Change the login and logout pages
By default, when unauthenticated users attempt to access the myportal page, they get redirected to the login screen to provide a user name and password. When using WebSEAL or eTrust SiteMinder for authentication, you no longer need to use the IBM WebSphere Portal login screen. Instead, the login icon should point to the myportal page.
To change the login and logout pages:
- Make backup copies of the following two files:
- AppServer_root/installedApps/node/wps.ear/wps.war/themes/html/theme_name/banner_toolbar.jspf
- AppServer_root/installedApps/node/wps.ear/wps.war/themes/html/theme_name/mainMenu.jsp
- Open banner_toolbar.jspf located in each theme's directory and subdirectory and find the login button section.
- Replace the login button anchor tag that is not commented out with the anchor tag. ...
<a class=wpsToolBarLink href='<%= wpsBaseURL %> /myportal'> <wps:text key="link.login" bundle="nls.engine"/> </a>The following example shows what the banner_toolbar.jspf will look like after adding the above anchor tag:
<%-- Comment this to enable screen login --%> <portal-logic:if loggedIn="no"> <portal-navigation:urlGeneration contentNode="wps.Login"> <!-- Commented out the next href for Changing the Login Page <a tabIndex="7" class="toolbarLink" href='<% wpsURL.write(escapeXmlWriter); %>' > <portal-fmt:text key="link.login" bundle="nls.engine"/> </a> --> <a tabIndex="7" class="toolbarLink" href='<%= wpsBaseURL %>/myportal'> <portal-fmt:text key="link.login" bundle="nls.engine"/> </a> </portal-navigation:urlGeneration> </portal-logic:if> <%-- Uncomment this to enable screen login <portal-logic:if loggedIn="no" notScreen="Login"> <a class="toolbarLink" href='<%= wpsBaseURL %>/myportal'> <portal-fmt:text key="link.login" bundle="nls.engine" /> </a> </portal-logic:if> --%>The previous example uses the 'wps:' prefix to designate JSP tags from the tag library in portal.tld. Your custom JSPs might use a different tag prefix.
The following example shows what the mainMenu.jsp will look like after adding the above anchor tag:
<%-- Login button --%> <%-- Comment out to enable screen login --%> <portal-logic:if loggedIn="no"> <portal-navigation:urlGeneration contentNode="wps.Login" themeTemplate=""> <c:set var="menuTitle"> <portal-fmt:text key="link.login" bundle="nls.engine" /> </c:set> <% if (menuItemCount > 0 ) { %>,<% } %> "asynchDoFormSubmit('<%= wpsBaseURL %>/myportal');" '<c-rt:out value="<{menuTitle}" escapeXml="true" />',"<{defaultPageIconUrl}" <% menuItemCount++; %> </portal-navigation:urlGeneration> </portal-logic:if> <%-- Uncomment to allow screen login <portal-logic:if loggedIn="no"> <c:set var="menuTitle"><portal-fmt:text key="link.login" bundle="nls.engine" /></c:set> <% if (menuItemCount > 0 ) { %>,<% } %> "asynchDoFormSubmit('<%= wpsBaseURL %>/myportal');" '<c-rt:out value="<{menuTitle}" escapeXml="true" />'," <{defaultPageIconUrl}" <% menuItemCount++; %> </portal-logic:if> --%>- Touch Default.jsp after editing any JSP files and before any restart.
This updates the timestamp on the file to the current time and will signal a recompile of Default.jsp to incorporate the edit changes from other JSP files. Type: touch Default.jsp. An alternative is to edit (open and save) Default.jsp, which has the same effect as the touch command.
- After updating...
...restart WebSphere Portal unless reloading is enabled.
- Open and save the versions of Default.jsp that include each of the files that you edited in a previous step.
- Redirect the browser to navigate to the logoff page of the external security manager (ESM) after the WebSphere Portal logoff command executes. (Optional)
- Tivoli Access Manager WebSEAL provides...
http://webseal/pkmslogout...as a special URL to terminate the WebSEAL single sign on session
- eTrust SiteMinder provides a Web Agent configuration object that contains a property...
LogoffUri...where you can supply a URL to terminate the eTrust SiteMinder login session
- To enable WebSphere Portal to execute the ESM logoff URL after completing its logoff command:
- Set the following values in the configuration service:
- redirect.logout=true
- redirect.logout.ssl=false|true
- redirect.logout.url=protocol://host_name/logout_page
...where...
- Run the following task to update the property:
cd WP_PROFILE/ConfigEngine
./ConfigEngine.sh update-properties
- Change the form-login-page attribute in web.xml (Optional):
- Access the WAS or DMGR console and export the wps.ear file.
- From the exported ear file, edit the attribute form-login-page in...
AppServer_root/installedApps/node/wps.ear/wps.war/WEB-INF/web.xml...and replace (depending on current settings) /redirect or /myportal with a JSP to be called if the TAI login is not invoked.
- Copy the wps.jsp file to taiError.jsp and modify it to show a message if the TAI login fails. For example...
<%@ page session="false" buffer="none" %@> <TABLE border="0"> <TBODY> <TR> <TD> <IMG border="0" src="images/welcome_5.gif" height="46"> <H2>You've reached this page in error. </H2></TD> <TD></TD> </TR> <TR> <TD>The TAI failed to authenticate you</TD> <TD><IMG border="0" src="images/microphone.gif" height="94"></TD> </TR> <TBODY> </TABLE>- Repackage wps.ear.
- Import wps.ear using the WAS/DMGR console.
- Run the following task to modify the attribute:
In a clustered environment, run the task from the primary node.
./ConfigEngine.sh wp-modify-attributes-ear-wps from the WP_PROFILE/ConfigEngine- Synchronize all the nodes in a clustered environment.
- Restart WebSphere Portal on the standalone server or on each cluster member
- Stop and restart the server1 and WebSphere_Portal servers:
cd WP_PROFILE/bin
./stopServer.sh server1 -username adminid -password passwd
./stopServer.sh WebSphere_Portal -username adminid -password passwd
./startServer.sh server1
./startServer.sh WebSphere_Portal
Parent topic
External security managers