Enportal/5.5/admin/system administration/System Settings: Difference between revisions

imported>Doug yeager
imported>Jason.nicholls
No edit summary
 
(13 intermediate revisions by 2 users not shown)
Line 4: Line 4:
The system is installed with pre-defined settings for both login page and look and feel (LAF) and without a password policy in place. Through
The system is installed with pre-defined settings for both login page and look and feel (LAF) and without a password policy in place. Through
the '''Advanced Tab''' -> '''System Settings''', administrators can assign a system login page and system LAF that will override the default out of the box settings as well as creating a system password policy.
the '''Advanced Tab''' -> '''System Settings''', administrators can assign a system login page and system LAF that will override the default out of the box settings as well as creating a system password policy.
[[File:enportal-5.5-system-settings.png|frame|System Settings sub-menu]]
[[File:enportal-5.5-system-settings.png|frame|center|System Settings sub-menu]]




== System Login Page ==
== System Login Page ==


=== System Login Page ===
The system login page is the page that all users will see when they first access the system.  
The system login page is the page that all users will see when they first access the system.  
Login pages must exist on the enPortal server in the <tt>[INSTALL_HOME]/server/webapps/enportal/login_pages</tt> directory. Take a look in this directory to see the available options included with a default enPortal install:
* (no sub-directory): classic Edge Dark login page
* <tt>edgeLight</tt>: classic Edge Light login page
* <tt>edgeDark_css3</tt>: new Dark login page themed using CSS for easier customization
* <tt>edgeLight_css3</tt>: new Light login page themed using CSS for easier customization
* <tt>edgeFlat</tt>: new Flat login page themed using CSS for easier customization


{{Note|The login page can be changed for individual domains, by specifying a custom login page per [[enportal/5.5/admin/user_administration/enPortal_provisioning#Domains|domain]]. The login page specified for a domain takes precedence over the system setting.}}
{{Note|The login page can be changed for individual domains, by specifying a custom login page per [[enportal/5.5/admin/user_administration/enPortal_provisioning#Domains|domain]]. The login page specified for a domain takes precedence over the system setting.}}
Line 17: Line 24:


=== Assigning a System Login Page ===
=== Assigning a System Login Page ===
<br>


Perform the following steps to assign a system login page.
Perform the following steps to assign a system login page:


# Log in to enPortal as an administrator.
# Mouse over the '''Advanced''' tab and then '''System Settings''' and click on '''System Login Page'''.
# Mouse over the '''Advanced''' tab and then '''System Settings''' and click on '''System Login Page'''.
# In the input field, enter the subdirectory (if applicable) and the file name for the login page you would like to use. The relative directory for this field is <tt>[INSTALL_HOME]/server/webapps/enportal/login_pages/</tt>.{{Note| You should keep customized login pages in the <tt>/custom</tt> directory. An example of a value for this field is "<tt>custom/<i>customerName</i>/<i>loginPageName</i>.jsp</tt>"}}
# In the input field, enter the subdirectory (if applicable) and the file name for the login page you would like to use. This is relative to the <tt>.../login_pages/</tt> directory. So for example to use the edgeFlat login page, set this field to <tt>edgeFlat/login.jsp</tt>.
# Click the ''Save'' button.
# Click the ''Save'' button.
# Logout of the portal and confirm that the correct login page is displayed.
# Logout of the portal and confirm that the correct login page is displayed.


=== How to disable 'GET' login requests ===
=== Modifying Login Pages ===
<br>
 
{{Warning|Do not directly modify the login pages shipped with enPortal as these files are not backed up and may be replaced on upgrade.}}
 
Modifying the login page may be as minimal as changing the logo, or adjusting some of the theming, or completely writing everything custom. In all cases the existing shipped pages and resources should serve as a starting template. The recommended approach is to:
 
# Choose one of the existing login pages to start with, it's best to use the CSS-based pages if the goal is to simply change the logo and look'n'feel.
# Make a copy of the login page sub-directory with all it's files and sub-directories into a new directory, for example: <tt>[INSTALL_HOME]/server/webapps/enportal/login_pages/customLoginPage</tt>
# Make changes only to this new copy as needed.
# Update the system to use the new login page (see previous section)
# Except for the system shipped login pages, all other sub-directories under <tt>login_pages</tt> are automatically included in backup archives.
 
To test make sure to log out of enPortal, clear your browser cache, and reload the login page.


To improve security administrators may want to disable the ability to pass login information over HTTP GET requests.  Perform the following steps to disable GET Login requests:
==== Custom Login Page Examples ====


# Edit the file: server\webapps\enportal\WEB-INF\config\custom.properties
For more information and examples on modifying or creating completely custom login pages refer to the [[enportal/5.5/admin/system_administration/system_settings/custom_login_pages|Custom Login Pages]] documentation.
# Add the line: ''dispatch.loginPostOnly=true''
# Restart the enportal process.


== Look and Feel ==
== Look and Feel ==
Line 89: Line 103:
# Confirm that the correct policy is applied by changing a test user's password.
# Confirm that the correct policy is applied by changing a test user's password.


{{Note|In order to change password for users that are managed by ldap, you must specify a [[enportal/5.5/admin/user_administration/enPortal_LDAP_configuration#Configuring_LDAP_Managed_Domains|Pluggable Authenticator]] in the domains managed by this ldap and ensure the [[enportal/5.5/admin/user_administration/enPortal_LDAP_configuration#Configuring_LDAP_Repositories|Repository URL]] starts with <tt>ldaps://</tt> and uses a secured port (default 636).<br/><br/>Additionally some ldaps like MS Active Directory and OpenLDAP requires ldap server's SSL certificate to be imported into java cert library running portal. Please read this [[enportal/5.5/admin/user_administration/enPortal_LDAP_configuration#LDAP_With_SSL|section]] on how to set it up. Additional example for importing MS Active Directory SSL certificate into java cert lib can be found [https://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory here].<br/><br/>Currently portal is delivered with two authenticators that allowed for ldap user password changes: '''Microsoft Active Directory''' and '''OpenDS'''.}}
=== LDAP Authentication ===


When using external authentication via LDAP the password policy should mirror the policy defined for the LDAP system. It may be more applicable to apply this policy just to the LDAP Domain.


=== LDAP Password Policy ===
Refer to the [[enportal/5.5/admin/user_administration/ldap_configuration|LDAP Configuration]] documentation for more information on configuring LDAP including supported features depending on the LDAP server.
<br>
When the portal system is backed by an external LDAP; the password policy settings should mirror those defined in your LDAP system. In some cases you will need to configure domain specific policy rules.
 
{{Note|If you are not receiving Password Warnings for expiration in x days.  Check to see if your LDAP Server supports policy controls (ex: SunOne DirectoryServer; if it does not you will need to add the following line to server/webapps/enportal/WEB-INF/config/custom.properties: ldap.policyControlSupported=true}}

Latest revision as of 06:50, 26 February 2015


The system is installed with pre-defined settings for both login page and look and feel (LAF) and without a password policy in place. Through the Advanced Tab -> System Settings, administrators can assign a system login page and system LAF that will override the default out of the box settings as well as creating a system password policy.

System Settings sub-menu


System Login Page

The system login page is the page that all users will see when they first access the system.

Login pages must exist on the enPortal server in the [INSTALL_HOME]/server/webapps/enportal/login_pages directory. Take a look in this directory to see the available options included with a default enPortal install:

  • (no sub-directory): classic Edge Dark login page
  • edgeLight: classic Edge Light login page
  • edgeDark_css3: new Dark login page themed using CSS for easier customization
  • edgeLight_css3: new Light login page themed using CSS for easier customization
  • edgeFlat: new Flat login page themed using CSS for easier customization
Template-note.png
The login page can be changed for individual domains, by specifying a custom login page per domain. The login page specified for a domain takes precedence over the system setting.


Assigning a System Login Page

Perform the following steps to assign a system login page:

  1. Mouse over the Advanced tab and then System Settings and click on System Login Page.
  2. In the input field, enter the subdirectory (if applicable) and the file name for the login page you would like to use. This is relative to the .../login_pages/ directory. So for example to use the edgeFlat login page, set this field to edgeFlat/login.jsp.
  3. Click the Save button.
  4. Logout of the portal and confirm that the correct login page is displayed.

Modifying Login Pages

Template-warning.png
Do not directly modify the login pages shipped with enPortal as these files are not backed up and may be replaced on upgrade.

Modifying the login page may be as minimal as changing the logo, or adjusting some of the theming, or completely writing everything custom. In all cases the existing shipped pages and resources should serve as a starting template. The recommended approach is to:

  1. Choose one of the existing login pages to start with, it's best to use the CSS-based pages if the goal is to simply change the logo and look'n'feel.
  2. Make a copy of the login page sub-directory with all it's files and sub-directories into a new directory, for example: [INSTALL_HOME]/server/webapps/enportal/login_pages/customLoginPage
  3. Make changes only to this new copy as needed.
  4. Update the system to use the new login page (see previous section)
  5. Except for the system shipped login pages, all other sub-directories under login_pages are automatically included in backup archives.

To test make sure to log out of enPortal, clear your browser cache, and reload the login page.

Custom Login Page Examples

For more information and examples on modifying or creating completely custom login pages refer to the Custom Login Pages documentation.

Look and Feel


You can specify a default system look and feel (LAF) so that the appropriate LAF is displayed when a user logs in. A default LAF can also be assigned to a role, domain, or user.

Order of Precedence


The order of precedence for LAF assignments is as follows:

This means that when an user logs in, the system determines if an LAF has been assigned to the role, then it displays the the LAF assigned to the role. If there is no LAF assigned to the role, then it displays the LAF assigned to the user, and if there is no assignment, it checks the domain and then the system.


Assigning a System Look and Feel


Perform the following steps to assign a system look and feel (LAF).

  1. Log in to enPortal as an administrator. (Non-administrative users are not allowed to set the System LAF.)
  2. Mouse over the Advanced tab and then System Settings and click on System LAF.
  3. Select the desired LAF from the drop-down box.
  4. Click the Save button.
  5. Refresh the browser page and confirm that the correct LAF is displayed assuming no LAF is assigned to administrator user, role, or domain directly.

System Password Policy


System Password Policy


The setting in the system password policy will affect all users in the portal system and in external LDAP. When setting the policy for LDAP users, it is strongly recommended that the system policy matches that of LDAP because most of the LDAPs do not give good error messages when user's password failed its policy.

Template-note.png
The password policy can be changed for individual domains, by specifying a custom password policy per domain. The password policy specified for a domain takes precedence over the system setting.


Assigning a System Password Policy


Perform the following steps to assign a system password policy.

  1. Log in to enPortal as an administrator.
  2. Mouse over the Advanced tab and then System Settings and click on System Password Policy.
  3. Make the desired changes in the three sections: Password, Syntax, and Lockout
  4. Click the Save button.
  5. Confirm that the correct policy is applied by changing a test user's password.

LDAP Authentication

When using external authentication via LDAP the password policy should mirror the policy defined for the LDAP system. It may be more applicable to apply this policy just to the LDAP Domain.

Refer to the LDAP Configuration documentation for more information on configuring LDAP including supported features depending on the LDAP server.