+

Search Tips   |   Advanced Search

Change the login and logout pages

By default, when unauthenticated users attempt to access the myportal page, they get redirected to the login page to provide a user name and password. When using a WebSEAL or CA eTrust SiteMinder TAI for authentication, you no longer need to use the IBM WebSphere Portal login page. Instead, the login icon should point to the protected portal page.

Change the login and logout pages:

  1. Locate the theme files containing the login and logout links.

    The files containing the login and logout links can be different, depending on the theme. In more recent themes, these links might be located in Default.jsp. In older themes, the links might be located in banner.jspf.

  2. Find theme resources

  3. Create a backup copy of the theme file before proceeding.

  4. Open the theme file and locate the section for the login button.

  5. Replace the login button anchor tag that is not commented out with the following JSP fragment: 
    <%-- comment this to enable screen login --%>  
<%-- loginOnClick is provided so the client-side aggregation theme can add this  --%>
<%-- link without creating a different copy of this file.  --%>

<portal-logic:if loggedIn="no">
    <c:if test="${empty loginOnClick}">
        <li class="wptheme-toolbar-last">
        <a href='<portal-navigation:url home="protected" screen="Home"/>'          
            <%=bidiDirAttr%>><portal-fmt:text key="link.login" bundle="nls.engine"/>
        </a></li>
    </c:if>
</portal-logic:if>
--%>

    The previous example uses the 'portal-fmt:' prefix to designate JSP tags from the tag library in portal.tld. Your custom JSPs might use a different tag prefix.

  6. Touch the Default.jsp file after editing any JSP files and before any restart.

    This updates the timestamp on the file to the current time and will signal a recompile of Default.jsp to incorporate the edit changes from other JSP files. Type: touch Default.jsp. An alternative is to edit (open and save) Default.jsp, which has the same effect as the touch command.

  7. Optional: Redirect the browser to navigate to the logoff page of the external security manager (ESM) after the WebSphere Portal logoff command executes. relating to logoff pages.

    • Security Access Manager WebSEAL provides http://webseal/pkmslogout as a special URL to terminate the WebSEAL single sign on session

    • In eTrust SiteMinder, the Web Agent configuration object contains a property named LogoffUri where we can supply a URL to terminate the eTrust SiteMinder login session

    Enable WebSphere Portal to execute the external security manager logoff URL after completing its logoff command:

    1. Specify the following values in WP_PROFILE/PortalServer/config/ConfigService.properties:

      • redirect.logout=true
      • redirect.logout.ssl=false or true, depending on the environment
      • redirect.logout.url=protocol://host/logout_page

      where protocol is the protocol of the ESM machine: http or https, host is the fully qualified host name of the ESM machine, and logout_page is the ESM page that users will be directed to when they log out. Refer to the ESM Administrator's Guide for information about using logout forms.

    2. Update the property:

        cd WP_PROFILE/ConfigEngine
        ./ConfigEngine.sh update-properties -DWasPassword=foo

    3. Restart the WebSphere_Portal server on the standalone server or on each cluster member.


Parent External security managers

Related concepts:

Understand the Portal v8.5 modularized theme

Related tasks: