User Portal - old

From Swivel Knowledgebase
Jump to: navigation, search


Overview

This version has been superceded by User Portal


This page discusses the User Portal version 2. The user portal places all the self-service application in one place and allows the customer to decide what pages to make available to users and how those pages are to be used. This can replace the current changepin , resetpin and proxy applications.

The following applications are available.

  • View Security String
  • Request a Security String Message (as defined by the transport, usually SMS or email). This can be password protected.
  • Login presents a login page to the user, useful for testing but also used to protect user provision screen if required.
  • Change PIN
  • Reset PIN (The ResetPIN needs to be enabled on the Swivel Administration console). See also ResetPIN How To Guide
  • Provision a Mobile device. This can be password protected.


Prerequisites

Swivel 3.9.1 onwards

Swivel appliance with user portal pre-installed or userportal.war file, see Downloads.


Upgrading User Portal

Download the User Portal, extract the userportal.war file and overwrite the existing userportal.war file (see below for file location). This will automatically upgrade the User Portal.


User Portal Installation

If the User Portal is not installed on a Swivel appliance, it can be installed on an appliance running Swivel 3.9.1 onwards. WinSCP can be used to install this, see WinSCP How To Guide.

Create a folder /home/swivel/.swivelportal/conf, ensure it has user and group permissions of swivel.

Copy the userportal.war file to /usr/local/tomcat/webapps2. It is possible to install into /usr/local/tomcat/webapps, but the installation will only work using HTTP, and SSL must be disabled for port 8080 through the CMI.

Copy the below files from /usr/local/tomcat/webapps2/userportal/resources/conf to /home/swivel/.swivelportal/conf

  • portalsettings.xml
  • settings.xml


User Portal Configuration

Config files will be stored in ~/.swivelportal/conf or as stated by stated in env variable SWIVEL_PORTAL_HOME or web.xml “portalHome", see Transient Data Storage.


User portal communication with appliance settings

The file settings.xml defines how the user portal will communicate with the Swivel Appliance. Generally the only setting that needs editing is the shared secret that will need to match the one set on the Swivel Appliance, leave the other settings at their default.


Appliance webapps2 settings

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
 <properties>
 <entry key="ssl">false</entry>
 <entry key="server">localhost</entry>
 <entry key="port">8181</entry>
 <entry key="context">pinsafe</entry>
 <entry key="secret">secret</entry>
 <entry key="selfsigned">true</entry>
 <entry key="codepage">UTF-8</entry>
 <entry key="proxypinpad">false</entry>
 </properties>


Appliance webapps settings (Non SSL only)

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
 <properties>
 <entry key="ssl">false</entry>
 <entry key="server">localhost</entry>
 <entry key="port">8181</entry>
 <entry key="context">pinsafe</entry>
 <entry key="secret">secret</entry>
 <entry key="selfsigned">true</entry>
 <entry key="codepage">UTF-8</entry>
 <entry key="proxypinpad">false</entry>
 </properties>


User portal home page application settings

The file portalsettings.xml determines how the portal will perform

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
 <properties>
 <entry key="login">pinpad</entry>
 <entry key="securitystring">pinpad</entry>
 <entry key="changepin">pinpad</entry>
 <entry key="secureprovision">true</entry>
 <entry key="messagepassword">true</entry>
 <entry key="redirect">./index.jsp</entry>
 </properties>


Portalsettings.xml options

login: Default: pinpad Options: turing, pinpad. What image will be used on the login page.

securitystring: Default: pinpad, Options: turing, pinpad. What image will be used on the Security String page.

changepin: Default: pinpad, Options: turing, pinpad, explicit (PIN is entered directly). What image will be used on the changepin page.

secureprovision: Default true, Options true, false. Determines if a user must authenticate to the portal before they are allowed to request provision code.

messagepassword: Default: true, Options true, false. Determines if a user must supply a valid password before they can receive a dual channel message.

redirect: Default: ./index.jsp, Options index.jsp, or other URL. Where a user is redirected after completing a changepin or authentication.

After making a change restart Tomcat

Additional User Portal Customisation

User portal Images

The default image is at the below location, if a different image is required then this can be backed up and a new file of the same name used, or alternatively each page can be edited for the new image file.

<path to Tomcat>/userportal/images/swivel_logo.png

For Swivel appliances: /usr/local/tomcat/webapps2/userportal/images/swivel_logo.png


Changing Authentication Method

If you want the authentication changing from PinPad to Turing and vice versa, you need to navigate to home/swivel/.swivelportal/conf, then to portalsettings.xml. Under ‘login’, ‘securitystring’ and ‘changepin’; change the type of authentication to the desired method, i.e PinPad or Turing.


User Portal Menu options

The options available to portal users can be edited to remove menus that are not required. Edit the file \usr\local\tomcat\userportal\WEB-INF\pages\menu.jsp

To remove an item, add at the start '<!-- ' and at the end of the line, add ' -->' example

  <!-- <li><a href="login"><span>Login</span></a></li> -->

The following removes all but the ChangePIN and ResetPIN links

 <div id='cssmenu'>
  <ul>
   <!-- <li><a href="string"><span>Security String Image</span></a></li> -->
   <!-- <li><a href="confirmation"><span>Security String Message</span></a></li> -->
   <!-- <li><a href="login"><span>Login</span></a></li> -->
     <li><a href="change"><span>Change PIN</span></a></li>
     <li><a href="reset"><span>Reset PIN</span></a></li>
   <!-- <li><a href="provision"><span>Provision</span></a></li> -->
   <!-- <li class='last'><a href='synctoken'><span>Sync Token</span></a></li -->
  </ul>
 </div></nowiki>


Testing

Navigate to the userportal page; https://IP:8443/userportal The userportal should be displayed.


User Portal Security String Image

User Portal Security String Image small.jpg

Here you can enter a user name and click [Go] and the Security String image will update. If you press [Go] again, it will update the image once again.


User Portal Security String Message

User Portal Security String Message small.jpg

Once you have entered a Username and clicked [Go], the “Confirmed” TURing image will appear. Additionally, if you press [Go] again, it will update the image.


User Portal Login

The user portal login allows a user to verify that their login works with Swivel.

User Portal Login small.jpg


User Portal Change PIN

The user portal allows the user to Change their PIN.

User Portal Change Pin small.jpg


User Portal Reset PIN

The user portal Rset PIN allows a user to reset a forgotten PIN (It will not unlock an account)

User Portal Reset Pin small.jpg


User Portal Provision

The user portal allows a user to provision their Mobile Phone for authentication.

User Portal Provision small.jpg


User Portal Sync Token

The user portal allows a user to Synchronise their Token.

User Portal Sync Token small.jpg


Additional Configuration options

Creating a URL redirect from the root level

See Redirect link


Using 443 instead of 8443

See How to run PINsafe on non-default ports


Known Issues

The standard install of the user portal with an appliance is in the webapps2 folder with HTTPS but may also run under HTTP. An install in the webapps folder will only work with HTTP and not HTTPS.


Troubleshooting

A Reset code could not be requested.

The Swivel server does not allow Account Resets

The ResetPIN needs to be enabled on the Swivel Administration console.


Changes to xml files do not take effect

Cached files

You may find you need to clear the cached compiled files for User Portal before the new settings will take effect. You can find these in /usr/local/tomcat/work/Catalina-proxy/localhost/userportal. Delete the contents of this folder only when Tomcat is stopped.

This folder will be automatically re-created the next time it is required, so it is safe to delete.


File locations

Ensure the correct locations are being edited: Config files will be stored in ~/.swivelportal/conf or as stated by stated in env variable SWIVEL_PORTAL_HOME or web.xml “portalHome"

Editing the configuration files under <path to Tomcat>\webapps2\userportal\WEB-INF (Example: C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps2\userportal\WEB-INF) will not be used.


Error Messages

There was an error please check your username and pin code if the problem persists contact your systems administrator.

Contact the Administrator to see verify the error. This error should be logged on the Swivel server that the User Portal uses.


Change PIN failed for user: graham, error: The use of a static password is mandatory

The user is required to use a static Password


Change PIN failed for user: graham, error: The one-time code was missing or malformed.

Incorrect OTC entered


In the Swivel log viewer

AgentXML request failed, error: The XML request sent from the agent was malformed.

and in the User Portal

Something went wrong. Please try again or contact your system administrator.

This can be seen when a token is synced and the token is already synched.