My webMethods Server 10.1 | My webMethods Server Webhelp | My webMethods Server Portlet Reference | My webMethods Server Security | Summary of Portlets and Components
 
Summary of Portlets and Components
The following table lists the portlets and components that My webMethods Server provides out-of-the-box related to My webMethods Server security.
Name
Description
Security. Administrators use this portlet to secure My webMethods Server authentication with an external security provider, for example, SiteMinder or Oblix.
Administration. Administrators use this portlet to assume the identity of a different user when diagnosing a problem, to verify the functionality or security of a user account, or to perform an activity on behalf of another user.
System. End users use this portlet to provide their credentials for My webMethods Server authentication.
System. End users use this portlet to log in or log out of My webMethods Server. The portlet displays the Login link for guest users, displays the Logout link for users who can logout, and displays nothing for all other users.
Security. Administrators use this portlet to configure single sign on when using an Active Directory infrastructure. When using NT LAN Manager (NTLM) authentication, users who log into a Windows domain do not have to re-authenticate to log into My webMethods Server. Administrators use the portlet to identify the Primary Domain Controller, which is a Microsoft Windows server that handles all accounts in the domain.
Security. Administrators use this portlet to secure who has the ability to log into My webMethods Server. Using this portlet, administrators restrict login access to users who have IP addresses within specified ranges, for example, IP address inside the corporate firewall. Configure up to four allowed IP address ranges.
Security. Administrators use this portlet to configure My webMethods Server to use the RememberMe authorization scheme. When the RememberMe authorization scheme is in use, My webMethods Server displays a check box on the Login page. A user selects the check box to have My webMethods Server save credentials in a RememberMe cookie. In subsequent login requests, My webMethods Server attempts to authenticate the user with credentials from the RememberMe cookie.
Security. Administrators configure this portlet to enable the My webMethods Server's SAML single sign-on feature. This portlet is installed by default.
Security. Administrators use this portlet to define security realms. Use security realms to simplify permissions management. By default, administrators define permissions for each resource in My webMethods Server. Instead, using this portlet, administrators can define security realms, assign resources to the security realms, and then set permissions for the security realms. As a result, rather than individual permissions per resource, permissions are against a collection of resources in a security realm.
Security. System administrators use this portlet to configure Cross-Site Request Forgery (XSRF) countermeasures for My webMethods Server. To combat XSRF, My webMethods Server requires a special token, called Anti-Cross-Site-Request-Forgery Token (AXSRFT), to be present on HTTP requests that invoke My webMethods Server actions, such as a request to delete a folder or change a user's profile information. My webMethods Server generates a unique token for each user, and periodically updates it, once a day by default. When you use the My webMethods Server user interface to perform actions that require an AXSRFT, the My webMethods Server user interface automatically supplies the correct token, so you do not need to do anything special for these actions when using the My webMethods Server user interface.