Http Header Authentication Admin Portlet
Portlet Title | Http Header Authentication Admin |
Portlet Name | wm_httpheaderauth |
Portlet File Name | wm_httpheaderauth.pdp |
Top-level Folder | admin |
JSR168 Portlet? | No |
Alias | portlet/wm_httpheaderauth |
Default Instances of the portlet | Folders > Administrative Folders > Administration Dashboard > Configuration > Http Header Authentication Administration |
Security. Administrators use this portlet to secure My webMethods Server authentication with an external security provider, for example, SiteMinder or Oblix.
To allow an external security provider to control My webMethods Server authentication, administrators use this portlet to deploy My webMethods Server into an Enterprise Security Infrastructure. As a result, the external security provider passes the user ID information that My webMethods Server is to use for authentication in the HTTP header. For more information, see information about external configuration credentials in Administering My webMethods Server.
Properties
User Header Name (userHeaderName)
Identifies the HTTP header field that you want My webMethods Server to examine to determine the identity of the current user making a request. Specify an HTTP header field. The external security system sets the value of this field in the HTTP header. By default, My webMethods Server uses the sm_user field to determine the current user.
Enable HTTP Header Authentication (enableHttpHeaderAuth)
Indicates whether you want My webMethods Server to actively look for the HTTP header field identified by the User Header Name (userHeaderName) property and automatically log in users. Specify one of the following:
true –
My webMethods Server uses the User Header Name (userHeaderName) property to automatically log in users.
false – Default.
My webMethods Server does not automatically log in users.
Logout URL (logoutURL)
Defines the page to redirect a user to after the user logs off My webMethods Server. Specify the URL of the page. The ability to redirect a user to another URL is dependent on the external security infrastructure.
If the property has no value, although the user is able to log out of My webMethods Server, the security provider does not recognize the attempt to log off. As a result, the next request following the log off attempt passes through the security provider and My webMethods Server automatically logs the user in again.