Configuring User Names when Using Anonymous Access Control

Users need access to their macros, user configurations, and other personalized settings whether they are authenticated anonymously through Management and Security Server or not. Host Access for the Cloud uses user names to store user-specific information; but what happens when users are anonymously authenticated through Management and Security Server’s access control interface?

In a default environment, Host Access for the Cloud uses the session id of the HTTP session as the value for the user name. While this user name is unique for each browser session, it changes over time and when MSS is configured in anonymous mode, in order to consistently retrieve user settings, all users of that session necessarily share the same settings.

However, Host Access for the Cloud supports a number of ways that, as an administrator, you can configure a unique identifier for each user so their customized settings can be stored and retrieved.

NOTE:These configuration modifications do not alter the security considerations of using Management and Security Server in anonymous mode.

Configuration options

There are four different configuration options you can choose from when configuring user name identifiers. You must restart the session server before any changes take effect.

  • To use an HTTP request cookie value as the user name

    Add the following lines to <session-server>/conf/container.properties:

    • zfe.principal.name.provider=com.microfocus.zfe.webclient.security.mss.CookieKeyAnonymousPrincipalNameProvider
    • zfe.principal.name.identifier=<the-cookie-key-to-be-used>

  • To use an HTTP request header value as the user name

    Add the following lines to: <session-server>/conf/container.properties:

    • zfe.principal.name.provider=com.microfocus.zfe.webclient.security.mss.HeaderKeyAnonymousPrincipalNameProvider
    • zfe.principal.name.identifier=<the-header-key-to-be-used>

  • To use an HTTP request URL parameter as the user name

    Add the following lines to: <session-server>/conf/container.properties

    • zfe.principal.name.provider=com.microfocus.zfe.webclient.security.mss.UrlParameterAnonymousPrincipalNameProvider
    • zfe.principal.name.identifier=<the-url-parameter-key-to-be-used>

  • To use the client IP address as the user name

    Add the following line to: <session-server>/conf/container.properties

    • zfe.principal.name.provider=com.microfocus.zfe.webclient.security.mss.RemoteAddrAnonymousPrincipalNameProvider

Troubleshooting the configuration

If any of your users experience problems when connecting to a Host Access for the Cloud web application after you have made the configuration changes, check the following:

  • Users experience a 503 Service Unavailable message when connecting to a Host Access for the Cloud web application. First check the log file (<session-server>/logs/zfe.log), then:

    • -- If the log file contains this message: “Unable to create AnonymousPrincipalNameProvider instance for class...”, then the zfe.principal.name.provider property is probably mis-typed. Check the spelling and letter case to remedy this issue.
    • --If the log file contains this message:”zfe.principal.name.identifier is not defined”, then the property is missing. Ensure the property is defined to remedy this issue.

  • Users are unable to properly authenticate.

    Users should receive an error message indicating the initial HTTP request to the Host Access for the Cloud web application did not contain the required information.