Forum Discussion

KS-NetEngineer_'s avatar
KS-NetEngineer_
Icon for Nimbostratus rankNimbostratus
Aug 20, 2015

HTTP Form SSO with Dynamic Parameter

I'm setting up a new Webptop with Portal and Weblink resources. I have SSO working with my sites that use Basic auth and now I'm trying to a site that uses Forms-based authentication. The website is hosted externally so I configured it as a Portal resource and applied an SSO object to the Portal resource. When I clink on the link in the Webtop the username and password fields are sent to the server but I'm not able to authenticate. After troubleshooting for a while I found that the website uses a hidden parameter named authenticity_token. This parameter is dynamically generated when you load the login page. When you enter our username and password and click submit the username, password and authenticity_token parameters are sent.

 

It looks like I should be able use a session variable to send this hidden field. Do I have to assign this variable in my VPE? Or should I use a client initiated form SSO object for this?

 

6 Replies

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus

    If it's dynamic, I guess client initiated form SSO will be the way to go.

     

  • Thanks for your response. So I need to add some custom javascript to get this value?

     

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus

    Typically not required. The JS injected by APM will do a form auto-submit, which should carry the required dynamic variables.

     

  • I've set up a client initiated SSO object. When I login to the site I get a blank page. I'm assuming that means that my form identification is failing because I never see the POST from my browser. I've tried multiple settings but this seems like it should be easy.

     

    Login URI: /cas/login Username field name: username Password filed name: password

     

    I have the form detection field set to URI: /cas/login The Form identification is Form parameters.

     

    One thing I'm not sure of is if the Form name is just used to identify the Form object or if it needs to be set to the actual form name value on the website. I don't see a form name on the website - I only see the form id.

     

    If that isn't causing the problem then I'm probably missing something dumb in my config.

     

    • Belanger__Yves's avatar
      Belanger__Yves
      Icon for Altostratus rankAltostratus

      Hi KS-NetEngineer 135114,

       

      Did you find a solution to your SSO problem?

       

      Yves

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus

    Form Name can be any name and need not match the actual Name. Have you tried to access https://domain.com/cas/login/ . You can enable debug under SSO config and check the apm logs if the sso has been triggered.