User Portal - old
Contents
Overview
This version has been superceded by User Portal
This page discusses the User Portal version 2. The user portal places all the self-service application in one place and allows the customer to decide what pages to make available to users and how those pages are to be used. This can replace the current changepin , resetpin and proxy applications.
The following applications are available.
- View Security String
- Request a Security String Message (as defined by the transport, usually SMS or email). This can be password protected.
- Login presents a login page to the user, useful for testing but also used to protect user provision screen if required.
- Change PIN
- Reset PIN (The ResetPIN needs to be enabled on the Swivel Administration console). See also ResetPIN How To Guide
- Provision a Mobile device. This can be password protected.
Prerequisites
Swivel 3.9.1 onwards
Swivel appliance with user portal pre-installed or userportal.war file, see Downloads.
Upgrading User Portal
Download the User Portal, extract the userportal.war file and overwrite the existing userportal.war file (see below for file location). This will automatically upgrade the User Portal.
User Portal Installation
If the User Portal is not installed on a Swivel appliance, it can be installed on an appliance running Swivel 3.9.1 onwards. WinSCP can be used to install this, see WinSCP How To Guide.
Create a folder /home/swivel/.swivelportal/conf, ensure it has user and group permissions of swivel.
Copy the userportal.war file to /usr/local/tomcat/webapps2. It is possible to install into /usr/local/tomcat/webapps, but the installation will only work using HTTP, and SSL must be disabled for port 8080 through the CMI.
Copy the below files from /usr/local/tomcat/webapps2/userportal/resources/conf to /home/swivel/.swivelportal/conf
- portalsettings.xml
- settings.xml
User Portal Configuration
Config files will be stored in ~/.swivelportal/conf or as stated by stated in env variable SWIVEL_PORTAL_HOME or web.xml “portalHome", see Transient Data Storage.
User portal communication with appliance settings
The file settings.xml defines how the user portal will communicate with the Swivel Appliance. Generally the only setting that needs editing is the shared secret that will need to match the one set on the Swivel Appliance, leave the other settings at their default.
Appliance webapps2 settings
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> <properties> <entry key="ssl">false</entry> <entry key="server">localhost</entry> <entry key="port">8181</entry> <entry key="context">pinsafe</entry> <entry key="secret">secret</entry> <entry key="selfsigned">true</entry> <entry key="codepage">UTF-8</entry> <entry key="proxypinpad">false</entry> </properties>
Appliance webapps settings (Non SSL only)
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> <properties> <entry key="ssl">false</entry> <entry key="server">localhost</entry> <entry key="port">8181</entry> <entry key="context">pinsafe</entry> <entry key="secret">secret</entry> <entry key="selfsigned">true</entry> <entry key="codepage">UTF-8</entry> <entry key="proxypinpad">false</entry> </properties>
User portal home page application settings
The file portalsettings.xml determines how the portal will perform
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> <properties> <entry key="login">pinpad</entry> <entry key="securitystring">pinpad</entry> <entry key="changepin">pinpad</entry> <entry key="secureprovision">true</entry> <entry key="messagepassword">true</entry> <entry key="redirect">./index.jsp</entry> </properties>
Portalsettings.xml options
login: Default: pinpad Options: turing, pinpad. What image will be used on the login page.
securitystring: Default: pinpad, Options: turing, pinpad. What image will be used on the Security String page.
changepin: Default: pinpad, Options: turing, pinpad, explicit (PIN is entered directly). What image will be used on the changepin page.
secureprovision: Default true, Options true, false. Determines if a user must authenticate to the portal before they are allowed to request provision code.
messagepassword: Default: true, Options true, false. Determines if a user must supply a valid password before they can receive a dual channel message.
redirect: Default: ./index.jsp, Options index.jsp, or other URL. Where a user is redirected after completing a changepin or authentication.
After making a change restart Tomcat
Additional User Portal Customisation
User portal Images
The default image is at the below location, if a different image is required then this can be backed up and a new file of the same name used, or alternatively each page can be edited for the new image file.
<path to Tomcat>/userportal/images/swivel_logo.png
For Swivel appliances: /usr/local/tomcat/webapps2/userportal/images/swivel_logo.png
Changing Authentication Method
If you want the authentication changing from PinPad to Turing and vice versa, you need to navigate to home/swivel/.swivelportal/conf, then to portalsettings.xml. Under ‘login’, ‘securitystring’ and ‘changepin’; change the type of authentication to the desired method, i.e PinPad or Turing.
User Portal Menu options
The options available to portal users can be edited to remove menus that are not required. Edit the file \usr\local\tomcat\userportal\WEB-INF\pages\menu.jsp
To remove an item, add at the start '<!-- ' and at the end of the line, add ' -->' example
<!-- <li><a href="login"><span>Login</span></a></li> -->
The following removes all but the ChangePIN and ResetPIN links
<div id='cssmenu'> <ul> <!-- <li><a href="string"><span>Security String Image</span></a></li> --> <!-- <li><a href="confirmation"><span>Security String Message</span></a></li> --> <!-- <li><a href="login"><span>Login</span></a></li> --> <li><a href="change"><span>Change PIN</span></a></li> <li><a href="reset"><span>Reset PIN</span></a></li> <!-- <li><a href="provision"><span>Provision</span></a></li> --> <!-- <li class='last'><a href='synctoken'><span>Sync Token</span></a></li --> </ul> </div></nowiki>
Testing
Navigate to the userportal page; https://IP:8443/userportal The userportal should be displayed.
User Portal Security String Image
Here you can enter a user name and click [Go] and the Security String image will update. If you press [Go] again, it will update the image once again.
User Portal Security String Message
Once you have entered a Username and clicked [Go], the “Confirmed” TURing image will appear. Additionally, if you press [Go] again, it will update the image.
User Portal Login
The user portal login allows a user to verify that their login works with Swivel.
User Portal Change PIN
The user portal allows the user to Change their PIN.
User Portal Reset PIN
The user portal Rset PIN allows a user to reset a forgotten PIN (It will not unlock an account)
User Portal Provision
The user portal allows a user to provision their Mobile Phone for authentication.
User Portal Sync Token
The user portal allows a user to Synchronise their Token.
Additional Configuration options
Creating a URL redirect from the root level
See Redirect link
Using 443 instead of 8443
See How to run PINsafe on non-default ports
Known Issues
The standard install of the user portal with an appliance is in the webapps2 folder with HTTPS but may also run under HTTP. An install in the webapps folder will only work with HTTP and not HTTPS.
Troubleshooting
A Reset code could not be requested.
The Swivel server does not allow Account Resets
The ResetPIN needs to be enabled on the Swivel Administration console.
Changes to xml files do not take effect
Cached files
You may find you need to clear the cached compiled files for User Portal before the new settings will take effect. You can find these in /usr/local/tomcat/work/Catalina-proxy/localhost/userportal. Delete the contents of this folder only when Tomcat is stopped.
This folder will be automatically re-created the next time it is required, so it is safe to delete.
File locations
Ensure the correct locations are being edited: Config files will be stored in ~/.swivelportal/conf or as stated by stated in env variable SWIVEL_PORTAL_HOME or web.xml “portalHome"
Editing the configuration files under <path to Tomcat>\webapps2\userportal\WEB-INF (Example: C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps2\userportal\WEB-INF) will not be used.
Error Messages
There was an error please check your username and pin code if the problem persists contact your systems administrator.
Contact the Administrator to see verify the error. This error should be logged on the Swivel server that the User Portal uses.
Change PIN failed for user: graham, error: The use of a static password is mandatory
The user is required to use a static Password
Change PIN failed for user: graham, error: The one-time code was missing or malformed.
Incorrect OTC entered
In the Swivel log viewer
AgentXML request failed, error: The XML request sent from the agent was malformed.
and in the User Portal
Something went wrong. Please try again or contact your system administrator.
This can be seen when a token is synced and the token is already synched.