content on a portal through the definitions of the identities of specific end users. You can set up portal pages, attributes and access policies so that portal content is available to specific entities. These entities include the following:

To manage organizations, roles, and end-users, Portal Server administrators must use both the Portal Server management console and the Sun JavaTM System Access Manager console. This chapter explains how Portal Server administrators can do this using the Access Manager. This chapter provides the following topics:


Note –

This chapter explains how to use Access Manager that is installed and configured to support Legacy Mode. For information about Legacy Mode and Realm Mode, see the Sun Java System Access Manager Administration Guide


Understanding How to Use Access Manager With Portal Server

Portal Server uses Sun Java System Access Manager services to manage attributes that are specific to Portal Server end users and applications. You must use the Access Manager console to manage tasks related to identity.

To control who has access to a portal site, Portal Server administrators must use the following tools:

Portal Server administrators must use Access Manager to perform the following tasks:

Access Manager uses the lightweight directory access protocol (LDAP).

For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.

Creating New Organizations for Portal Server

New organizations inherit services that are registered at the top-level Access Manager organization. Typical services that new organizations inherit include the following:

New organizations use LDAP authentication, and LDAP service settings are inherited from the corresponding global service.

For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.

ProcedureTo Create a New Organization to Use with Portal Server

  1. Log in to the Access Manager console.

    For information about Access Manager administration, see the Sun Java System Access Manager Administration Guide.

  2. Under Identity Management, select Organizations from the View menu.

  3. Click New to create a new organization.

  4. Specify the organization attributes.

    For example:

    Name

    TestOrganization

    Organization Aliases

    TestOrganization

  5. Click OK.

ProcedureTo Access a New Organization

  1. Type this URL in your browser:

    http://host:port/amserver/UI/Login?org=organizationalias

    host

    The name of the system that the console is running on.

    port

    The console's port number assigned during installation.

    organizationalias

    The value assigned to the Organization Alias attribute field.

Adding Portal Services to Organizations

Before the Portal is accessible, you must add several services to an organization. The services that you must add to the organization include the following:

Optional services that you can add include the following:

Procedure To Add Portal Services to an Organization

Portal requires several services to be added to an organization before the Portal Server is accessible to the organization. After you add Portal services to the organization, use the Portal Server management console to administer Portal Server settings. [When a PortalID Desktop service is added to an organization or a role, it specifies default settings. It do not inherit the PortalID Desktop service settings from an organization or a role above it. You need to use the Portal Service management console to manage these service settings as per your need.]

  1. Log in to the Access Manager console.

    For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.

  2. Under Identity Management, select Organizations from the View menu.

  3. Click your organization.

    For example: TestOrganization

  4. In the View menu for the organization, select Services.

  5. Click Add.

  6. Select the following services, if they are available in your deployment:

    • Mobile Application Configuration

      • Mobile Address Book

      • Mobile Calendar

      • Mobile Mail

    • Portal Server Configuration

      • portalID Desktop

      • portalID Subscriptions

      • SSO Adapter

    • Remote Portlets (WSRP)

      • portalID WSRP Consumer

    • Secure Remote Access Configuration

      • Access List

      • NetFile

      • Netlet

      • Proxylet

  7. Click OK.

ProcedureTo Specify Required Portal Services for New Users

After you add all of the Portal services to an organization, you must use the Access Manager console to add the services to newly created end-users so that they can access the Portal Desktop and whatever Portal services they need.

The Access Manager Administration service allows you to specify which services are dynamically added to end-user entries when they are created. If your Portal deployment allows users to be created, such as a "Sign-Me Up" feature, specify the Required Services setting in the Access Manager console for your organization.

Before You Begin

Add Portal services to the organization. See Adding Portal Services to Organizations.

  1. Log in to the Access Manager console.

    For information about Access Manager administration, see the Sun Java System Access Manager 7.1 Administration Guide.

  2. Add the Administration Service.

    1. Under Identity Management, select Organizations from the View menu.

    2. Click your organization.

      For example: TestOrganization

    3. In the View menu for the organization, select Services.

    4. Click Add.

    5. Select the Administration service and Click OK.

  3. Specify the setting for Administration Service Required Services.

    This setting specifies whether to assign all services in the required services list to a new end user.

    1. Select the Administration service setting.

    2. For the Required Services setting, specify the following services:

      • SunPortalportalIDDesktopService

      • SunPortalportalIDSubscriptionsService

      • SunMobileAppABService

      • SunMobileAppCalendarService

      • SunMobileAppMailService

      • SunSSOAdapterService

    3. Click Save.

  4. Log out of the Access Manager console.

Navigating to Specific Nodes

Portal Server uses Access Manager services to store application and user-specific attributes. To enable you to administer portal-related functions for an LDAP directory node (DN), the Portal Server management console provides details about the DN in a location bar, a horizontal strip below the row of tabs.

The location bar enables you to do the following:

A directory name can be a organization, role, or user name.

Understanding the Location Bar

The location bar provides the following functions:

ProcedureTo Set a New Directory Node

You can select a new DN without adding it to the location bar.

  1. Log in to the Portal Server management console.

  2. Select the Add button next to the location bar.

  3. Select the name of the DN using one of the following methods:

    • Select a DN listed in the window.

    • Use the Search utility:

      1. Type the search string.

        You can use wildcard characters.

        Search results are displayed by short name and corresponding directory node.

      2. Click the Search button.

  4. Click the Set Current DN button.

    The window closes, and the Selected DN field displays the new directory node. The directory node is not added to the location bar selections.

ProcedureTo Add a Directory Node to Location Bar Selections

When you add a directory node to the location bar menu, it is stored as a cookie so that the directory node is available in the same browser across sessions.

  1. Log in to the Portal Server management console.

  2. Select the name of the DN using one of the following methods:

    • Using the Add button:

      1. Click the Add button next to the Select DN menu.

        The Add to DNs List pop-up window opens and displays a list of available directory nodes.

      2. Select the desired DN.

    • Using the Search utility:

      1. Use the Search menu to select the object type.

      2. Type the Search string.

        You can use wildcard characters.

        Search results are displayed by short name and corresponding DN.

      3. Select the desired DN.

  3. Select the name of the directory node.

  4. (Optional) Edit the short name field to change the name that the directory node in the drop-down menu displays.

  5. Click the Add button.

    The directory node is added to the Select DN menu.

ProcedureTo Remove a Directory Node From Location Bar Selections

You can delete a directory node from the drop-down list displayed in the location bar. The directory node itself is not removed. To remove a directory name from the LDAP database, you must use Access Manager.

You cannot remove default organizations that were defined during installation.

  1. Log in to the Portal Server management console.

  2. From the Select DN drop-down menu, select the DN that you want to delete.

  3. Click the Delete button next to the Select DN drop-down menu button.

    The selected directory node is removed.

ProcedureTo Display Information for a Directory Node

  1. Log in to the Portal Server management console.

  2. Display information about a directory node using one of the following methods:

    • Type the name of the directory node in the Enter DN text box, and click the Go button.

    • Select the name of the directory node from the Select DN menu.