2.4 Enabling Anonymous or Guest Access to the User Application

To enable anonymous or guest user to access the Identity Self-Service features of the User Application, follow the steps outlined in Table 2-3.

Table 2-3 Setting Up Anonymous Access

Task

For more information

Determine the guest account you want to use for the anonymous access.

See Establishing the Guest Account.

Assign the proper Identity Vault rights to the guest user.

Define rights based on the features you want expose to non-authenticated Web application users. In the User Application, you can expose identity portlets such as the search, detail, or chart and create portlet. You can also allow users to initiate a workflow. In these cases the guest user account is used to bind to eDirectory and perform the underlying LDAP operation.

To perform Identity Self-Service tasks, create new pages and portlets specifically for guess access.

See Section IV, Portlet Reference.

To perform a resource request, use the resource request portlet.

See Section 14.0, Resource Request Portlet.

2.4.1 Establishing the Guest Account

There are two ways to support anonymous or guest access to the User Application. You can:

  • Setup a dedicated user account. Set up the permissions that are needed for the activities of that anonymous user. Remember that if this user is inside the user container, this guest account is returned during searches of the tree. To prevent this, consider putting the guest user outside the user container.

  • Use the public LDAP guest account that corresponds to the [Public] object in eDirectory. The default access for [Public] is Browse rights to the entire tree. You must set up whatever permissions are necessary for this user to perform the guest tasks you provide. If you do not want all anonymous users to perform some of these tasks, this might not be the correct option for your installation.

The User Application allows you to specify only one type of anonymous user, and you are required to specify that user during installation. The installation options are:

  • Use Public Anonymous Account: This uses the LDAP guest account.

  • LDAP Guest: This is the dedicated user account.

You can modify your installation choice by running the configupdate utility after the installation is complete.