The following chapters describe a basic authentication method using Kerberos and HTTP cookies. This authentication method authenticates using Kerberos credentials entered by the user and then stores a cookie with the authentication information, so that credentials are only required and validated during the initial request. Consequently, clients such as the Fabasoft Folio Client do not require credentials once the cookie is available.
Performance Note: This authentication method should only be used for web services that are accessed interactively via web browsers. Otherwise, HTTP requests from non-browser clients that ignore cookies set by the server (e.g. conversion service requests) may cause significant performance problems because every single HTTP request has to create a new Fabasoft Folio session in that scenario. Use the environment variable FSCVEXT_AUTHMETH to configure the authentication method for specific hosts or web services.
The following settings are necessary for the configuration of Kerberos (basic, cookie):
The following relevant properties are available:
Via the environment variable FSCVEXT_AUTHBASICDOMAIN it is possible to define a default domain for authentication used when only a user name without a domain name was applied. Additionally, on Linux, this variable will be used to resolve short domain names. Therefore it is possible to define more domain names separately by a ‘;’. Doing so, the first specified domain of the list will be used as default domain.
Example: FSCVEXT_AUTHBASICDOMAIN = "default.test.com; eng.test.com; sq.test.com"