Configuring User Names when Using Anonymous Access Control

Users need access to their macros, user configurations, and other personalized settings whether they are authenticated through Management and Security Server or not. These settings are collectively referred to as User Preferences.

When MSS is configured for authentication, using LDAP or SAML for example, a username is determined when a user logs in. The user’s settings are centrally saved in MSS using that username for all future logins.

However when the MSS Authentication Method is set to None, also known as anonymous mode, no unique username is available for the system to identify that particular user when they return in the future. In this configuration, all users share the same settings. If one user changes a setting, that setting will be changed for all other users.

Because that may not always be the desired behavior, Host Access for the Cloud supports a number of ways that, as an administrator, you can configure a unique identifier for each user so their customized settings can be stored and retrieved during future logins.

Note

These configuration modifications do not alter the security considerations of using Management and Security Server in anonymous mode.

Configuration options

There are four different configuration options you can choose from when configuring user name identifiers. You must restart the session server before any changes take effect.

To use an HTTP request cookie value as the user name

Add the following lines to <session-server>/conf/container.properties:

zfe.principal.name.provider=com.microfocus.zfe.webclient.security.mss.CookieKeyAnonymousPrincipalNameProvider

zfe.principal.name.identifier=<the-cookie-key-to-be-used>
To use an HTTP request header value as the user name

Add the following lines to: <session-server>/conf/container.properties:

zfe.principal.name.provider=com.microfocus.zfe.webclient.security.mss.HeaderKeyAnonymousPrincipalNameProvider

zfe.principal.name.identifier=<the-header-key-to-be-used>
To use an HTTP request URL parameter as the user name

Add the following lines to: <session-server>/conf/container.properties

zfe.principal.name.provider=com.microfocus.zfe.webclient.security.mss.UrlParameterAnonymousPrincipalNameProvider

zfe.principal.name.identifier=<the-url-parameter-key-to-be-used>
To use the client IP address as the user name

Add the following line to: <session-server>/conf/container.properties

zfe.principal.name.provider=com.microfocus.zfe.webclient.security.mss.RemoteAddrAnonymousPrincipalNameProvider

Troubleshooting the configuration

If any of your users experience problems when connecting to a Host Access for the Cloud web application after you have made the configuration changes, check the following:

Users experience a 503 Service Unavailable message when connecting to a Host Access for the Cloud web application. First check the log file (<session-server>/logs/sessionserver.log), then:
- If the log file contains this message: Unable to create AnonymousPrincipalNameProvider instance for class..., then the zfe.principal.name.provider property is probably mis-typed. Check the spelling and letter case to remedy this issue.
- If the log file contains this message:zfe.principal.name.identifier is not defined, then the property is missing. Ensure the property is defined to remedy this issue.
Users are unable to properly authenticate.

Users should receive an error message indicating the initial HTTP request to the Host Access for the Cloud web application did not contain the required informat