Hi Folks,

I am working on a Portal 6 - Web AS 6.40 SPS 21

I have strange proprietary application (I guess aspx) handling user authentication in the production Portal: whenever a user points the browser to the production portal public URL (say https://portal.customer.com), a reverse proxy forward the request to the custom auth app; the user enters his domain credentials and, if successful, he's redirected over the Portal, in an authenticated session (if I look at the browser cookies I can see the SAPSSO2).

Now the problem: I would like my web module project (I am writing a very simple JSP using Web Module Project and Ent. App. project to deploy) to behave exactly as /irj does from a security perspective.

Question 1: how do I have to set up security in my xml descriptors (web.xml and web-j2ee-engine.xml) in NWDS to achieve this?

Question 2: do I need to change the auth template in the Security Provider in Visual Adiministrator for my app, or just leave it with the "basic" auth module it originally comes? I am confused about this because I would expect a "ticket" template with its 5 modules stack to be more appropriate then "basic", but if I look at how irj is configured in the Security Proivider, I see only "basic" used...

Finally: I am (try to be) a strict-RTFM-observer as much as I can, but I really need your help here guys.

Hope someone can shed some light on this foggy topic.

Thanks in advance.

Cheers,

Alex