securing the login - Websphere

This is a discussion on securing the login - Websphere ; I need to secure (https) the submition of user credentials (uid/psswrd) but not the content browsing. I set the UseSecureLoginActionUrl preference in Login portlet which makes it submit uid and psswrd over https as required. However after logging in protocl ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: securing the login

  1. securing the login

    I need to secure (https) the submition of user credentials (uid/psswrd) but not the content browsing. I set the UseSecureLoginActionUrl preference in Login portlet which makes it submit uid and psswrd over https as required. However after logging in protocl is still https. I tried setting redirect.login.https=false in ConfigService.properties but then I get "The page cannot be displayed" when Login portlet form tries to submit to portal. I can make portal go back to http by setting redirect.login.url=http://.... but this will override redirects that login command code uses to redirect users to originally requested urls after they authenticate (e.g. WASReqURL cookie).
    Any ideas are appreciated.

  2. Re: securing the login

    OK, got it (RTFM): host.port.http needed to be set too. See:
    http://publib.boulder.ibm.com/infoce...ssl_login.html

+ Reply to Thread