Configuring User Names when Using Anonymous Access Control
Users need access to their macros, user configurations, and other personalized settings whether they are authenticated through Management and Security Server or not. These settings are collectively referred to as User Preferences.
When MSS is configured for authentication, using LDAP or SAML for example, a username is determined when a user logs in. The user’s settings are centrally saved in MSS using that username for all future logins.
However when the MSS Authentication Method is set to None, also known as anonymous mode, no unique username is available for the system to identify that particular user when they return in the future. In this configuration, all users share the same settings. If one user changes a setting, that setting will be changed for all other users.
Because that may not always be the desired behavior, Host Access for the Cloud supports a number of ways that, as an administrator, you can configure a unique identifier for each user so their customized settings can be stored and retrieved during future logins.
note
These configuration modifications do not alter the security considerations of using Management and Security Server in anonymous mode.
Configuration options
There are four different configuration options you can choose from when configuring user name identifiers. You must restart the session server before any changes take effect.
-
To use an HTTP request cookie value as the user name
Add the following lines to
<session-server>/conf/container.properties
:zfe.principal.name.provider=com.microfocus.zfe.webclient.security.mss.CookieKeyAnonymousPrincipalNameProvider
zfe.principal.name.identifier=<the-cookie-key-to-be-used>
-
To use an HTTP request header value as the user name
Add the following lines to:
<session-server>/conf/container.properties
:zfe.principal.name.provider=com.microfocus.zfe.webclient.security.mss.HeaderKeyAnonymousPrincipalNameProvider
zfe.principal.name.identifier=<the-header-key-to-be-used>
-
To use an HTTP request URL parameter as the user name
Add the following lines to:
<session-server>/conf/container.properties
zfe.principal.name.provider=com.microfocus.zfe.webclient.security.mss.UrlParameterAnonymousPrincipalNameProvider
zfe.principal.name.identifier=<the-url-parameter-key-to-be-used>
-
To use the client IP address as the user name
Add the following line to:
<session-server>/conf/container.properties
zfe.principal.name.provider=com.microfocus.zfe.webclient.security.mss.RemoteAddrAnonymousPrincipalNameProvider
Troubleshooting the configuration
If any of your users experience problems when connecting to a Host Access for the Cloud web application after you have made the configuration changes, check the following:
-
Users experience a 503 Service Unavailable message when connecting to a Host Access for the Cloud web application. First check the log file (
<session-server>/logs/sessionserver.log
), then:- If the log file contains this message: Unable to create AnonymousPrincipalNameProvider instance for class..., then the
zfe.principal.name.provider
property is probably mis-typed. Check the spelling and letter case to remedy this issue. - If the log file contains this message:zfe.principal.name.identifier is not defined, then the property is missing. Ensure the property is defined to remedy this issue.
- If the log file contains this message: Unable to create AnonymousPrincipalNameProvider instance for class..., then the
-
Users are unable to properly authenticate.
Users should receive an error message indicating the initial HTTP request to the Host Access for the Cloud web application did not contain the required informat