-
Type:
Technical Task
-
Status: Closed
-
Priority:
Minor
-
Resolution: Reorganized
-
Affects Version/s: 6.2.0 CE M2
-
Fix Version/s: 6.2.0 CE M3
-
Component/s: Accessibility, Portal Services, Portal Services > Legacy, Security Vulnerability
-
Labels:None
-
Epic/Theme:
When 3rd party application accesses web services, server verifies a token provided by the application. The token can be sessionId, OAuth token, ...
This verification process assumes that the application has already issued the token from the portal or from some 3rd party authentication service.
Because applications cannot use standard form based portal authentication, portal must provide authentication endpoints for the application where it can obtain a token and start authenticated session. This applies only for some of authentication mechanisms as HTTP Digest auth or Ntlm.