+

Search Tips   |   Advanced Search

Establishing a form-based authenticated HTTP connection

The settings in the following example code snippet enable an outbound connection policy for form-based authentication. The example assumes the site...

    http://the_remote_server.com/login-form-protected/

...is protected by a form-based authentication. The form is submitted by an action URL...

    https://the_remote_server.com/doLogin.php 

      <policy url="http://the_remote_server.com/login-form-protected/*" >       
    <meta-data>
        <name>hpaa.authtype</name>
        <value>form</value>
    </meta-data>
    <meta-data>
        <name>hpaa.slotid</name>
        <value>OutboundConnectionCredentials</value>
    </meta-data>
    <meta-data>
        <name>forward-credentials-from-vault</name>
        <value>true</value>
    </meta-data>
    <meta-data>
        <name>form-action-url</name>
        <value>https://the_remote_server.com/doLogin.php</value>
    </meta-data>
    <meta-data>
        <name>form-field-name-user</name>
        <value>user_id</value>
    </meta-data>
    <meta-data>
        <name>form-field-name-password</name>
        <value>user_id_password</value>
    </meta-data>
    <meta-data>
        <name>form-additional-fields</name>
        <value>param1=value1,param2=value2</value>
        </meta-data>
    <meta-data>
        <name>form-session-cookies</name>
        <value>sessioncookie1,sessioncookie2</value>
    </meta-data>
</policy>

    Set the following metadata parameters as required:

      hpaa.slotid
      Specify the slot ID of the credential vault. For information about how to provide the user credentials of the remote connection, read Provide user credentials for authenticated connections.

      forward-credentials-from-vault
      Specify the credentials of the form-based authentication are gathered from the Credential Vault.

      form-action-url
      Specify the URL to which the form data is submitted.

      form-field-name-user
      Specify the ID of the HTML <input> tag containing the user ID. In the previous example, the specified value is user_id.

      form-field-name-password
      Specify the ID of the HTML <input> tag containing the password. In the previous example, the specified value is user_id_password.

      form-additional-fields
      Names of the additional HTML input elements that are present in the form. In the previous example, the specified elements are param1=value1 and param2=value2.

      form-session-cookies
      Names of the session cookies that are received from the remote server as part of Set-Cookie headers when the form is submitted and the authentication is successful. In the previous example, the specified cookies are sessioncookie1 and sessioncookie2.


    Parent Authenticating outbound HTTP connections