This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Websphere and the fly likes Problem with Custom Challenge Type Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "Problem with Custom Challenge Type " Watch "Problem with Custom Challenge Type " New topic
Author

Problem with Custom Challenge Type

Derek
Greenhorn

Joined: Jul 24, 2002
Posts: 4
Enable Websphere Security by using Custom Challenge Type??
IBM Websphere 3.5.4
Windows NT Server 4.0
IBM SecureWay LDAP
Settings:
Enable Security of Websphere (General)
Select the Custom Challenge Type (Configure Application Security settings)
Define Login URL and Relogin URL (Configure Application Security settings)
Select the LTPA authentication mechanism (Authentication Mechanism settings)
Enable Single Sign-On (Authentication Mechanism settings)
When I am trying to access secure servlet, websphere is correctly redirecting
to custom login.html and after inserting user ID and password after submitting,
it is going to CustomLoginServlet (same as in Websphere examples) and instead of
going to the original servlet is showing again login.html.
I put some messages in AbstractLoginServlet so I can see that it is authenticating properly
and SSO is set to true. One of the reason can be that my CustomLoginServlet was not secure
but when I secure CustomLoginServlet, it is not accessible and Login.html is displayed
without even accessing CustomLoginServlet.
How I can know if token is attached to request?
Does anybody know if I have to secure CustomLoginServlet.
How it suppose to work?
I tried to find some good examples or description how to set
Custom Challenge Type but except general information I couldn’t
Find any.
Thanks
Derek
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

How I can know if token is attached to request?
get a proxy program (like HttpInspector, it's free but you'll have to do a search to find it). The token will show up on the request if it exists

Does anybody know if I have to secure CustomLoginServlet.
You don't have to but it is recommended since otherwise the credentials are sent as clear text.
How it suppose to work?
Um, I'm going to skip this one.
I tried to find some good examples or description how to set Custom Challenge Type but except general information I couldn't Find any.
I've only done it in WS 4+, and the best advice I can give is to make sure you apply all patches and fix packs and efixes and whatever rubbish there is. We've had a hell of a time getting it up and it still seems slightly unstable.
Dave
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

"Derek",
Your display name is invalid. We require name to consist of a first name, a space, then your last name and strongly recommend you use your real name.
for more info, check the naming policy: http://www.javaranch.com/name.jsp
Dave
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Problem with Custom Challenge Type
 
Similar Threads
Migrating JAAS from JBoss to Websphere 6.1
000-341 sample test questions
Test 340 Answers
Passed 700,701 and 340 last Thursday
answer for IBM 340 WAS 5.0 Admin?