Capturing user login credential and passing it as encrypted cookie/header
Hi All,
I'm trying to capturing user login credential and passing it to the destination application in the form of encrypted string using http cookie/header. The setup we have in our testing environment is as follow:
- An Apache web server 2.0.34 with Policy agent 2.2 that is setup to accept the URL of an application and redirect to Sun Access Manager 7 for authentication.
-One authenticated, the browser is redirected back to the original application URL.
What I'm trying to achieve here is to capture the user login credentials (at access manager login application), encrypt it and set it as cookie or header string so that when it is redirect to the destination application, the information can be retrieved. However, we encounter several problems:
1. When it is redirect, the request object is a different one - we lost the information we set in the cookie/header
2. According to SAM and policy agent administrator reference and developer guide, we are suppose to be able to achieve similar task by configuring properties such as Profile, Session, or Response attribute in the AMAgent.properties. We have configured as documented but we can see no effect (policy agent log doesn't show any error neither.)
One thing we notice though, is that a cookie named iPlanetDirectoryPro was set while the reques is in SAM and then after redirected back to the original application URL, it is still there but not our own custom cookie/header string.
Does any one know what's wrong with the above setup? Did we missed something in configuration?
Any help is greatly appreciated.
