The supported technique assumes that the authentication server sends back one or more cookies in response to a successful authentication attempt. These cookies are then used on all subsequent calls within that Web Dock portlet. That is, it is assumed that the login (or challenge) location and the actual URL to display are separate entities. The first location is used only to authenticate and returns a cookie in a standard HTTP 1.1 2XX response message. The second and all subsequent locations use the cookies from the first response.
Before you configured form-based authentication in your web application bridge, you need three things:
- The URL that is the target of the login submission form
- The input parameters that are used for the user ID and password
- Any hidden input fields on the form that might be used during the authentication process.
To locate the target URL of the form submission, look for the <FORM> tag on the login page. Browse the source of the page. Then, locate the ACTION attribute. The URL in the ACTION attribute is the URL that you need to specify. Enter this URL as the Login URL value in the Authentication tab of the Virtual Web Application Manager portlet. This URL does not include the scheme because it is provided separately in the Scheme
field. The Method
field specifies the HTTP method (for example: POST, GET). The HTTP method is used to make the authentication request to the Login URL. Its value is the Method attribute of the <FORM> tag.
Next, find the <INPUT> fields for the user ID and password. The values for the NAME attributes are used for the User parameter name and Password parameter name values. Enter these values on the Authentication
tab in the Virtual Web Application Manager portlet.
Locate any <INPUT TYPE="hidden" ...> elements on the page. These provide name-value pairs to the system for login and might be important for the process. The web application bridge must send them as well. Enter the hidden values in the Login
field on the Authentication
tab of the Virtual Web Application Manager portlet. Enter these values as a series of name-value pairs, which are separated by a comma (,).
Authenticate with the back-end server one time. Directly access the site and observe the response in some debugger tool. Check the cookies that are returned as part of the authentication request that is sent to the Login URL. Cookies that are returned as part of "Set-Cookie" response headers are session cookies. Specify the session cookies name as a comma-separated list. Session timeout is the period for which the web application bridge assumes that the session cookies are valid. Hence it does not send any subsequent authentication requests until this period is over. In the Session timeout
field, specify any suitable value; for example, 50000
Parent topic: Web application bridge