The WM product is Integration Server 6.5 SP1.
I am using Entrust GetAccess to have Single Sign On and protect the IS Resources.
The user has firstly to login with Entrust GetAccess. Then it creates a cookie and can push up the username and password to the http header.
How can I handle the authentication with IS 6.5 (since it is a pop up window and not a web page)? Should I develop a pluggable authentication module? Is there any solution for IS to retrieve the username/password from the cookie or http header?
Thanks in advance for your reply.
Are you attempting to restrict user access to IS Admin pages or ability to invoke IS services via HTTP post?
The MyWebMethods / webMethods Access product supports single signon via various secure proxy servers and may be a path to evaluate if you are attempting to create and secure web-based user interfaces to IS services. However, in this release that approach would not help in securing access to IS Admin pages or HTTP-based service invocation.
Yes, I want to restrict user access to IS admin pages and invoked http-based services.
Actually getAccess works well by protecting the different URLs and web folders. For example, if a user wants to go to the IS admin page [URL=“http://www.mydomain.com/WmRoot/index.dsp”]http://www.mydomain.com/WmRoot/index.dsp[/URL], GetAccess will check first the user credentials and permissions to access this URL (after that the user logged on).
This system is working quite well. The only bothering thing is when getAccess redirects the user to the IS resources (like the IS admin pages), IS asks again the user to authenticate with a pop-up window.
So I wanted to know if it is possible to pass the credentials through the http header, allowing to disable this pop-up window and to authenticate the user “silently”…
Another quick question!
How to disable the pop-up window when authenticating to the Integration Server? (if I want to use the pluggable module for ex.)