Configuring basic authentication allows the manual entry of user credentials in the personalize mode of the portlets. Basic authentication for the portlets is only supported if single sign-on is not already enabled between WebSphere
® Portal and IBM
Connections. If single sign-on is enabled, the basic authentication credentials that are entered in the personalize mode of the portlets are ignored.
Basic authentication is not intended for production use but for a test deployment or proof-of-concept deployments. Single sign-on is the only authentication configuration supported for production use.
- The Activity Stream and Library portlets do not support basic authentication.
- The Community Membership (VMM) Adapter does not support basic authentication. The steps to configure the adapter in the Integrating community membership with Portal security section and subsequent sections should not be completed until after single sign-on is configured.
- Do not configure directory services if you are deploying portlets using basic authentication. However, note that if you change to an authentication model that uses single sign-on, configuring directory services is a mandatory prerequisite.
If you use basic authentication for the portlets, every user must type in their personal credentials manually in the personalize mode of the portlets or shared credentials can be supplied from the Credential Vault.
If a user changes a valid user ID and password, the user must log out of Portal and log in again to refresh the credentials. If a user enters credential incorrectly, or updates an expired password, logging out and logging back in is not required.
- Set the authenticationMethod property to basicAuth in the file \WEB-INF\lcaccelerator\properties\lcaccelerator.properties in the deployed portlets war.
- Make sure that your changes are applied to all cluster members. Apply changes in the WAR file, redeploy the WAR, and synchronize the changes to all cluster members from the WebSphere deployment manager.
- Edit the proxy-config.xml file located at wp_profile\installedApps\<cell_name>\PA_icWEFPtlts.ear\snor.pf.portlets.war\WEB-INF and remove the following cookie settings from the policy definition for the Connections server to prevent the outbound requests to the Connections server from being authenticated with the LTPA token:
- If you change deployed applications, save the file, then restart the portlets application or the application server.
After you configure basic authentication, you can enable the portlets in one of the following ways:
- Users can log in to portlets using the Personalize mode.
- The Portal administrator can configure the portlets using the credential slot
To configure the portlets through a system slot:
- In Portal Server Administration choose Administration -> Access -> Credential Vault.
- Click Add a vault slot.
- Choose a vault and vault segment from select drop-down.
- Choose a vault resource to associate with the system slot. If no vault resource is associated with the vault slot, create a vault resource.
- Enter a vault slot name. This is the name that is seen in the configuration mode of the portlets.
- Check Vault Slot is shared.
- Enter a shared user ID and password to be stored in the system slot.
- (Optional) For Portal 8, the ADMIN_SLOTS virtual resource requires access permissions. Assign ADMIN_SLOTS "All Authenticated users" permissions. The ADMIN_SLOTS can be found under the virtual resource in the Resources Permissions Portlet
The settings on the personalize mode of the portlets overrides the settings in configuration mode. To enable the personalize mode in the portlets, the Portal administrator must perform step 1 and enable basic authentication.
Parent topic: Configuring authentication for the portlets