Can you provide the flow shown in Slide 5, when you send the request to protected resource but the session cookie expired or invalid ? What will happen in this situation ?
Will Worklight redirect the user to the login screen of the application and what happen to the application, will WL resubmit the original request and will the application return the original screen where you sent the request ? Or do user have to go to the home screen of the application and redo all the steps.
Also can you provide the flow on slide 5 when you use Web Seal/Tam reverse proxy for authentication between device and WL server ?
Notice: We have upgraded developerWorks Community to the latest version of IBM Connections. For more information, read our upgrade FAQ.
This topic has been locked.
Pinned topic Question on Worklight Authentication flow when the session cookie expires
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
MichaelOrtman 270005F5YJ35 Posts
Re: Question on Worklight Authentication flow when the session cookie expires2012-10-05T18:24:14ZThis is the accepted answer. This is the accepted answer.Your work light application should automatically redirect to the login screen in the scenario of the session cookie is expired or has become invalid. This is done using a Challenge Handler (see the same authentication concepts training module on Challenge Handlers). Once the user performs a submitSuccess() inside the challenge handler, the request will be resent. Its up to the challenge handler to get the app back where it is supposed to be.
For your TAM/WebSEAL flow request:
￼￼￼￼￼￼￼￼￼￼￼￼￼￼Unauthenticated request tries to access the protected resource
TAM/WebSEAL acts as a reverse proxy, and returns a login form if LTPA cookie has expired/invalid.
Challenge handler detects challenge, collects user credentials and sends them to TAM/WebSEAL
WebSEAL sets an LTPA cookie and sends login success response back to client.
Client application automatically reissues the original request
TAM/WebSEAL forwards request to worklight server, where the Authenticator/Login Module logs in the user based on the LTPA token
Client receives original request's response from worklight server through TAM/WebSEAL
Topology looks something like this:
(DEVICE) --> (WEBSEAL) --> (WORKLIGHT SERVER)
Hope this helps,