Logon Configuration
The default configuration for Online Authentication is using a logon screen for the online product, online help and online AppViewer applications. The product supplies a prebuilt logon screen for all three components preconfigured.
At logon it detects that a user has not logged on before (the presence of a JSESSIONID cryptographically-secure session cookie issued by the Web Application Server is used). Depending on the configuration (in the web.xml) of the applications, housed in Oracle WebLogic, the following is performed:
FORM - This is the default setting to support a logon screen with an associated error screen in case of unsuccessful logon. Your application provides a prebuilt logon screen but can be replaced with custom logon screens by setting the following configuration settings appropriately for each web component as outlined in the Server Administration Guide:
Component
Login Screen
Login Error Screen
Online
WEB_FORM_LOGIN_PAGE
WEB_FORM_LOGIN_ERROR_PAGE
Help
WEB_HELP_FORM_LOGIN_PAGE
WEB_HELP_FORM_LOGIN_ERROR_PAGE
AppViewer
WEB_APPVIEWER_FORM_LOGIN_PAGE
WEB_APPVIEWER_FORM_LOGIN_ERROR_PAGE
Note: Custom logon screens should be placed in the cm directory of the Web Application Server as outlined in the Oracle Utilities SDK.
BASIC - The browser will issue a call to the operating system to display the default logon dialog supplied with the operating system. No logon dialog is supplied.
Note: BASIC authentication is considered a relatively weak authentication scheme, and therefore is not recommended for use.
CLIENT-CERT - This is an advanced configuration to allow for certificated (one way or two way) to be used. Refer to the Administering Security for Oracle WebLogic Server documentation for more details on the additional configuration required.