This chapter describes the procedure to log in to the Infinity Process Platform Portal and to optionally adjust the predefined connection timeout.
It is recommended to clear your browser cache on every upgrade of your Infinity Portal version to avoid issues with the scrolling functionality. To clear your cache please follow the instructions of your browser help accordingly.
To log in the Infinity Process Platform Portal, start your application server and enter the following URL in your Web browser:
Opening another Portal URL with the same host name and the same context root as the original one is not possible in the same browser. For example using
two different tabs in one browser does not work.
This URL will lead you to the Infinity Process Platform Portal's login screen, whereby
Use the following URL for a tenant specific login:
Using this URL will cause a login at the specific partition. If you have logged out via the Logout link in the Portal, you would be logged-in in the same partition as you have been before.
Note: If the session has expired this information is lost and you have to use the tenant-specific login URL again. Also note that this URL is currently only working for internal authentication. In a principal based environment it is not working.
This section gives an advanced description on how to set the context-root depending on the different kind of deployment.
If you deploy the
If you deploy the
If you deploy with Tomcat from inside Eclipse (as described in the tutorial chapter The Support Case Example of the Infinity Process Platform Documentation - Developer Guide) The Support Case Example) you can determine the context-root in the last property dialog Web Module, while creating a new dynamic Web project:
Figure: Set Context Root
If you skip the last property dialog with the context-root setting, the name of the project is used by default.
In order to be able to use the Infinity Process Platform Portal, users have to identify
themselves by entering the name and
password. The user must have been previously created by the Infinity Process Platform
administrator and assigned the necessary roles or organizations. The
default values for your account and password are motu/motu. In
the login screen fill in your name and account:
Figure: Logging in the Infinity Process Platform Portal
If the properties Security.PromptPartition, Security.PromptDomain or Security.PromptRealm are set in your carnot.properties file, additional entry fields for partition, domain and realm appear accordingly. Otherwise their default values will be used. For more information see the chapter Infinity Process Platform Services of the Infinity Process Platform Documentation - Programming Guide. section Providing Additional Fields for Login Screens in the Infinity Process Platform Services chapter.
Below the password field you find a link Forgot Password. In case you forgot your password click on this link to receive a new one. Note that this link is not available, in case the property Security.Authentication.Mode is set to Principal in your carnot.properties file.
Figure: Forgot Password Option
A dialog opens, where you are prompted to enter your credentials.
Selecting Cancel closes the dialog without sending an email. The initial login screen is displayed again.
Selecting Continue closes the dialog and the new password is sent to the email address which has to be set for the requesting user. In case no email address is configured, you have to contact the administrator. The email contains a generated password as well as instructions on how to reset your password.
Figure: Forgot Password Dialog
You will receive an e-mail with a generated token. To complete the password request click the link provided in the e-mail.
The URL in the e-mail is formed by reading the property Security.Password.ResetServletUrl. If this property is not set, the e-mail does not provide the URL to reset the password. Please refer to section Security of chapter Server Side Properties in the Operation Guide Security of chapter Server Side Properties in the Documentation - Operation Guide for details on this property.
If you like to abort the password request login the Portal as usual and disregard the e-mail.
Figure: Token Generation E-mail
In case you clicked the URL, a notification appears in the opening browser to confirm that the password is generated and sent to your registered e-mail address.
Figure: Password changed notification
Now an e-mail is sent with the changed password.
Figure: Changed Password confirmation E-mail
To change the temporary password, return to the Infinity Process Platform Login screen.
In case you provide the property Security.Password.LoginDialogUrl in your carnot.properties file, containing the URL of the portal login page, this URL will be contained in the notification mail as well. To change the new password, click this URL to go directly to the Infinity Process Platform Login screen. For example:
In the login screen, login with your account and the temporary password provided in the mail. Now the Change Password dialog opens.
Please note that to make the email notification possible, a valid technical user must exist. Per default this is the motu/motu user. For detailed information on how to configure a technical user, please refer to section Configuring Credentials for the Technical User of chapter Deploying Applications in the Infinity Process Platform Documentation - Deployment Guide. Configuring Credentials for the Technical User of the chapter Deploying Applications of the Deployment Guide.
In the Change Password Dialog, enter the old password, a new password and confirm the new password in the Confirm Password entry.
Figure: Change Password Dialog
Click Submit to submit the new password.
It might happen that the password cannot be changed because of one of the following reasons:
In that case, an error notification message appears, notifying that the password validation failed.
Figure: Error Notification
After being successfully authenticated, you are logged into the Infinity Process Platform Portal.
To close the dialog without changing the password, click Cancel. You will return to the user login screen.
When trying to login after selecting the Login button, the entered password is checked for expiration. In case your password has expired, the Change Password dialog opens, where you can enter a new password. Please refer to section Change Password Dialog for details.
When your password has been disabled, a message appears in the Login dialog to indicate that the account is invalid. You will receive an email notification that your account got disabled and you should ask the administrator for assistance.
Figure: Account Disabled
You can change the modes for authentication and authorization in the server-side
carnot.properties file via the following properties:
Per default, the value of these properties is
internal. In case the
Security.Authorization.Mode has been set to a different value then
internal, authorization will be external. The Synchronization provider
needs to be in place and configured. If Security.Authentication.Mode has
been set to a different value then
internal, authentication will be external
and the Login Provider needs to be in place and configured.
The following scenarios are possible:
|internal||internal||Users and grants are handled completely internally.|
|internal||external||Users are handled internally, grants are handled externally.|
|external||internal||Users are handled externally, grants are handled internally.|
|external||external||Users and grants are handled completely externally.|
Note that in case Infinity Process Platform is configured to use the LDAP Login Provider and internal security, a user is allowed to login without providing a password.
To activate principal login in the Infinity Process Platform Portal, perform the following steps:
Set up your container specific security to provide a login module. For example if using Tomcat, add the following line to your Servers/Tomcat XXXX/tomcat-user.xml file:
<user name="motu" password="motu123" roles="Administrator"/>
Set the engine to use principal login via the Security.Authentication.Mode property in your carnot.properties file:
Security.Authentication.Mode = principal
Update the web.xml file with the following fragments to use principal login:
<context-param> <param-name>carnot.PRINCIPAL_PAGE</param-name> <param-value>/plugins/common/initializeSession.iface</param-value> </context-param> ... <security-constraint> <web-resource-collection> <web-resource-name>Icefaces Main Page</web-resource-name> <url-pattern>/plugins/common/initializeSession.iface</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Administrator</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/ipp/common/loginProxy.iface</form-login-page> <form-error-page>/ipp/common/loginProxy.iface?failed=true</form-error-page> </form-login-config> </login-config> <security-role> <role-name>Administrator</role-name> </security-role>
In case a session timeout occurs with principal login and you are using WebLogic as application server, deactivate the keep alive option for WebLogic as described in section Deactivating the KeepAlive option of chapter WebLogic in the Infinity Process Platform Documentation - Deployment Guide. Deactivating the KeepAlive option of chapter WebLogic in the Deployment Guide.
In some cases administrators like to login to the Portal without having a model deployed. To make this possible, make sure that the context parameter carnot.login.MODEL_REQUIRED is set to false in your Web Application deployment descriptor file web.xml.
<context-param> <param-name>carnot.login.MODEL_REQUIRED</param-name> <param-value>false</param-value> </context-param>
Note that this is only applying to administrators, non-administrators always need a deployed model to be able to login. The login behavior is displayed in the following table:
|carnot.login.MODEL_REQUIRED||Model deployed||Admin login allowed||Non-admin user login allowed|
If any request from the Infinity Process Platform Portal does not get response within 60 seconds, the network connection gets interrupted and a message dialog opens.
Figure: Connection Timeout
You have the option to configure the timeout by setting the connectionTimeout parameter in your web.xml file. This parameter defines how long, in milliseconds, the bridge will wait for a response from the server for a user-initiated request before declaring the connection lost. The default value is 60000 (60 seconds).
<context-param> <param-name>com.icesoft.faces.connectionTimeout</param-name> <param-value>60000</param-value> </context-param>
For advanced connection management, please refer to the ICEFaces Documentation - Connection Management directly.