Blocking Access To The User Portal Page - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

3.6.3 Blocking Access to the User Portal Page

If a user is already authenticated and accesses the Identity Server, the user is presented with the
Identity Server User Portal page.
This page provides a wealth of information about the logged-in user:
Any federations this user has established with third-party service providers

 Identity attributes such as Liberty Personal or employee profile attributes, or Access Manager
credential or custom profile attributes
Policy attributes that users or administrators have selected to share with other service providers

You might want to prevent users from seeing this page for the following reasons:
Security: Users accessing this page have access to sensitive information that administrators

might want to restrict such as the user's attributes and federations with other third-party SAML
or Liberty providers.
Help Desk Support: Most users have no need to access the information presented in this page.

As a result, they might be confused if they see it. By preventing access to the page, any
potential calls into the help desk are avoided.
The page is called with every access to the Identity Server login page. You can modify
main.jsp
the code that checks the users status, and if the user is already authenticated, you can redirect the
user to another page.
To block access to the User Portal page:
1 Open the
main.jsp
Linux:
/var/opt/novell/tomcat5/webapps/nidp/jsp
Windows Server 2003:
Windows Server 2008:
2 Locate the following line:
ContentHandler hand = new ContentHandler(request,response);
file for editing. This file is located in the following directory:
\Program Files\Novell\Tomcat\webapps\nidp\jsp
\Program Files (x86)\Novell\Tomcat\webapps\nidp\jsp
Configuring Local Authentication 135