Deploying URL preview in an environment where anonymous access is disabled
To deploy URL preview optionally in an environment where anonymous access is disabled within HCL Connections, you must define a system user as a proxy for the oEmbed/image proxy services so that it can perform HTTP requests.
About this task
Procedure
- Define a new "system" user in your user repository that
can log into Connections.In the following steps, the oEmbed / image proxy is configured to log in as this "system" user when performing HTTP request against Connections resources. To avoid leaking private resources from Connections, it is important to ensure that this user does not have access to any private resource on the Connections environment such as not being a member of a community, or a participant in an activity, and so on.
- This "system" user only should be used for the oEmbed / image proxy purposes (as opposed to being also an actual end-user on the platform).
- Do not use the default admin user, since administrative users have access to all Connections content (including private content).
-
Create a JAAS authentication alias if it does not exist named
urlpreviewJAASAuthS2S. Set the username and password of the user defined in
step 1.
Note: The name of the JAAS authentication alias used by the service can be configured in the og-config.xml file as described in Configuring URL preview.
- In the og-config.xml file, set the security.anonymousAccess attribute to true.
- In the og-config.xml file, set the jaasOembedAuthAlias attribute to urlpreviewJAASAuthS2S.
- Synchronize the WebSphere® Application Server nodes and restart the URL Preview oEmbed application to apply the settings.