To enable anonymous or guest user to access the Identity Self-Service features of the User Application, follow the steps outlined in Table 2-2.
Table 2-2 Setting Up Anonymous Access
|
Task |
For more information |
|---|---|
|
Determine the guest account you want to use for the anonymous access. |
|
|
Assign the proper Identity Vault rights to the guest user. |
Define rights based on the features you want exposed to non-authenticated Web application users. In the User Application, you can expose identity portlets such as the search, detail, or chart and create portlet. You can also allow users to initiate a workflow. In these cases the guest user account is used to bind to eDirectory and perform the underlying LDAP operation. |
|
To perform Identity Self-Service tasks, create new pages and portlets specifically for guest access. |
|
|
To perform a resource request, use the resource request portlet. |
There are two ways to support anonymous or guest access to the User Application. You can:
Setup a dedicated user account. Set up the permissions that are needed for the activities of that anonymous user. Remember that if this user is inside the user container, this guest account is returned during searches of the tree. To prevent this, consider putting the guest user outside the user container.
Use the public LDAP guest account that corresponds to the [Public] object in eDirectory. The default access for [Public] is Browse rights to the entire tree. You must set up whatever permissions are necessary for this user to perform the guest tasks you provide. If you do not want all anonymous users to perform some of these tasks, this might not be the correct option for your installation.
The User Application allows you to specify only one type of anonymous user, and you are required to specify that user during installation. The installation options are:
Use Public Anonymous Account: This uses the LDAP guest account.
LDAP Guest: This is the dedicated user account.
You can modify your installation choice by running the configupdate utility after the installation is complete.