-
securing the login
I need to secure (https) the submition of user credentials (uid/psswrd) but not the content browsing. I set the UseSecureLoginActionUrl preference in Login portlet which makes it submit uid and psswrd over https as required. However after logging in protocl is still https. I tried setting redirect.login.https=false in ConfigService.properties but then I get "The page cannot be displayed" when Login portlet form tries to submit to portal. I can make portal go back to http by setting redirect.login.url=http://.... but this will override redirects that login command code uses to redirect users to originally requested urls after they authenticate (e.g. WASReqURL cookie).
Any ideas are appreciated.
-
Re: securing the login
OK, got it (RTFM): host.port.http needed to be set too. See:
[url]http://publib.boulder.ibm.com/infocenter/wpdoc/v6r0/topic/com.ibm.wp.exp.doc/wpf/config_ssl_login.html[/url]
