Change the login and logout pages for TAI

 

+
Search Tips   |   Advanced Search

 

---

By default, when unauthenticated users attempt to access the myportal page, they get redirected to the login screen located at wps/portal/.scr/Login to provide a user name and password. When using a WebSEAL or SiteMinder TAI for authentication, you no longer need to use the WebSphere Portal login screen. Instead, the login icon should point to the myportal page.

Do not make the changes that are described in the following steps until you have configured the Trust Association Interceptors to perform authentication for WebSphere Portal.

After completing the configuration to enable External Authentication, follow these steps to verify TAI operation:

1. Use this address to test the TAI from a Web browser:

   • https://WebSEAL_hostname/junction/wps/myportal

     Or

   • http://SM_agent_hostname/wps/myportal

   WebSEAL or SiteMinder should challenge you to authenticate. After you log in, be directed to the secure and personalized myportal page. If you are directed to the portal login screen at wps/portal/.scr/Login or the public page, there is a problem with the TAI configuration.

2. Make backup copies of the was_root/installedApps/node_name/wps.ear/wps.war/themes/html/ theme_name/ToolBarInclude.jsp files in the appropriate themes subdirectories. Edit the login button section in each file as shown in bold here:

   <%-- login button --%>
               <wps:if loggedIn="no" notScreen="Login">
                  <td class="wpsToolBar" valign="middle" align="<%=bidiAlignRight%>" nowrap>
                   <a class="wpsToolBarLink" href='<%= wpsBaseURL %>/myportal'> <wps:text key="link.login" bundle="nls.engine"/></a>
                  </td>
               </wps:if>
   

   Note (for Tivoli Access Manager only): Test the TAI by using Tivoli Access Manager to add a new user. From the pdadmin command line, enter the following command on one line:

    pdadmin>user create user_name user_dn cn

   And then enter:

    pdadmin>user modify user_name account-valid yes

   • Open and save the versions of Default.jsp that include each of the files that you edited in step 1. See the comments in each ToolBarInclude.jsp file for more information.

   • Make sure that WebSphere Portal is running, open your browser, and go directly to https://WebSEAL_hostname/junction/wps/myportal. WebSEAL will prompt you for a user ID and password. Enter the user ID and password that you created in the previous step. You should be taken to a new authenticated user page as the specified user.

3. Make a backup copy of the was_root/installedApps/node_name/wps.ear/wps.war/WEB-INF/web.xml file. Edit the file as shown in bold here:

   <login-config id="LoginConfig_1">

   <auth-method>FORM</auth-method>

   <realm-name>WPS</realm-name>

   <form-login-config id="FormLoginConfig_1">

   <form-login-page>/myportal</form-login-page>

   <form-error-page/error.html/form-error-page>

   </form-login-config>

   </login-config>

4. Optional: Make a backup copy of the wp_root/shared/app/config/services/ConfigService.properties file. Edit the file as specified here:

   redirect.logout= true
   redirect.logout.ssl=false or true, depending on your environment
   redirect.logout.url=protocol://host_name/logout_page
   

   where:

   protocol is the protocol of the ESM machine: http or https.

   host.name is the fully qualified host.name of the ESM machine.

   logout_page is the page that users will be directed to when they log out. Refer to the ESM Administrator's Guide for more information about using logout forms.

   The value for redirectlogout.url must appear on a single line.

5. Restart WebSphere Portal.

 

See also

• Using Tivoli Access Manager with WebSphere Portal

• Managing security

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.

 

Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.