Form replay allows you to open a session on a protected application by filling a HTML POST login form and autosubmitting it, without asking anything to the user.
Danger
This kind of SSO mechanism is not clean, and can lead to problems, like local password blocking, local session not well closed, etc.
Please always try to find another solution to protect your application with LL::NG. At least, check if it is not a known application, or try to adapt its source code.
If you configure form replay with LL::NG, the Handler will detect forms to fill, add a javascript in the html page to fill form fields with dummy data and submit it, then intercept the POST request and add POST data in the request body.
POST data can be static values or computed from user’s session.
Tip
To post user’s password, you must enable
password storing. In this case you will be able to
use $_password
to fill any password POST field.
You should grab some information:
If you don’t know jQuery selector, just be aware that they are similar to css selectors: for example, button#foo points to the html button whose id is “foo”, and .bar points to all html elements of css class “bar”.
For example:
default
to point to jQuery URL of LL::NG
portal)Go in Manager, Virtual Hosts
» virtualhost
» Form replay
and click
on New form replay
.
Fill values here:
Then click on New variable
and add all data with their values, for
example:
Tip
You can define more than one form replay URL per virtual host.