Topic
1 reply Latest Post - ‏2012-10-05T18:24:14Z by MichaelOrtman
Pamu
Pamu
17 Posts
ACCEPTED ANSWER

Pinned topic Question on Worklight Authentication flow when the session cookie expires

‏2012-10-05T17:42:25Z |
Can you provide the flow shown in Slide 5, when you send the request to protected resource but the session cookie expired or invalid ? What will happen in this situation ?

Will Worklight redirect the user to the login screen of the application and what happen to the application, will WL resubmit the original request and will the application return the original screen where you sent the request ? Or do user have to go to the home screen of the application and redo all the steps.

http://public.dhe.ibm.com/ibmdl/export/pub/software/mobile-solutions/worklight/docs/Module_20_-_Authentication_Concepts.pdf

Also can you provide the flow on slide 5 when you use Web Seal/Tam reverse proxy for authentication between device and WL server ?
  • MichaelOrtman
    MichaelOrtman
    35 Posts
    ACCEPTED ANSWER

    Re: Question on Worklight Authentication flow when the session cookie expires

    ‏2012-10-05T18:24:14Z  in response to Pamu
    Your work light application should automatically redirect to the login screen in the scenario of the session cookie is expired or has become invalid. This is done using a Challenge Handler (see the same authentication concepts training module on Challenge Handlers). Once the user performs a submitSuccess() inside the challenge handler, the request will be resent. Its up to the challenge handler to get the app back where it is supposed to be.
    For your TAM/WebSEAL flow request:

    Unauthenticated request tries to access the protected resource
    TAM/WebSEAL acts as a reverse proxy, and returns a login form if LTPA cookie has expired/invalid.
    Challenge handler detects challenge, collects user credentials and sends them to TAM/WebSEAL
    WebSEAL sets an LTPA cookie and sends login success response back to client.
    Client application automatically reissues the original request
    TAM/WebSEAL forwards request to worklight server, where the Authenticator/Login Module logs in the user based on the LTPA token
    Client receives original request's response from worklight server through TAM/WebSEAL
    Topology looks something like this:
    (DEVICE) --> (WEBSEAL) --> (WORKLIGHT SERVER)

    Hope this helps,
    Mike Ortman