NxFilter Tutorial
Tutorial Index

Custom login script for single sign-on
You can write your own single sign-on login script.


How it works
For those of you wanting to implement single sign-on with OpenLDAP, eDirectory, Radius, etc, we provide an API set for creating login session through HTTP protocol. You can write your own custom login script to call a webpage on NxFilter's built-in webserver.

We have an example on /nxfilter/webapps/example/login_user.jsp. Initially the access of the page is restricted to localhost only for security reason but you can edit the JSP page to allow HTTP requests from your local network.

You can call the webpage this way.


		http://192.168.0.100/example/login_user.jsp?ip=192.168.0.100&uname=john
	

As you see above, there are two parameters being passed. One is the IP address of your user and the other one is an associated username. The username should be imported or created on NxFilter already.

One thing you need to consider when you write your own login script is that it might be better to call the webpage periodically. There is a session timeout concept in NxFilter. If there is no activity from a logged-in user for a certain amount of time, the login session will be expired. So if you don't want to show NxFilter's login page to your users, you would need to refresh the login session periodically.

On JSP pages, we use UserLoginDao class for manipulating login session. It has the following methods.


		createIpSession(String ip, String uname) : Creating a login session with an IP and a username.
deleteIpSession(String ip) : Deleting a login session by an associated IP.
findUser(String ip) : You can find a logged-in username by its associated IP.

All the example JSP pages are in /nxfilter/webapps/example directory.