Hi Krish,
There are a few parts to this question. Let me split them out.
First, the question of triggering different (external) authentication for different junctions.
How are you currently triggering EAI? If it is using local-response-redirect then you can make this configuration junction-specific by adding the junction name to the [local-response-redirect] stanza. So it would become [local-response-redirect:/junction1]. In this way, you can have access to one junction redirect to you EAI and access to a different junction redirect to the custom login page in the other application.
Another way you might be redirecting to an EAI is via modification of the login.html page (to do a redirect). If this is the case, you could add custom JavaScript in this page to read the current URL (in %URL% macro) and redirect to different login page from there.
Second there is the question of posting direct to pkmslogin.form. This is possible but have a look at what the "real" login.html file includes in its POST so that you can make sure your custom login page sends the same parameters.
Finally you asked about the REST API for password authentication. You could use this from your application if you want it to perform authentication as a Single Page Application. The body of the request to send to the password endpoint is:
{
"operation": "verify",
"username": "{{user_id}}",
"password": "{{user_pw}}"
}
The API will not return a redirect on authentication success - it will return a 204 (no content) message. I *think* that the PD-S-SESSION-ID cookie will be returned with this message so that subsequent browser calls will be authenticated.
Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------
Original Message:
Sent: Fri February 05, 2021 11:17 AM
From: krish krishna
Subject: Virtual junction with custom login page
Hello,
I have a requirement , currently we are using EAI with custom login page and working fine.
We want to integrate another application and they want to use there own login page and want to post the credential to pkmslogin.form.
So i have create a virtual junction and created 2 object space like protected and public , if the user access directly protected page the webseal should throw the application login page instead of EAI custom login page.
How this can handle.
Also i am looking for alternative way if this can implement using rest api urn:ibm:security:authentication:asf:password.
------------------------------
krish krishna
------------------------------