Enabling anonymous access for a FileNet® deployment

About this task

IBM® FileNet® Collaboration Services implements anonymous access with a designated user that is used only for this purpose. The user must be a system-type user that is not used by a real person. The user ID must not have any particular privileges on the object store beyond what is given by the installation guide. This user's access control records determines what level of access is given to anonymous users. So, choose a functional ID that is reserved for this purpose and that does not have special access.

The display name of the user that is used in this role might appear in some supplemental user interfaces, so a user account or functional ID must be chosen with a suitable display name that matches the purpose of this account, for example, Anonymous User. Do not choose the administrative account ID. Follow these steps to enable anonymous access


  1. Log in to the WebSphere® Application Server Integrated Solutions Console that hosts your FileNet® server with the FileNet® Collaboration Services application.
  2. Enable use of authentication data on unprotected URLs as follows:
    1. Navigate to Security > Global Security > Web and SIP security > General Settings .
    2. Make sure Authenticate only when the URI is protected is selected and Use available authentication data when an unprotected URI is accessed also is selected.
  3. Modify security role mapping for the FileNet® Collaboration Services application as follows:
    1. Continuing in the WebSphere® Administration console, navigate to Applications > WebSphere Enterprise Applications > Navigator.
    2. Click Security role to user/group mapping.
    3. Select the Authenticated option and then select Map Special Subjects and Everyone.
    4. Click OK to save your changes.
  4. Install the authentication filter code as follows:
    1. In WebSphere® Administration console navigate to WebSphere® Enterprise Applications.
    2. Select the FileNet® Collaboration Services option.
    3. Click Update.
    4. For Application update options, select the Replace, add, or delete multiple files option.
    5. Select local file system if you are running the browser on the Deployment Manager node and then locate the auth_filter_patch.zip file in the <connections_install_root>/xkit/filenetConfig/auth_filter_patch.zip directory.
      If the browser is not running on the Deployment Manager (DM) node, then select remote file system and choose the DM file system, locating the auth_filter_patch.zip file in the directory previously stated.
    6. Click Next and OK to update the application.
  5. Click Applications > WebSphere enterprise applications > Navigator > User RunAs roles,
  6. Select the Anonymous role and enter the username and password of the LDAP user who is designated for the anonymous access role.
  7. Click Apply and then click OK to save.
  8. Click Save.
  9. Resynchronize nodes with the master configuration, refer to Synchronizing nodes.
  10. Open the Administration Console for Content Platform Engine (ACCE) and expand the Object Stores node on the side navigation tree.
  11. Right-click ICObjectStore, the object you want to configure, and then click Open.
  12. Select Search, click New Object Store Search, select Collaboration Configuration in the Class menu, and then click Run.
    A single result object displays after you select OK for any warnings.
  13. Click the object and then click Properties.
  14. On the Properties tab, click the Property Value cell for Download Count Anonymous User Ids, which displays a dropdown menu.
  15. Select Edit list, add the user into the list, and then select it from the dropdown menu. The user must be the same user that you provided for the User RunAs roles in the WebSphere® Application Server Integrated Solutions Console in step 2; however, the SID of the user must be provided instead of the user name. To understand how SID values are created, refer to Generating SID values.
  16. Click Close.