Deploy portlets in a secure environment

 

+
Search Tips   |   Advanced Search

 


WebSphere Portal provides two user authentication modes that the Portlet Deployment Manager can use to authenticate with the WAS administrative services when portal security is enabled. The authentication modes are specified by the use.admin.user property in the DeploymentService.properties file.

The following two methods are supported in both a standalone or clustered environment.

  • Single ID method (use.admin.user=true)

    This is the default mode. Use a single user ID for all Portal administrative users who issue WAR deployment requests. In this mode, the single user ID must be registered with WAS Console User with Administrator rights. This ID is usually the WAS user defined for Portal installation and configuration tasks as specified by the WasUserId property in the wpconfig.properties file. The ID is registered with portal when enabling security.

    If set to true, the WasUserId defined in wpconfig.properties must match the ServerUserID configured in the LDAP security settings in WAS.

    When using the single ID method, the value of WasUserId must match ServerUserId configured in the LDAP security settings in WAS. If you are installing to a WAS that already has security enabled, ensure that the ServerUserID used to activate WAS security is what you use for WasUserId before installing or configuring WebSphere Portal.

    If you change the ServerUserId after setting up security with WebSphere Portal, you will be unable to deploy portlets because ServerUserId and WasUserId no longer match. Use one of the following two ways to correct this problem:

    • Add the WasUserId value to the list of authorized console users in WAS.

    • Follow these steps to change the WAS administrative user ID within WebSphere Portal:

      1. Update the WasUserID property.

      2. Run the following two tasks from the wp_root/config directory:

        ./WPSconfig.sh action-remove-deployment-credentials
        ./WPSconfig.sh action-create-deployment-credentials

  • Multiple ID method (use.admin.user=false)

    Use the login ID of the WebSphere Portal user who issued the WAR deployment request. In this mode, every Portal user with portlet deployment rights must be added to the WAS Console User list with Administrator rights. Alternatively, you can add the Group of Portal Administrators to the WAS Console Group with Administrator rights.

    The main difference between the two methods is that single ID method uses a preset ID regardless of who you log in to WebSphere Portal as while the multiple ID method uses the ID you logged in with but you cannot deploy a portlet unless your ID is added to the WAS Console Group with Administrator rights.

     

    See also

     

    WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

     

    IBM is a trademark of the IBM Corporation in the United States, other countries, or both.