Tuesday, 25 May 2010

WebSphere Portal and Form Based Authentication

One of my Australian pals, Adam Brown, was trying to get a 3rd party search engine to work with secured content in WebSphere Portal ( content behind the /wps/myportal rather than /wps/portal URL ).

After some more digging, he was able to resolve this by inspecting the source of the portal's login page ( using the View Source function that most decent browser off ) - the login page being reached when you open  a browser to http://portal.domain.com/wps/myportal ).

As an example, here's the login form from a WebSphere Portal 6.1 implementation: -

<form method="POST" action="/wps/portal/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hnd0cPE3MfAwMLFzcLAyMnUzPPQAMXAwNfM_1wkA6zeAMcwNFA388jPzdVvyA7rxwAI9wpVw!!/dl3/d3/L0lDUWtpQ1NTUW9LVVFBISEvb0lvZ0FFQ1FRREdJUXBURE9DNEpuQSEhLzRDd2lSLXJmbTE2SWt5WGlnRUEhLzdfQ0dBSDQ3TDAwOERGODAyQjU2SVEwRDAwRTAvd3BzLnBvcnRsZXRzLmxvZ2lu/" name="LoginForm">
<table width="70%" cellspacing="2" cellpadding="0" align="left" border="0">
<tr>
<td class="wpsEditText" align="left">
<label for="userID">User ID:</label>
</td>
</tr>
<tr>
<td class="wpsFieldText" align="left">
<input dir="ltr" type="text" style="width:112px;" id="userID" name="wps.portlets.userid" value=""/>
</td>
</tr>
<tr>
<td class="wpsEditText" align="left">
<label for="password">Password:</label>
</td>
</tr>
<tr>
<td class="wpsFieldText" align="left">
<input dir="ltr" type="password" style="width:112px;" id="password" name="password"/>
</td>
</tr> 
 
<tr>
<td>&nbsp;</td>
</tr> 
 
<tr>
<td>
&nbsp;
</td>
</tr> 
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="4">
<tr>
<td nowrap>
<input class="wpsButtonText" style="cursor:pointer;" type="submit" border="0" align="absmiddle" name="ns_7_CGAH47L008DF802B56IQ0D00E0__login" value="Log in" />
</td>
<td nowrap>
<input class="wpsButtonText" style="cursor:pointer;" type="submit" onclick="javascript:setCancelURL();return;" border="0" align="absmiddle" name="ns_7_CGAH47L008DF802B56IQ0D00E0__cancel" value="Cancel" />
</td>
</tr>
</table>
</td>
</tr> 
</table>
</form> 

In Adam's case, he was pointing his search engine crawler against the URL of the login page ( on which the login portlet is deployed ) rather than against this login form.

I'm sure he'll do a much better job of writing this up on his blog when he gets back from vacation ...

No comments: