B2B darklogin.do - What is it and how do we use it?
I have seen this used on a live site and would like to know what it is and how it's intended to be used...and where to set it up.
I suspect there might be some ability to allow users to browse a B2B site catalog without logging in until they try to add to a cart,
which is when one site I've found then pops up the https://www.shopsite.c../b2b/b2b/darklogin.do screen.
This has apparently been around for quite a while and is on our CRM4 server in the WEB-INF/config.xml
Hopefully there is someone out there the can shed some light on this!
<action path="/b2b/coreinit" type="com.sapmarkets.isa.isacore.action.IsaCoreInitAction"> <forward name="success" path="/b2b/relogin/setcookie.do"/> <forward name="darklogin" path="/b2b/relogin/setcookie.do?forward=darklogin"/> </action> <action path="/b2b/relogin/setcookie" type="com.sapmarkets.isa.core.action.SetReloginCookieAction"> <forward name="success" path="/b2b/preparelogin.do"/> <forward name="darklogin" path="/b2b/preparelogin.do?forward=darklogin"/> </action>
The folowing "actions" are preludes to the real login in ISA (B2B)
init - InitiAction
coreinit - IsaCoreInitAction
setcookie - SetReloginCookieAction
preparelogin - PrepareLoginAction
login - DetermineBrowserVersionAction
The forward darklogin is used in cases (2) or (3) based on certain
circumstance. Nothing special happens in darkLogin.
In Case (2), if the user ID and password are available in the request
context or passed in URL parameters (UserId and nolog_password or
password), then, ISA takes the darklogin checks. Any logon
credential given in the URL parameter willbe moved to request attributes
in this step.
Case (3) is usually the portal scenario - the login credentials are
available in loginCookie. The user ID is usually set to
"$MYSAPSSO2$" and the password is set to the long Logon Ticket.
This ticket is the authentication mechanism based on pre-established
trust configured between the Portal system and the CRM or R/3
backend system. This ticket when decrypted correctly, will contain the
Portal UserID and the SSO2 credentials - not any user password. The
original code of this class doesn't even have active code that sets the
forward to darklogin !
If you see the action paths you have identified, the darklogin merely
goes to the same path taken otherwise by the success forward. It
follows the normal flow until it reaches reallogin.
reallogin - LoginAction
In both the cases, they still go through the reallogin step. It is here the
ISA determines to either show the logon page (login.jsp) or skip the
login page. This is strictly based on the URL parameter or request
context attrbutes. And the site you are talking about - that shows a
popup - unless they have added any custom development that is not
available in the standard code.
darkLogin in B2C
Only B2C gives any special action path for darklogin. But don't
get excited, here too, nothing special happens. It is only executing the
<action path="/b2c/darklogin" name="loginForm" type="com.sapmarkets.isa.isacore.action.b2c.LoginAction"> <forward name="success" path="/b2c/createOrUpdateUserCookie.do?nextStep=shoplist"/> <forward name="failure" path="/b2c/shoplist.do"/> </action> ... <action path="/b2c/preparelogin" type="com.sapmarkets.isa.user.action.PrepareLoginAction"> <forward name="success" path="/b2c/login.do"/> <forward name="failure" path="/b2c/shoplist.do"/> <forward name="darklogin" path="/b2c/darklogin.do"/> </action>
So, conclusion: Nothing special happens in darkLogin.