Secure Sites

Secure Sites provide the ability to publish content to your public website but limit who can see that content.  The content could for employee eyes only, premium content that only your partners should see, or department specific information. You can limit access to an entire site or only a sub-section of the site. 

Note: In order for Secure Sites/Sections to work, you must publish to a Tomcat server. See Configuring a Standalone DTS Tomcat as a Production Web Server for instructions for configuring this type of environment

There are two options for establishing who can access a secure site:

  • CM1 Membership - Membership provides a self-service user account registration process with email confirmation and password reset management. 
  • LDAP Authentication - You can use your existing LDAP directory to control access to Secure Sections/Sites.

Configuring the Tomcat Server for Secure Sections

1) Copy and rename the perc-secured-sections.properties.sample to perc-secured-sections.properties. This file is located in:

    $DTS_Root/Deployment/server/conf/perc/perc-secured-sections.properties.

2) Update the perc-secured-sections.properties file to match your environment.  LDAP properties can be ignored unless using LDAP for login.  This is enabled by the 'perc.use.ldap=no' property.

Note: The ports listed in the perc-secured-sections.properties file are defaults and must be updated to match your published environment.  

perc-secured-sections.properties

# percLogin - Secure Sections Properties
#
# ldap.manager.password (bind password) is initially
# entered in clear text, and is encrypted on start
ldap.manager.password=ENC(RCLgJj2gNo3HzdE7pU5BDA\=\=)
#
# ldap.manager.url is the network location of the user's LDAP instance.
ldap.manager.url=ldap://10.10.10.33:389/CN=Users,DC=test,DC=local
#
# ldap.manager.dn is the distinguished name of the bound user
ldap.manager.dn=CN=Administrator,CN=Users,DC=test,DC=local
#
# ldap.manager.user.search.filter is the attribute being
# passed to the authentication framework.
ldap.manager.user.search.filter=(sAMAccountName={0})
#
# ldap.manager.group.role.attribute is the attribute containing
# the name of the authority defined in the group.
ldap.manager.group.role.attribute=cn
#
# ldap.manager.group.search.filter is the attribute to be
# returned for role/access mapping.
ldap.manager.group.search.filter=member={0}
#
# ldap.manager.group.search.base is the attribute specifying
# the base ou to use for searching for ldap groups, empty
# defaults to the base dn.
ldap.manager.group.search.base=
#
# perc.login.login.page is the published location of the
# page containing the login form.
perc.login.login.page=/login-page
#
# perc.login.login.success.page is the location of an
# (optional) published page for redirect in cases in which
# no secure resource has been requested
perc.login.login.success.page=/login-success
#
# membership.service.host is the host name to use to access
# the membership service for authentication
membership.service.host=localhost
#
# membership.service.protocol is the protocol to use to access
# the membership service for authentication, either http or https
membership.service.protocol=http
#
# membership.service.port is the port to use to access
# the membership service for authentication, should be the correct
# port for the specified membership.service.protocol
membership.service.port=9980
#
# perc.webserver.http.port is the HTTP port of the web server
# which services all published pages.
perc.webserver.http.port=9980
#
# perc.webserver.https.port is the HTTPS port of the web server
# which services all published pages.
perc.webserver.https.port=8443

Configuring Secure Sites/Sections to use CM1 Membership

Use the following steps to configure self-service user account registration:

  1. Create a Registration Page.
  2. Add a Registration widget to the page.
  3. On the Layout tab, edit the Registration widget properties. Be sure the Registration mode is set to "Registration".
  4. Save the Layout.
  5. On the Content tab, edit the Registration widget content.
  6. Click Save to save your changes.
  7. Create a Membership Confirmation page. The Membership Confirmation is a page that is displayed after the user clicks the link in the email confirmation to activate their account registration.  Email configuration must be setup prior to configuring secure-sections in order for this to work.  See the last paragraph of this document for additional information on configuring email. 
  8. In the Navigation Menu, edit the Site Preferences to select the Membership Confirmation page by clicking the wrench icon for the site.  These preferences are located under the 'Membership' area.

You can also create Self-Service password request reset and Self-service password reset pages and enter them in the Site Preferences as well. 

When a new person registers, their information will appear in the Membership Gadget.  Add this gadget to your dashboard to see a list of registered users. 

During the registration process, the user will receive an email confirmation which will require them to complete the registration process by activating their account. 

Managing Members

The Membership gadget on the Percussion CMS Dashbaord allows you to view users who have registered during the self-service user account registration process.

To view the list of users, drag and drop the membership gadget onto your dashboard. As users register, they will be added to this page. A user can then be activated, deleted or blocked based on status.

If you are controlling access to sections by group, you can also edit that from the Membership gadget by editing the user.  Enter the group name or if the user belongs to multiple groups, separate the groups by commas. 

Securing sites/sections.

After setting up Secure Sites/Sections a full publish is required.  In order for Secure Sites/Sections to work, you must publish to a Tomcat server.  

 

Configuring the Secure Site/Section

Use the following steps to configure secure sites/sections:

1) Create a Login page.

2) Open the Layout tab and add the Secure Login widget to your page.

3) Select the configure icon to edit Secure Login widget properties.

4) Click OK to save and close.

5) Click Save to save the Layout.

6) Open the Content tab, select the Secure Login widget.

7) Select the edit icon to edit the Secure Login widget content.

8) Click Save to save your changes.

9) Open the navigation menu for the site.

10) To use secure sites/section, under the Top Level, edit the configuration by clicking the wrench for the site itself.

11) Under the security option, be sure "Use site security" is checked.

12) Choose the login page that you created by selecting browse.

13) Click Save to save.

14) To secure a section, select the configure icon (wrench) to edit the navigation section preferences.

15) Under the security option, be sure "Requires Log in" is checked and enter the name of the groups which have access. 

16) After the Secure Sites/Section feature is setup, a full publish is required.

when configuring a publishing environment with secure sites/sections the "Use Percussion web server setup (default)" option should be selected so that the web-inf files related to secure sections are copied over during the full publish. Learn more about "Setting Up a Publishing Server" in our "Publishing Guide".

Note: To setup the mail configuration, the CM1 admin must edit the perc-email.properties file. A sample mail configuration is displayed below. The file gets delivered to /cmroot/Deliver/perc-email.properties and to /cmroot/Deployment/Server/conf/perc/perc-email.properties.  Make sure each file has your specific mail configuration.  The password will be encrypted and the comments indicated by a # sign will be removed upon restart of the delivery server.

#
# perc-email.properties
# Specific properties for email service
#
#

# SMTP service
email.hostName=smtp.gmail.com

# Host port number
email.portNumber=587

# User name
email.userName=percdev

# Password
email.password=pdevelopment

# Enable/disable TLS
# true when TLS is enabled, otherwise set to false
email.TLS=true

# From Email address
email.fromAddress=percdev@gmail.com

# Add the sslPort property with proper port to enable SSL. The SSL is disabled if sslPort property is empty.
email.sslPort=465
email.bounceAddress=percdev@gmail.com