Login Form With Password Replay and Cookie Filters
When a user without a valid session tries to access a protected application, this template route works with an application to return a login page.
The route uses a PasswordReplayFilter to find the login page by using a pattern that matches a mock AM Classic UI page.
Cookies sent by the user-agent are retained in the CookieFilter, and not forwarded to the protected application. Similarly, set-cookies sent by the protected application are retained in the CookieFilter and not forwarded back to the user-agent.
The route uses a default CookieFilter
to manage cookies. In this default configuration, cookies from the protected application are intercepted and stored in the IG session. They are not sent to the browser. For information, see "CookieFilter".
{ "handler": { "type": "Chain", "config": { "filters": [ { "type": "PasswordReplayFilter", "config": { "loginPageContentMarker": "OpenAM\\s\\(Login\\)", "request": { "comments": [ "An example based on OpenAM classic UI: ", "uri is for the OpenAM login page; ", "IDToken1 is the username field; ", "IDToken2 is the password field; ", "host takes the OpenAM FQDN:port.", "The sample app simulates OpenAM." ], "method": "POST", "uri": "http://app.example.com:8081/openam/UI/Login", "form": { "IDToken0": [ "" ], "IDToken1": [ "demo" ], "IDToken2": [ "Ch4ng31t" ], "IDButton": [ "Log+In" ], "encoded": [ "false" ] }, "headers": { "host": [ "app.example.com:8081" ] } } } }, { "type": "CookieFilter" } ], "handler": "ReverseProxyHandler" } }, "condition": "${matches(request.uri.query, 'demo=classic')}" }
To try this example with the sample application:
Save the file as
$HOME/.openig/config/routes/23-classic.json
.Use the following curl command to check that it works:
$
curl -D- http://openig.example.com:8080/login?demo=classic
HTTP/1.1 200 OK Set-Cookie: IG_SESSIONID=24446BA29E866F840197C8E0EAD57A89; Path=/; HttpOnly ...
To use this as a default route with a real application:
Change the
uri
andform
to match the target application.Remove the route-level condition on the handler that specifies a
demo
query string parameter.