Configuring User Names when Using Anonymous Access Control
Users need access to their macros, user configurations, and other personalized settings whether they are authenticated through Management and Security Server or not. These settings are collectively referred to as User Preferences.
When MSS is configured for authentication, using LDAP or SAML for example, a username is determined when a user logs in. The user’s settings are centrally saved in MSS using that username for all future logins.
However when the MSS Authentication Method is set to None, also known as anonymous mode, no unique username is available for the system to identify that particular user when they return in the future. In this configuration, all users share the same settings. If one user changes a setting, that setting will be changed for all other users.
Because that may not always be the desired behavior, Host Access for the Cloud supports a number of ways that, as an administrator, you can configure a unique identifier for each user so their customized settings can be stored and retrieved during future logins.
note
These configuration modifications do not alter the security considerations of using Management and Security Server in anonymous mode.
Configuration options
There are four different configuration options you can choose from when configuring user name identifiers.
To implement any of these options, you need to adjust your service settings and redeploy the hacloud-session-server
service.
-
To use an HTTP request header value as the user name
Key Value zfe.principal.name.provider com.microfocus.zfe.webclient.security.mss.HeaderKeyAnonymousPrincipalNameProvider zfe.principal.name.identifier the-header-key-to-be-used -
To use an HTTP request cookie value as the user name
Key Value zfe.principal.name.provider com.microfocus.zfe.webclient.security.mss.CookieKeyAnonymousPrincipalNameProvider zfe.principal.name.identifier the-cookie-key-to-be-used -
To use an HTTP request URL parameter as the user name
Key Value zfe.principal.name.provider com.microfocus.zfe.webclient.security.mss.UrlParameterAnonymousPrincipalNameProvider zfe.principal.name.identifier the-url-parameter-key-to-be-used -
To use the client IP address as the user name
Key Value zfe.principal.name.provider com.microfocus.zfe.webclient.security.mss.RemoteAddrAnonymousPrincipalNameProvider
Troubleshooting the configuration
If any of your users experience problems when connecting to a Host Access for the Cloud web application after you have made the configuration changes, check the following:
-
Users experience a 503 Service Unavailable message when connecting to a Host Access for the Cloud web application. First check the log file for
hacloud-session-server
, then:-
If the log file contains this message: Unable to create AnonymousPrincipalNameProvider instance for class..., then the
zfe.principal.name.provider
property is probably mis-typed. Check the spelling and letter case to remedy this issue. -
If the log file contains this message:zfe.principal.name.identifier is not defined, then the property is missing. Ensure the property is defined to remedy this issue.
-
-
Users are unable to properly authenticate.
Users should receive an error message indicating the initial HTTP request to the Host Access for the Cloud web application did not contain the required informat