Implementing a Terms of Use (TOU) Acknowledgement in WebSphere Portal

 Here is a really nice article/post from Glenn Kline of Perficient which explains the steps to implement TOU acknowledgement in Portal. This is a common requirement in organizations having portal implementations and in the absence of any out of the box capability this post really comes to rescue.

Implement a Terms of Use Acknowledgement in WebSphere Portal by Glenn Kline

How to enable impersonation in WebSphere Portal

Working on one POC for the prospect and got the use case which is complete fit for the recently added impersonation feature in WebSphere Portal 6.1.x. Before drill down on how to enable this new feature first let's look at what exactly the impersonation means and how it is useful. This blog post provides same steps and info on impersonation as infocenter and Portal wiki but with some useful screenshots for easy understanding.

WebSphere Portal 6.1.5 has a feature called Impersonation that allows a user, such as a support specialist, to access another user's system to test out a new page, portlet, etc. and to see any issues as they occur on the end user system. In this case the support specialist assumes the profile of the end user with security access, user profile attributes, portal pages and portlet customizations.

Now let's see how to enable impersonation service in portal.

• Log on to the WebSphere® Application Server or Network Deployment Administration Console.
• Navigate to Resources -> Resource Environment -> Resource Environment Providers -> WP AuthenticationService -> Custom Properties. 

• Click New.
• Enter logout.explicit.filterchain in the Name field.
• Enter com.ibm.wps.auth.impersonation.impl.ImpersonationLogoutFilter in the Value field.

• Click Apply and then click Save to save the changes directly to the master configuration.
• Navigate to Resources -> Resource Environment -> Resource Environment Providers -> WP  PortletServiceRegistryService -> Custom Properties.
• Click New.
•  Enter jndi.com.ibm.portal.portlet.service.impersonation.ImpersonationService in the Name field.
•  Enter com.ibm.wps.portletservice.impersonation.impl.ImpersonationServiceImpl in the Value field. 

• Click Apply and then click Save to save the changes directly to the master configuration.
• Portal Access Control provides the ability to impersonate other users. For this reason, you must assign the Can Run As User role (WPS7.0) on the USERS virtual resource to the user (eg. wpsadmin) you plan as  impersonator after you enable the impersonation feature.
• Moving ahead with WPS 7.0, you are provided with default impersonation portlet. Login to portal and navigate to the impersonation link at the top of the banner as shown in the below screen.
• 

• In the Impersonation Portlet, search for the user you want to impersonate. For example : Test User

•  Click on the Impersonate button on the portlet and you will be presented with the view of Test User's portal session.

Few known limitations of Impersonation

• Client side aggregation does not support user impersonation. For this reason, ensure you do not activate client side aggregation on any portal pages where the impersonation portlet is deployed.

• When a user who is enabled for impersonation impersonates other users, the people awareness feature is disabled for the entire session for which that user is authenticated.
  
  
  Hope this post helps in understanding this really useful feature from the WebSphere Portal family. Few important references I want to suggest are as below..
  
  Enabling_user_impersonation_exp7
  user-impersonation-in-websphere-portal by codyburleson

Improve LDAP performance in VMM using attribute ibm-allGroups

Guys,

While searching for performance tuning tips, I found this really helpful article from Alex Lang  Portal administration and performance blog.

https://www.ibm.com/developerworks/mydeveloperworks/blogs/portalops/entry/using_ibm_allgroups_in_vmm_to_improve_ldap_performance6?lang=en

Users in nested LDAP group cannot view Portal content due to VMM group configuration properties

Come across this really helpful IBM document while searching for the exact solution. 

Users in a nested group in LDAP log in to the Portal successfully but do not see pages or portlets to which their group has been assigned access.

Here is a solution to that..

 https://www-304.ibm.com/support/docview.wss?mynp=OCSSHRKX&mync=R&uid=swg21496174&myns=swgws

Problem configuring portal 6 with AD 2007 on Windows 2008

It's been long break for me here. Busy with an SSO solution for one of our prestigious client. Will be posting on that as well in next few days.. :) But for now it's something which I encountered recently while enabling security of Portal 6.0 with AD 2007 hosted on Windows 2008.

During the enable-security-wmmur-ldap script, I was getting following error at the Portal server startup task.

Target started: action-configure-content-security

action-configure-content-security:
xmlaccess EJPXB0006I: Connecting to URL http://localhost:10038/wps/config/
xmlaccess EJPXB0002I: Reading input file D:\WPS6\IBM\WEBSPH~1\PORTAL~1\config\work\ContentAdminGroupsPAC.xml
Error 404: Initialization of one or more services failed.
xmlaccess EJPXB0015E: Server response indicates an error.
xmlaccess EJPXB0015E: Server response indicates an error.
xmlaccess EJPXB0006I: Connecting to URL http://localhost:10038/wps/config/
xmlaccess EJPXB0002I: Reading input file D:\WPS6\IBM\WEBSPH~1\PORTAL~1\config\work\ContentUserGroupsPAC.xml
Error 404: Initialization of one or more services failed.
xmlaccess EJPXB0015E: Server response indicates an error.
xmlaccess EJPXB0015E: Server response indicates an error.
Mon Jan 31 21:59:35 IST 2011
Target started: action-init-accesscontrol

action-init-accesscontrol:
echo Calling ContentModelInitializer
Target finished: action-init-accesscontrol
Target finished: action-configure-content-security
Target finished: enable-security-wmmur-ldap

When I checked the sysout.log file I found the following error.

1/31/11 21:54:22:023 IST 0000000a Servlet E com.ibm.wps.engine.Servlet init EJPFD0016E: Initialization of service failed.
com.ibm.wps.ac.DomainAdministratorNotFoundException: EJPSB0107E: Exception occurred while retrieving the identity of the domain adminuser/admingroup cn=wpadmin,cn=users,dc=newmail,dc=com.

When I troubleshooted further, I found that this is because of the password policy implementation in WPS which restricts some special characters to be used as usename and password. In windows 2008 you have certain password policy constraints that prevents a plain password to be entered while creating a user. You atleast need to enter one special character.

I found this link on the infocenter which elaborates on the special characters for username and password.

http://publib.boulder.ibm.com/infocenter/wpdoc/v6r0/index.jsp?topic=/com.ibm.wp.ent.doc/wpf/sec_chars.html

Based on this I have used "Underscore" in the password rather then restrictive special characters in WPS while creating user in AD and then try running the above task and it successfully completed.

Hope this small troubleshooting may help somebody in his hard times with portal integration with LDAP.

Step-by-Step Cluster Guide for IBM WebSphere Portal v7.0.0

Just got this link for Creating cluster in WebSphere Portal V7.0.

Step-by-Step Cluster Guide for IBM WebSphere Portal v7.0.0

Where to learn WebSphere Portal Administration

As WebSphere Portal moving into the new version with more facilities and functionality, more it's getting attention as a robust technology and more people want to know about it and learn about this product as a technology.

I can see that in IBM forums and different communities where people are showing there eagerness about this product and want to find out how they can start learning it. For those enthusiasts, I have prepared some useful links to start with. This is mainly a WebSphere Portal administration know how but you can still get a fare amount of idea on WebSphere Portal as a product.

1. WebSphere Portal Infocenter : This is a one stop shop for you. You will get everything here. It's updated frequently to cover all the necessary updates the product might have for you. http://publib.boulder.ibm.com/infocenter/wpdoc/v6r1/topic/com.ibm.wp.ent.doc_v615/welcome_main.html
2.  WebSphere Portal Family Wiki : Wiki covers all the learning resources as well as case studies and best practices. http://www-10.lotus.com/ldd/portalwiki.nsf
3. WebSphere Portal Product Documentation Site: This site contains all the relevant documentation for the product version wise.                             http://www.ibm.com/developerworks/websphere/zones/portal/proddoc.html#v70proddocwiki
4. WebSphere Portal Developerworks Forum : You can exchange you knowledge with some of the experts here and can post your query about the product. http://www.ibm.com/developerworks/forums/forum.jspa?forumID=168
5. WebSphere Portal Developerworks Zone :                                                              http://www.ibm.com/developerworks/websphere/zones/portal/
6. IBM WebSphere Portal Channel on YouTube :  IBM WebSphere Portal YouTube channel provides demos and videos to help you get the most out of WebSphere Portal. http://www-10.lotus.com/ldd/portalwiki.nsf/dx/IBM_WebSphere_Portal_channel_on_YouTube
7. Resources for IBM WebSphere Portal Administrators and Developers: http://www-10.lotus.com/ldd/portalwiki.nsf/xpViewCategories.xsp?lookupName=Resources%20for%20WebSphere%20Portal%20administrators%20and%20developers

Hope I have covered most of the resources link which can give good reference to the product. You can always add in to make it more compiled list.