Ok, you've got Form-based authentication discussed on page 647, and you've got data confidentiality / integrity discussed on page 652. If you compare them, you'll see that they work independently of one another
To get them to work together, check out pages 653-655!
Good luck on the exam, let us know how you do! And... if it seems that you need more time to study, postpone the exam!
Spot false dilemmas now, ask me how!
(If you're not on the edge, you're taking up too much room.)
Joined: Nov 30, 2004
I got this error "Invalid direct reference to form login page" when i typed correct username and password.
Do we need to install real cert for the FORM-based authentication and CONFIDENTAIL option in <transport-guarantee> ?
If you look at the figure in page 655 of HFS, it says that if the <user-data-constraint> is configured in the DD, then the server informs the client to come on a secure protocol ie https. So I think you need to have digital certificate installed on the server to get this working.