Simple Login Form

This template route intercepts the login page request, replaces it with a login form, and logs the user into the target application with hard-coded username and password:

Simple Login Form
{
  "heap": [
    {
      "name": "ReverseProxyHandler",
      "type": "ReverseProxyHandler",
      "comment": "Testing only: blindly trust the server cert for HTTPS.",
      "config": {
        "tls": {
          "type": "ClientTlsOptions",
          "config": {
            "trustManager": {
              "type": "TrustAllManager"
            }
          }
        },
        "hostnameVerifier": "ALLOW_ALL"
      }
    }
  ],
  "handler": {
    "type": "Chain",
    "config": {
      "filters": [
        {
          "type": "PasswordReplayFilter",
          "config": {
            "loginPage": "${request.uri.path == '/login'}",
            "request": {
              "method": "POST",
              "uri": "https://app.example.com:8444/login",
              "form": {
                "username": [
                  "MY_USERNAME"
                ],
                "password": [
                  "MY_PASSWORD"
                ]
              }
            }
          }
        }
      ],
      "handler": "ReverseProxyHandler"
    }
  },
  "condition": "${matches(request.uri.query, 'demo=simple')}"
}

To try this example with the sample application:

  1. Add the following route to IG:

    $HOME/.openig/config/routes/21-simple.json
    %appdata%\OpenIG\config\routes\21-simple.json
  2. Replace MY_USERNAME with demo, and MY_PASSWORD with Ch4ng31t.

  3. Add the following route to serve static resources, such as .css, for the sample application:

    $HOME/.openig/config/routes/static-resources.json
    %appdata%\OpenIG\config\routes\static-resources.json
    {
      "name" : "sampleapp_resources",
      "baseURI" : "http://app.example.com:8081",
      "condition": "${matches(request.uri.path,'^/css')}",
      "handler": "ReverseProxyHandler"
    }
  4. Go to http://openig.example.com:8080/login?demo=simple.

    The sample application profile page for the demo user displays the following information about the request:

    Method	POST
    URI	/login
    Cookies
    Headers	content-type: application/x-www-form-urlencoded
    content-length: 31
    host: app.example.com:8444
    connection: Keep-Alive
    user-agent: Apache-HttpAsyncClient/4.1.2 (Java/1.8.0_144)

To use this as a default route with a real application:

  1. Replace the test ReverseProxyHandler with one that is configured to trust the application's public key server certificate. Otherwise, use a ReverseProxyHandler that references a truststore holding the certificate.

    Configure the ReverseProxyHandler to strictly verifiy hostnames for outgoing SSL connections.

    In production, do not use TrustAllManager for TrustManager, or ALLOW_ALL for hostname verification. For information, see "ReverseProxyHandler".

  2. Change the uri, form, and baseURI to match the target application.

  3. Remove the route-level condition on the handler that specifies a demo query string parameter.

Read a different version of :