![\"\"](\"http:\/\/h2916922.stratoserver.net:8084\/wp-content\/uploads\/2017\/05\/Login-from-portal.png\")
<\/a><\/p>\nThe sequence explained:<\/p>\n
When a user clicks a link to the Content Navigator (1), a snippet of javascript evaluates if the user is currently authenticated by requesting a resource on the application server (2). If by any chance a http 200 is issued, the user will be forwarded to the Content Navigator (3), otherwise in case of http 403 (forbidden), a request is made to the portal backend for a new login link.<\/p>\n
As the portal backend keeps track of who is currently logged in, it will be able to append a Token to a database (6\/7). This token contains a random-unique byte sequence, an expiry date and the current user’s e-mail address. The expiry date is used to make sure the token is only valid for a very short time, the unique token will act as a non guessable ‘secret’ between the portal and the application server.<\/p>\n
The portal frontend receives the generated token, and appends it as a parameter to the original requested URL. The url is then loaded in \u00a0the browser (9\/10).<\/p>\n
When Websphere receives the request, it will determine that the current user is not authenticated and will try to use the Trusted Authentication Intercepter to authentiate the request(11).<\/p>\n
The TAI will fetch the token from the URL parameter and tests it’s validity. If valid, it will translate the associated e-mail to a fully distinguished name for Websphere to authenticate (12-16). Websphere authenticates and handles the request, the user is now logged in.<\/p>\n
<\/p>\n
Unfortunately i wont be able to share the client’s code, but i’d be happy to help you out on a similar solution if you need any directions.<\/p>\n","protected":false},"excerpt":{"rendered":"
When traditional SSO is not an option (e.g. due to the lack of infrastructure), it still is possible to move between web-applications while sharing authentication. In this post\u00a0i’ll share a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-555","post","type-post","status-publish","format-standard","hentry","category-geen-categorie"],"_links":{"self":[{"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/posts\/555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=555"}],"version-history":[{"count":4,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/posts\/555\/revisions"}],"predecessor-version":[{"id":562,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/posts\/555\/revisions\/562"}],"wp:attachment":[{"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}