I'm setting up a new Webptop with Portal and Weblink resources. I have SSO working with my sites that use Basic auth and now I'm trying to a site that uses Forms-based authentication. The website is hosted externally so I configured it as a Portal resource and applied an SSO object to the Portal resource. When I clink on the link in the Webtop the username and password fields are sent to the server but I'm not able to authenticate. After troubleshooting for a while I found that the website uses a hidden parameter named authenticity_token. This parameter is dynamically generated when you load the login page. When you enter our username and password and click submit the username, password and authenticity_token parameters are sent.
It looks like I should be able use a session variable to send this hidden field. Do I have to assign this variable in my VPE? Or should I use a client initiated form SSO object for this?
I've set up a client initiated SSO object. When I login to the site I get a blank page. I'm assuming that means that my form identification is failing because I never see the POST from my browser. I've tried multiple settings but this seems like it should be easy.
Login URI: /cas/login Username field name: username Password filed name: password
I have the form detection field set to URI: /cas/login The Form identification is Form parameters.
One thing I'm not sure of is if the Form name is just used to identify the Form object or if it needs to be set to the actual form name value on the website. I don't see a form name on the website - I only see the form id.
If that isn't causing the problem then I'm probably missing something dumb in my config.