Submit login form data directly to WebSEAL
It is possible to perform forms authentication to WebSEAL without being prompted by WebSEAL. The following sequence describes the events that occur during a typical WebSEAL login where the user is prompted by WebSEAL with a login form:
- The user requests a protected resource.
- WebSEAL caches the user's request.
- WebSEAL returns a login form to the user.
- The user fills in the login form fields (providing the user name and password) and clicks a submit button.
- The submit button triggers a POST request to /pkmslogin.form. The request body contains the form field data. The pkmslogin.form management page is a management command to the WebSEAL server. It is not represented in the object space and we cannot attach policies to it.
- WebSEAL authenticates the user and, upon successful authentication, follows an order of precedence for redirecting the user to one of the following three locations:
- The location specified by the login-redirect-page entry in the [acnt-mgt] stanza, if configured.
- The user's originally requested resource (if known).
- The generic login_success.html page.
Some application integration implementations might require logging in directly without making an initial request for a protected resource or being prompted by WebSEAL to login. Such a direct login can be accomplished using a POST request directly to /pkmslogin.form. The following sequence describes the events that occur during a direct login:
- The client sends a POST request to /pkmslogin.form with the proper form field data in the body of the request.
- WebSEAL authenticates the user and, upon successful authentication, follows an order of precedence for redirecting the user to one of the following two locations:
- The location specified by the login-redirect-page entry in the [acnt-mgt] stanza, if configured.
- The generic login_success.html page.
The format of the POST data must follow these conventions:
- The POST must be made to /pkmslogin.form.
- The POST request body must contain the field data for three fields:
- username
- password
- login-form-type
- The value of login-form-type must be "pwd" for forms logins.
- The content-length header must indicate the length of the resulting request body.
Example (using telnet):
prompt> telnet webseal.example.com 80
Connected to webseal.example.com.
Escape character is '^]'.
POST /pkmslogin.form HTTP/1.1
host: webseal.webseal.com
content-length: 56
username=testuser&password=my0passwd&login-form-type=pwdParent topic: Forms authentication