Yogesh Mashalkar commented on Feb 20, 2013

Re: Automatic Portal Login of Identified Users via Remember Me Cookie

got thru the source...read the warranties & the intentions! :)

thanks again!

Yogesh Mashalkar commented on Feb 20, 2013

Re: Automatic Portal Login of Identified Users via Remember Me Cookie

Hi Matthias,

Thanks for the detailed explanation on the Remember Me scenario in Portal.

We plan to implement the same with Portal 8.0, could we use & extend upon the source as a reference?

Also i tried to access the source on Lotus Greenhouse but my IBM credentials wont work, any clue?

Thanks

Yogesh

Matthias X Falkenberg commented on Aug 19, 2011

Re: Automatic Portal Login of Identified Users via Remember Me Cookie

Argh, the xml code got removed from my previous post by the wiki. I will try escaping the characters myself.

[...]

<portlet action="update" domain="rel" name="Information Portlet" objectid="Z3_CGAH47L008LG50IAHUR9Q33GA3" uniquename="wps.p.Information.jsr">

<access-control auth-level="identified"/>

</portlet>

[...]

Matthias X Falkenberg commented on Aug 19, 2011

Re: Automatic Portal Login of Identified Users via Remember Me Cookie

Hello Erik,

That's not too difficult a task, because you can use the XML configuration interface aka XMLAccess for changing the authentication level of portlets as you have already suspected.

You will have to add/modify the element of the corresponding node as exemplified below.

[...]

[...]

Kind regards.

Erik Sorensen commented on Aug 18, 2011

Re: Automatic Portal Login of Identified Users via Remember Me Cookie

good article - we are going to implement this on our existing portal sites. any thoughts on easiest way (via xmlaccess?) to change the authentication level from "standard" to "identified" for the many existing portlets?

Pages were easy enough via one xml export, find/replace auth-level= attribute, re-import.

Matthias X Falkenberg commented on Aug 16, 2011

Re: Automatic Portal Login of Identified Users via Remember Me Cookie

Hello Gregory,

Setting uri.home.substitution to true will redirect authenticated users to the protected portal area when they attempt to access a resource from the public portal space. For instance, a user logs on to a portal and browses the site with the /myportal servlet path. At some point, the user clicks a URL that addresses the public portal area by using the /portal servlet path.

No two things can happen in a default Portal depending on the value of uri.home.substitution:

- false (default), the user is logged out and stays at /portal

- true, portal notices that an authenticated user makes a request to the public portal space and rewrites to the URL to point to /myportal, hence, the user stays in the protected portal area and continues browsing as authenticated user.

The session validation filter provided in this article will also redirect a user accessing the public portal area. However, the redirection does not depend on the user's current authentication status as it does in case of the uri.home.substitution. Moreover, there is a second condition - the presence of the remember me cookie - that is checked before performing the redirection.

Best regards.

Gregory J Watts commented on Aug 15, 2011

Session validation filter vs. uri.home.substitution?

So what is the difference between using the session validation filter provided in this article and setting the WP ConfigService custom property uri.home.substitution = true?

Matthias X Falkenberg commented on Jul 11, 2011

Re: Automatic Portal Login of Identified Users via Remember Me Cookie

Hello Sridhar,

Both features (remember me and step-up authentication) are also available in Portal V6.1.5. I just have not tested the sample code provided for this article with that Portal version. However, I would not see any reason why you should not reuse the sample code. I am currently not aware of any changes of Portal APIs that are used by the sample code.

Kind regards.

sridhar balasubramanian commented on Jul 7, 2011

Re: Automatic Portal Login of Identified Users via Remember Me Cookie

Hi,

I am using Websphere Portal 6.1.5. Would like to know how Remember me cookie and Step-up authentication can be implemented over there similar to how you had explained for Websphere Portal 7.