After establishing the session we want to redirect the user to a site that is protected by a policy agent (using response.redirect(targetUrl)). However, SSO fails and a user needs to authenticate again. It seems that the normal AM cookies (iPlanetDirectoryPro - created when you login using /UI/Login) are not automatically created.
One final thing: setup is okay - we did sanity checks using policy agents and that works fine.
Questions:
1. Can some give me some hints and tips on how to create a valid session, SSO token and the according cookies using just the API?
The expected usage of this kind of flow is ideally through a policy
agent protecting a resource,
which detects missing SSOToken and authenticates on its own. Looks like
you are trying to do
that automatically without user intervention. In that case you can use
zero page login ( more details
in auth arch document pg 24-26), so you dont have to worry about setting
domain cookies etc.
In your approach you would have to set the cookie yourself on the
response. sample code to do that may
be like:
try {
ServiceSchemaManager scm = new ServiceSchemaManager(
"iPlanetAMPlatformService", token);
ServiceSchema platformSchema = scm.getGlobalSchema();
Set cookieDomains = (Set)platformSchema.getAttributeDefaults().
get("iplanet-am-platform-cookie-domains");
String value = token.getTokenID().toString();
String cookieName = SystemProperties.get(
"com.iplanet.am.cookie.name");
Cookie cookie = CookieUtils.newCookie(cookieName, value,
"/");
response.addCookie(cookie);
Iterator iter = cookieDomains.iterator();
Cookie cookie = null;
while (iter.hasNext()) {
String cookieDom = (String) iter.next();
cookie =
com.iplanet.services.util.CookieUtils.newCookie(cookieName, value,
"/", cookieDom );
response.addCookie(cookie);
loadBalancerCookie = setlbCookie(cookieDom);
if (loadBalancerCookie != null) {
response.addCookie(loadBalancerCookie);
}
}
}
} catch (Exception e) {
}
}
No comments:
Post a Comment