on 08-31-2015 10:21 PM
Hello Experts,
We are using single sign on authentication (SPNEGO) through active directory whereby the system grabs the username of the logged in Windows user and defaults that user as authenticated in MII. This is the desired effect for 95% of the cases, however, we need a way to prompt a user for their credentials. I have read the articles about clearing authentication cache: using
document.execCommand("ClearAuthenticationCache"))
however the system just keeps obtaining the user's logged in active directory credentials and does not provide the means to an alternative login.
Does anybody know how to get MII to override this and prompt a user for their credentials? We are also ok to pass in a userid, such as userid=userx if this is a valid method.
Thank you,
Corey
User Web Browser: IE11
MII: 14.0 SP6 Patch 9
Netweaver: 7.31
Hi Corey,
In one of our applications, we had created application level roles to enable access to the users. Also to enable page level authorizations, we wrote custom logic at page level to check the user roles and based on the role grant him access to the page. This is because the .irpt page level authorization is not supported in MII (we are on ver. 12.2).
Maybe you could opt for a similar approach for your implementation if that suits.
Regards,
Saumya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Corey,
You can modify the logon stack for MII and add BasicPasswordLoginModule but that will affect the whole MII, i.e. you cannot limit it only to a page.
Best regards,
Krasi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Authenticate the required pages with j_user and j_password in the URL if you want them to run at some point under a different set of credentials than the one provided by the SSO.
Another option is to make the process more transactional and run the transactions you need with a given username and password, in the way you run them in the scheduler.
Then you can use web service calls to the illuminator runner with any kind of authentication.
User | Count |
---|---|
10 | |
5 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.