Step-up authentication

I was going through What's new in the IBM WebSphere Portal 6.0.1 and 6.1 Programming Model, slides and it has couple of Step-up Authentication- Application Flow.



The basic idea is if your not logged in you see data but when you want to perform say write operation or operation that requires user be logged in then you ask user to log in.

By default portal has concept of Anonymous User and All Authenticated Users. If you want to display a public page or display portlet on public page you can assign anonymous user rights and it works.

In Portal 6.1 there is concept of Remember Me cookie, that can remember the user who logged in from that browser and give you access to his name even before he is logged in. Because of Remember Me cookie portal has one additional authentication state identified, which happens when user's id is stored as persistent cookie on the browser and when he accesses the portal page the portal can identify user even before he logs in.

You can use identified authentication level to display few portlets or pages to user even if he is not logged in but if portal can identify the user from the remember me cookie.

In order to try this feature i decided to create Remember Me page, on that page i did add Remember Me portlet, which reads user name and prints it to System.out,(You can change it to display it on screen). I wanted to display this to only identified user. I followed these steps to do that


  • Assign Anonymous User - User access rights to both Remember Me page and Remember Me portlet

  • Then use Resource Permission Portlet to change access level of the Remember Me page and Remember Me portlet, like this. On this screen click on Standard Link


  • On the next page you will see three authentication levels like this

    Change the authentication Level to Authenticated. Assign authenticated level to both Remember Me page and Remember Me portlet




Now when you access portal and your not identified you wont see remember me page and portlet. But if your identified you will see that page.

This is list of authentication levels.

  1. Standard: Default and context-related authentication level

  2. Identified: User authentication using a persistent HTTP cookie

  3. Authenticated:User authentication using username and password



When you try to access authenticated resource user would be redirected to the login page.

3 comments:

srjwebsolutions said...



We are leading responsive website designing and development company in Noida.
We are offering mobile friendly responsive website designing, website development, e-commerce website, seo service and sem services in Noida.

Responsive Website Designing Company in Noida
Website Designing Company in Noida
SEO Services in Noida
SMO Services in Noida

Vikas Chaudhary said...

Battery Mantra is Authorized exide car battery dealer in Noida and Greater Noida. We are providing our service in Indirapuram, Delhi, Ashok Nagar.

Exide Battery Dealer in Noida
Battery Dealer in Noida
Authorized Battery Dealer in Noida
Car Battery Dealer in Noida
Car Battery Dealer
Exide Battery Dealer

EG MEDI said...

Egmedi.com is online medical store pharmacy in laxmi nagar Delhi. You can Order prescription/OTC medicines online.
Cash on Delivery available. Free Home Delivery


Online Pharmacy in Delhi
Buy Online medicine in Delhi
Online Pharmacy in laxmi nagar
Buy Online medicine in laxmi nagar
Onine Medical Store in Delhi
Online Medical store in laxmi nagar
Online medicine store in delhi
online medicine store in laxmi nagar
Purchase Medicine Online
Online Pharmacy India
Online Medical Store