Local response redirection configuration example
The following example steps summarize the configuration required to implement local response redirection. This example illustrates the combined implementation of local response redirection with an external authentication interface service.
The following variables are used in this example:
- jct is the name of the WebSEAL junction
- eai-redirect-app is the name of the custom application that provides combined external authentication interface and local response redirection services
- authn-handler is the name of the custom authentication service (such as a servlet, JSP, or CGI)
- response-handler is the name of the custom response handling service (such as a servlet, JSP, or CGI)
Example:
- A custom external authentication interface service is implemented
on the junctioned server to handle the WebSEAL authentication process:
webseal/jct/eai-redirect-app/authn-handler - Enable local response redirection to handle responses to requests:
[acnt-mgt] enable-local-response-redirect = yes - Specify the location of the custom response handling application
(Location URI):
[local-response-redirect] local-response-redirect-uri = /jct/eai-redirect-app/response-handler - Specify that the URL requested by the client (supplied by the
URL macro) be returned in the Location URI query string of the local
response redirection:
[local-response-macros] macro = URL - Client requests a resource requiring authentication:
https://webseal/jctB/resource.html - WebSEAL returns an HTTP 302 response containing the following
Location URI header (entered as one line). The login operation required
is specified in the query string as: TAM_OP=login:
Location: https://webseal/jct/eai-redirect-app/response-handler?TAM_OP=login& URL=http%3A//webseal/jctB/resource.html - The custom response handling application provides a response to the client (consistent with a login operation) and makes use of the resource URL information provided.
- The client completes one or more interactions with the custom response handler and is eventually routed to the external authentication interface where the actual authentication is performed.