Specifying authentication options


The default setting for authentication options is No authentication required. Select No authentication required only if the URL you specified to clip does not require authentication.

 

Set credentials

If authentication is required, set credentials for either HTTP Basic Authentication or form-based authentication. The Web clipping portlet now stores authentication information within the WebSphere Portal's credential vault. The Modify authentication options page in the Web clipping portlet administration is augmented to have a link to a credential settings page. On this page, you select to either use a shared credential slot or a non-shared slot. In either case, the slots must already have been configured on the Credential Vault administration page. The shared credential slot will already have the user ID and password credential, which cannot be modified on this page. The non-shared slot is a slot identifier only. If a non-shared slot is selected, a user ID and password is requested in order to create a credential for the administrator building this Web clipping portlet.

The editor will pull the user ID and password from the credential in order to log in to the backend system. From now on, the credential vault is required to store all credential information. When the Web clipping portlet is later edited, the Authentication Settings page will pull up the credential of the user editing the Web clipping portlet and will show user ID and password if the credential is non-shared.

If the Web clipping portlet is using a shared credential, the portlet will access the backend content using that credential without requiring the user to log in first. If the Web clipping portlet specifies a non-shared slot, and an instance of that slot does not yet exist for this portlet and the user accessing it, then the user will have to edit the portlet and provide a user ID and password for logging into the backend system. This user ID and password are stored in a new slot instance for the defined non-shared slot. The next time that user accesses this portlet, the credential will be re-used and the user will not have to log in again.

Edit of the portlet at runtime is still available to users with existing credentials to allow them to modify the user ID and password.

 

Authentication options

The two authentication options are:

  1. HTTP Basic Authentication: This is the simplest form of authentication. You need only specify the realm to which the document belongs.
  2. Form-based authentication: If you are required to log into a site using a form before being allowed to browse the site, then set up the Web clipping portlet to emulate the same steps. This is referred to as form-based authentication. Web Clipping portlets support only one of a broad set of FORM-based authentication techniques. The supported technique assumes that the authentication server will send back one or more cookies in response to a successful authentication attempt. These cookies are then used on all subsequent calls within that Web clipping portlet. That is, it is assumed that the login (or challenge) location and the actual URL to display are separate entities. The first location is used only to authenticate and returns a cookie in a standard HTTP 1.1 2XX response message. The second and all subsequent locations use the cookies from the first response.

    Before configuring form-based authentication in your Web clipping portlet, you need three things:

    • URL that is the target of the login form's submission
    • The input parameters used for the user ID and password
    • Any hidden input fields on the form that might be used during the authentication process.

    To locate the target URL of the form submission, look for the <FORM> tag on the login page (browse the source of the page) and locate the ACTION attribute. The URL in the ACTION is the URL that you need to specify as the Log-in URL value on the Web clipping portlet's Modify authentication settings page.

    Next find the <INPUT> fields for the user ID and password. The values for the NAME attributes should be used for the User parameter name and Password parameter name values on the authentication settings page.

    Finally, locate any <INPUT TYPE="hidden" ...> elements on the page. These provide name/value pairs to the system where the login is performed and might be important for the login process. The Web clipping portlet will have to send them as well. Enter the hidden values in the Additional key value pairs entry field on the authentication settings page as a series of "name=value" pairs, separated by an ampersand (&).


See also