Anonymous logon for external sites
Hi SAP Portal Community,
When we set up an external facing portal demo use case some time ago, I noticed that it is not easy to find all relevant information in one single place. Of course, there is lots of information in the documentation and on SCN, but still you have to find it. That’s why I decided to create one single blog to bring the information from these different sources together in one place without explaining everything again.
Here are some things you should consider what setting up anonymous logon for your portal:
Setting up anonymous logon is described really nicely in the portal documentation. Read Configuring Anonymous Logon with Named Anonymous Users to get an overview of the steps.
In some cases you might not want to use standard URL alias /portal/anonymous for your anonymous users. In this case, you could either redirect the standard portal URL to the anonymous portal as described in the same article in the documentation. Or you might want to create a different portal alias and use this for anonymous access. Here is how to do that:
- Open System Administration > Portal Display > URL Alias Manager
- Create a new Alias Manager
- Enter the alias which you want to use for anonymous login as name and select the Enable anonymous user access check box. Click save.
- Open the master rule collection and assign a portal desktop to the newly created URL alias.
Web Dynpro: By default, the portal does not allow to open Web Dynpro content with an anonymous user. To allow this, you have to assign permissions for the component WebDynproPageBuilder to the anonymous user or group. This is described in detail in note 1031159 .
2. Knowledge Management
Anonymous logon to Knowledge Management is often needed for external sites, even when you do not want to use it for sharing documents with external users. But you might want to display images as part of the portal desktop or the login page. In this case, you need to adapt some settings in KM configuration for enabling anonymous access. See note 837898 for details.
Besides that, you have to set the authentication scheme property to anonymous for KM iViews .You can find a really old (NW 04), but still valuable guide about that on SCN.
There are some restrictions for anonymous KM and some recommendations which you should observe to ensure your anonymous KM is secure:
- Use strict ACL settings: Assign permissions for anonymous users explicitly for the required documents and folders. Avoid assigning permissions to group Everyone, but use group Authenticated Users instead.
- Remove permissions for anonymous users for /userhome/<guestid> und /entrypoints/recent
- Restrict access to UI commands for anonymous users by assigning reduced command groups to layout sets and renderers used.
- Keep in mind that some UI commands like permissions are displayed to anonymous users with read access.
See the documentation for more details.
3. SAP Portal Content Management by OpenText (PCM)
Since SP3, PCM also supports anonymous login and allows routing Content Server requests through the portal, which enables customers to hide the content repository inside the firewall instead of exposing the Content Server to the Internet in external facing scenarios. This is really useful to share documents like general guidelines or process descriptions with an external audience. A great part of the necessary settings for anonymous access is already set by default, so you do not have much configuration work. All PCM end user iViews, for example, already have the authentication scheme property set to anonymous and the technical portal user pcm_anonym also comes with the standard deployment.
These are the steps that are still necessary:
- Register the pcm_anonym user in OpenText Directory Services. It is recommended to add it to the OTDS user partition pcm_technical_users, where the technical search user should also be managed.
- Assign PCM roles to anonymous users/group. For external facing scenarios there is a dedicated OpenText PCM External Facing role with specific configuration.
- Assign read rights for the Web Dynpro component as described in the portal section above.
- Enable anonymous links for folders: This feature enables logged in users to share links to folders and documents that are accessible for anonymous users via email as anonymous link.
You can find more details in PCM Installation and Configuration Guide section 7.8.
4. SAP Portal Site Management by Opentext (PSM)
Since external and anonymous access is a basic feature of Web Site Management, it is also supported by PSM without much configuration. With SP3, even no additional portal configuration at all is required.The anonymous users of the portal are automatically mapped to the anonymous user of the Delivery Server and the PSM pages that were assigned to the user’s roles are displayed.
5. Web Page Composer
To enable anonymous users to view WPC content in your portal, you have to execute some steps which Saar Dagan described in detail in the Anonymous User in WPC – Quick Guide. In a nutshell, the Authentication Scheme property needs to be assigned to the design time page template. Then the authentication scheme must be set to anonymous for the runtime toolbar iView and all pages that you want to show to anonymous users. Finally, you have to assign read permission to the anonymous user (group).
This blog is part of a series about creating sites with SAP NetWeaver Portal. If you liked this one, check out the rest!