Portal, Express Beta Version 6.1 Operating systems: i5/OS, Linux,Windows

Enabling step-up authentication and/or the Remember me cookie

Step-up authentication provides authentication levels for pages and portlets. The Remember me cookie is an encrypted HTTP cookie that supports state-of-the-art authentication, which allows you to present personalized portlets and pages in a pubic area without asking the user to manually authenticate. Together, these two features allow remembered users to view anonymous pages and portlets with a standard or identified authentication level; if the level is set to authenticated, the user will have to provide a user ID and password to view the page or portlet.

1. Choose one of the following configuration options:

   Option	Description
   Enable both step-up authentication and the Remember me cookieNote: This option creates the standard, identified, and authenticated authentication levels.	Perform the following steps to enable step-up authentication and the Remember me cookie: Use a text editor to open the wkplc.properties file, located in the wp_profile\ConfigEngine\properties directory. Set enable_rememberme to true in the 'Step-up Authentication and Remember Me Config' properties section. Save your changes to the wkplc.properties file. Run the ConfigEngine.bat enable-stepup-authentication -DPortalAdminPwd=password -Dsua_user=user_name -Dsua_serversecret_password=password task from the wp_profile\ConfigEngine directory.
   Enable only step-up authenticationNote: This option creates the standard and authenticated authentication levels.	Run the ConfigEngine.bat enable-stepup-authentication -DPortalAdminPwd=password -Dsua_user=user_name -Dsua_serversecret_password=password task from the wp_profile\ConfigEngine directory.
   Enable only the Remember me cookie	Run the ConfigEngine.bat enable-rememberme -DPortalAdminPwd=password -Dsua_user=user_name -Dsua_serversecret_password=password task from the wp_profile\ConfigEngine directory.

2. Check the output for any error messages before proceeding with any additional tasks. If any of the configuration tasks fail, verify the values in the wkplc.properties file.
3. Perform the following steps to stop and restart the server1 and WebSphere_Portal servers:

   1. Open a command prompt and change to the wp_profile_root\bin directory.
   2. Enter the stopServer.bat server1 -user admin_userid -password admin_password command to stop the WebSphere Application Server.
   3. Enter the stopServer.bat WebSphere_Portal -user admin_userid -password admin_password command to stop the WebSphere Portal Express server.
   4. Enter the startServer.bat server1 command.
   5. Enter the startServer.bat WebSphere_Portal command.
4. Optional: Perform the following steps to create the identified authentication level:

   1. From the WebSphere Application Server Administrative Console, click Resources > Resource Environment > Resource Environment Providers.
   2. Click WP StepUpConfigService in the table.
   3. Click Custom Properties under Additional Properties.
   4. Click the value for the sua.authLevel.enable property.
   5. Add identified to the Value field so that you have the following: authenticated, identified.
   6. Click Apply.
   7. Click the Save link in the Messages box.
   8. Click Save.
5. Perform the following steps to stop and restart the server1 and WebSphere_Portal servers:

   1. Open a command prompt and change to the wp_profile_root\bin directory.
   2. Enter the stopServer.bat server1 -user admin_userid -password admin_password command to stop the WebSphere Application Server.
   3. Enter the stopServer.bat WebSphere_Portal -user admin_userid -password admin_password command to stop the WebSphere Portal Express server.
   4. Enter the startServer.bat server1 command.
   5. Enter the startServer.bat WebSphere_Portal command.
6. Perform the following steps to change the authentication level on a page or portlet:

   1. Click Launch > Administration.
   2. Click Resource Permissions under Access.
   3. Click either the Pages link or the Portlets link.
   4. Locate the page or portlet you want to change and click the Authentication Level link.
   5. Choose one of the following levels: Note: The following Authentication Levels are provided out-of-the-box. If you customized your step-up authentication, you may have different levels.

      Standard

      Set the Authentication Level to Standard if you want anonymous and identified users to view the page or portlet.

      Identified (if enabled)

      Set the Authentication Level to Identified if you want anonymous users to login and identified users to view the page or portlet.

      Authenticated

      Set the Authentication Level to Authenticated if you want anonymous and identified users to login to view the page or portlet.