Configuring Anonymous Logon with Named Anonymous Users

Prerequisites

This procedure requires you to restart SAP NetWeaver Application Server (AS) Java, so you should plan for the required downtime while the AS Java restarts.

Context

Use this procedure to configure the portal for anonymous logon with named anonymous users and using anonymous as the authentication scheme. The anonymous users are not issued a logon ticket.

By setting up anonymous logon with one or more named anonymous users, you can assign roles containing anonymous content to the named anonymous users. You can either assign the roles to the users individually or to the group Anonymous Users. If you define more than one anonymous user, you can assign different roles to the different anonymous users and set up different URLs to the portal, enabling you to control the anonymous content that portal users see.

Procedure

Create the anonymous users.

For more information about creating users, see Identity Management .

Example

Create users with the user IDs anon1 , anon2 , and anon3 .
Enter the user ID of the anonymous users in the user management engine (UME) property ume.login.guest_user.uniqueids.

For more information, see Editing UME Properties .

Example

ume. login. guest_user. uniqueids= guest,anon1,anon2,anon3
Restart the AS Java.

After you restart the AS Java, the users you defined in ume. login. guest_user. uniqueids are automatically included in the Anonymous Users group.

Note

At this point you can already access the portal in anonymous mode using the following URL:

<protocol> :// <hostname> : <port> /irj/portal/anonymous

You are logged on as the first user in the list of anonymous users and can see any anonymous content in the roles already assigned to the Anonymous or Everyone groups.
Create a role in which, for all pages and iViews, Authentication Scheme is set to anonymous.

By default iViews and pages that are part of the framework page, such as navigation iViews and the framework page itself, are defined as anonymous content. However, if you have created your own versions of these, you must ensure that they are set to the authentication scheme anonymous.

For more information about creating roles, see Content Administration .

For more information about changing page and iView properties, see Defining Property Attributes .

Caution

Since this role is available to anonymous users, you should ensure that it does not contain sensitive content, for example administration functions.
Assign the anonymous role you created to one of the anonymous users or to the Anonymous Users group.

Note

You can create various anonymous roles and assign different roles to different anonymous users. How you access the portal as a specific anonymous user is described below.
Assign a Portal Framework Page for the anonymous logon with named anonymous users.

For more information, see Configuring the Display of Portal Content .

Results

You have configured the portal for anonymous logon. Users can access the portal in anonymous mode by entering the following URL:

<protocol> :// <hostname> : <port> /irj/portal/anonymous

They are then logged on as the first user in the list of anonymous users in ume.login.guest_user.uniqueids. Users do not have to provide any form of authentication, unless one of the pages or iViews in the roles assigned to the anonymous user is not set to anonymous .

A log on link appears in the header area. When the user clicks on this link, the form-based logon screen appears giving users the option to register as portal users.

Possible Variations

Using a specific named anonymous user for anonymous logon

By default, users are logged on as the first user in the list of anonymous users in ume.login.guest_user.uniqueids . Optionally, you can define that a specific anonymous user is used to access the portal in anonymous mode by defining the guest_user parameter in the portal URL.

Example

The portal is accessed with the anonymous user anon2.

<protocol> :// <hostname> : <port> / irj/ portal/ anonymous?guest_user=anon2

Do this to present specific views to different types of anonymous users. For example, you have different anonymous users for different languages, such as English, French, and German. Or you define different roles, such as manager, developer, and support. Each user only sees the content you define for them.

Note

The named anonymous user is only valid for applications in the portal, in other words applications that exist under the URL <protocol> :// <hostname> : <port> /irj/. For iViews that lead to applications outside the portal, you are logged in with the default anonymous user (the first entry configured under ume.login.guest_user.uniqueids). This results in the situation where you are logged into the portal as a named anonymous user ( anon2 to continue the previous example), but for the application in the iView, you are logged in as the default anonymous user ( anon1).
Redirecting the standard portal URL to the anonymous portal

Rather than using the specific URL <protocol> :// <hostname> : <port> /irj/portal/anonymous to access the portal anonymously, you can redirect the standard portal URL <protocol> :// <hostname> : <port> /irj so that users are redirected to the anonymous version of the PortalLauncher iView when they launch this URL.

You redirect the standard portal URL as follows:
1. On the file server, open the following file:
  
  <drive> :\usr\sap\ <SID> \ <instance_number> \j2ee\cluster\serverX\apps\sap.com\irj\servlet_jsp\irj\root\index.html
  
  Make a backup copy of the file.
  
  This file contains the following line:
  
  <body onload="location.replace('portal' + document.location.search)"></body>
2. Change this line to the following:
  
  <body onload="location.replace('servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.anonymous' + document.location.search)"></body>
3. Restart the AS Java.
  
  As a result, when users now launch the portal using the standard portal URL <protocol> :// <hostname> : <port> /irj they are logged on as an anonymous user.