securing the login
I need to secure (https) the submition of user credentials (uid/psswrd) but not the content browsing. I set the UseSecureLoginActionUrl preference in Login portlet which makes it submit uid and psswrd over https as required. However after logging in protocl is still https. I tried setting redirect.login.https=false in ConfigService.properties but then I get "The page cannot be displayed" when Login portlet form tries to submit to portal. I can make portal go back to http by setting redirect.login.url=http://.... but this will override redirects that login command code uses to redirect users to originally requested urls after they authenticate (e.g. WASReqURL cookie).
Any ideas are appreciated.
Re: securing the login
OK, got it (RTFM): host.port.http needed to be set too. See: