WAS Liberty: SSO Cookie is not set on software login

Question

WAS Liberty: SSO Cookie is not set on software login

I tried to do the old fashioned WAS Liberty login using the LoginContext:

CallbackHandler callbackHandler = WSCallbackHandlerFactory
                .getInstance().getCallbackHandler("userName",
                        "realmName", "password", request,
                        response, null);
LoginContext loginContext = new LoginContext("system.WEB_INBOUND",
                callbackHandler);
loginContext.login();
System.out.println(loginContext.getSubject());
WSSubject.setRunAsSubject(loginContext.getSubject());

The code completed successfully and the user is authenticated, but only for this specific request. I found out that SSO Cookie (Ltpa) is not installed, so I tried to install it manually:

response.addCookie(WebSecurityHelper.getSSOCookieFromSSOToken());

The SSO Cookie is now set, but is removed / reset on next request.

When I use the login-Method on HttpServletRequest everything looks the same, but the cookie is not deleted.

Does anyone know how to programmatically login to WAS Liberty using user registry and cookies for SSO?

Regards, Billie

+3

websphere-liberty jaas ltpa

Billie 01 jul. 15 at 8:36

source to share

1 answer

Ajay · Answer 1 · 2015-07-06T21:16:20+0000

The JAAS registration process with WAS Liberty authenticates the user and creates the user's theme. The cookie is created after the object is successfully created - outside of the JAAS login process.

As you confirmed, HttpServletRequest.login creates a cookie. So there should be a HttpServletRequest.authenticate method. You can use any of them.

If you would like the JAAS registration process to create a cookie, you can open a Feature Request (RFE) here

- Ajay

WAS Liberty: SSO Cookie is not set on software login

More articles: