Custom Authentication

 

Documentation home

 

See also: User Authentication

 

 

Custom Authentication can be used to authenticate users where some sort of user-related information is available from the HTTP request e.g. as a URL parameter containing a user name or a token, an HTTP header or a cookie. This option cannot be used to pop-up any sort of dialog where the user enters their credentials, it can only be used where this information is already available. Once the user-related details have been extracted, they are passed to a Logon Service where they can be checked and any additional roles, credentials and authorizations can be added.

 

Custom Authentication is configured on the User Authentication page of the Server Admin App.

 

The XILogonExit program intercepts all HTTP requests, extracts user related information from the request and passes it to the specified Logon Service to be authenticated.

 

         

 

User related information can be extracted from the request URL – this might be a userid or some sort of token representing the userid. The following options are supported as standard:

 

·         Extract information from a request parameter

·         Extract information from the request header

·         Extract information from a cookie.

 

As a special case, information from the HttpServletRequest object can be queried using request header variables. This can be used for all get… methods on HttpServletRequest that return a String. For example:

  • Request header variable remoteUser provides the userid set by the application server (by invoking the getRemoteUser() method on HttpServletRequest)
  • Request header variable remoteAddr provides the requester’s IP address (by invoking the getRemoteAddr() method on HttpServletRequest)

See Javadoc on HttpServletRequest for details of additional get.. methods.

 

 

Implementation 

The steps to implement XILogonExit to meet the security requirements of your organisation are:

 

  1. Write and test the Logon Service
  2. Configure Custom Authentication using the Server Admin App

 

Write and test the Logon Service

Click here for details.

Configure Custom Authentication

 

The parameter properties represent 3 parameters where each parameter is a name/source combination. Each one of these 3 parameters controls where a specific piece of information about the user can be found. The source properties must be one of URL, HEADER or COOKIE. The system extracts the value for each parameter from the HTTP request and passes this to the Logon Service as shown in the examples below:

 

Example 1: User information passed on the URL:

This assumes that the usertoken parameter has been added to the URL. The script implementing the logon exit does the job of translating this into a userid.

 

URL: http://www.mycorp.com/ebase/MyForm.eb?usertoken=973765AB34

 

Logonexit.ParameterName1=usertoken

Logonexit.ParameterSource1=URL

 

This will result in the following input fields to the web service (see request document format below):

PARAM1_VALUE=973765AB34

PARAM1_SOURCE=URL

 

Example 2: User information passed as request header variable:

Here we are extracting the userid set by the application server. This can be configured to contain the Windows domain userid.

 

Logonexit.ParameterName1=remoteUser

Logonexit.ParameterSource1=HEADER

 

This will result in the following input fields to the web service – where the userid is jxsmith (see request document format below):

PARAM1_VALUE= jxsmith

PARAM1_SOURCE=HEADER

 

 

Example 3: User information passed using cookies:

In this example we will assume that 2 cookies have been created:

 

Officeloc : provides the usual office location of the user, and has the value London

Userref : provides a personnel number or some other user reference, and has the value 753864

 

In this example we have an imaginary company that has implemented different security systems for different parts of the organisation (represented by cookie officeloc). Userref might represent a userid for one office location or a personnel number for another location.

 

Logonexit.ParameterName1=Officeloc

Logonexit.ParameterSource1=COOKIE

Logonexit.ParameterName1= Userref

Logonexit.ParameterSource1=COOKIE

 

This will result in the following input fields to the web service (see request document format below):

PARAM1_VALUE=London

PARAM1_SOURCE=COOKIE

PARAM1_VALUE=753864

PARAM1_SOURCE=COOKIE