skip login screen(web)
Are there good way to skip login screen.
My customer has web portal that is need to login.(The portal is within a company.)
They'd like to make link on the portal and if user click it, runch SM web client.
They said the portal can pass login/password for the portal using http request like http:xxxxx/username=xxx/password=xxxx on the portal.
The authentication for SM is using SM operator record.(So SM has same login/password for the portal).
Then they just want to skip login screen.
Is it possible?
You cannot pass id and password in the url although few web application support such feasibility. But in SM , like many other applications, it is good to not have this for security reasons.
Need to implement SSO (single signon) with SSL to achieve the same. By this user logged in to windows system will be automatically logged in SM with same user id.
Follow below link for SSO,
Assign Kudo, if found post useful and mark it accepted if solves the issue.
Well, it _can_ be done, though, as piku said, it's not really secure.
In our environment, we use WebSEAL as the authentication that sits in front of the web server that is housing our Service Manager web layer. We created a custom Java class and placed it in the WEB-INF\classes directory, and then modified the application-context.xml in the WEB-INF directory to use that class as part of the preauthentication filter.
We named the Java class 'TAMAuthenticationFilter' and it looks like:
public class TAMAuthenticationFilter extends PreAuthenticationFilter
protected String getAuthenticatedUsername(HttpServletRequest paramHttpServletRequest)
String str = paramHttpServletRequest.getHeader("iv-user");
str = str.toUpperCase();
And then we added an entry in the application-context.xml to reference that class
<bean id="SingleSignOn" class="TAMAuthenticationFilter">
And then in the filterChainProxy, we added that SingleSignOn to the proxy chain
So, you'll have to do some of your own experimenting and figure out what works for you, but _how_ it works -
WebSEAL authenticates the user based on their credentials at their PC and passes the username on to the Service Manager web server in a header with the attribute 'iv-user'. The custom Java class grabs the value within that header and passes that on to the web server. The custom bean reference passes that value on to the Service Manager application server which validates the user against the HPSM operator table and lets them into the tool.
Thank you for your reply, Piku and Jacob.
I am not good at Java and web technology.
So it takes much time to read your reply and understand it.
I can catch it's not so easy way to resolv my customer's request.
(I think I get a good example by Jacob, but I can't catch it soon. sorry.)
Of cource I read some manuals Piku pickued up.