How to implement session service with form sso

Posted by riche on 18-Mar-2015 10:58

I have spa working. I can test using the static/auth/login.html.

I am having trouble figuring out how to log in from a mobile project if I have a log in page that I want to authenticate with.

If I set it to use appSecurity-form-oerealm.xml in the web.xml file, I get the static/auth/login.html file and log in fine, but don't know how to load the catalogs or use the session. Also, I don't know how to point it to my login page instead.

I would like to have it use my login page and load the catalogs and have all requests after in other services to work.

It looks like they are separate processes, but I don't want them to have to log in twice.

I'm obviously confused.

All Replies

Posted by whenshaw on 19-Mar-2015 09:23

How did you create your mobile project? Is it a Rollbase project, a Mobile project you created with Progress Developer Studio, or a project that you have created in some other way?


Posted by riche on 19-Mar-2015 09:39

Yes, I should have given more information:

It is an OpenEdge Mobile project using the AppDesigner.

I've implemented the HybridRealm.cls and set up using appSecurity-form-oerealm.xml and can log in through the spring security check (static/auth/login.html).

I would like it so that my app would have a login page of it's own, not pointing to that aforementioned form.

I added a session service and was going to use this, but it automatically goes to the form mentioned above, which makes sense because that is where the appSecurity-form-oerealm.xml points it to.

How do I set it up so that it will use the login page that I have created in the mobile app?

Do I set the session settings authenticationModel to Form as well or leave this as Anonymous?

I tried just creating the in javascript and doing the login. It "looks" like it is successful, but when I call addCatalog, it gives me an error that no services property is in it, which is not true, so I am assuming that it wants me to log in again to get that catalog for some reason.

Am I missing sending the Client-Principal back and forth somehow?

All of the documentation that I've found talks about how to implement SPA and test using the given form, but doesn't help me implement in an OpenEdge Moblie using AppDesigner project.

Posted by whenshaw on 19-Mar-2015 12:27

You do need to set the Session Settings authenticationModel to Form. Or if you use the object directly, you need to be sure to set its authenticationModel property to form :

   mySession.authenticationModel =;

If you have a login page in your client app and are using Session Services, you would need to map the user name and password from the login page to the input parameters of the Session Login service. If you use the object directly, you would need to grab the user name and password values from the login screen and pass them to the session object's login() function.

I could take a quick look at your app if you want to send me a backup.

Posted by riche on 24-Mar-2015 14:16

Sure, can I email it directly to you?

Posted by whenshaw on 24-Mar-2015 14:22

Sure, that would be fine.

This thread is closed