Currently i am using wso2 api manager 1.9 store , we have a login page before accessing anything in store . it is working fine for now .
Now , there's a requirement that we have a web application on some other domain having the webservice as well to authorize the users , in wso2 api manager store when we login using admin/admin ,, instead of calling its login.jag(for the authorization in wso2 store) , it must be calling that webservice for the authorization and we can use the same credentials as we already using in that web application.
So for this , in login.js (which is called after clicking the login button in store) , i have changed some code like : ACTUAL CODE
loginbox.login = function (username, password, url,tenant) {
jagg.post("/site/blocks/user/login/ajax/login.jag", { action:"login", username:username, password:password,tenant:tenant },
function (result) {
if (result.error == false) {
if (redirectToHTTPS && redirectToHTTPS != "" && redirectToHTTPS != "{}" &&redirectToHTTPS != "null") {
window.location.href = redirectToHTTPS;
} else if(url){
window.location.href = url;
}else{
window.location.href='site/pages/list-apis.jag';
}
} else {
$('#loginErrorMsg').show();
$('#password').val('');
$('#loginErrorMsg div.theMsg').text(result.message).prepend('<strong>'+i18n.t("errorMsgs.login")+'</strong><br />');
}
}, "json");
CHANGED CODE
loginbox.login = function (username, password, url,tenant) {
$.post(authentication_url,function(result){
if(result.statusCode==200){
//will forward it to list-apis to display the apis
window.location.href='site/pages/list-apis?username=test&password=test&tenant=tenant'
}
});
With this changed code , i am getting the expected response from the webservice which i am calling ,, but not able to keep them in session cookies ,,because before it was calling site/blocks/user/login/ajax/login.jag which will authorize the user and then check for csrf tokens and lot of other things .
Can anyone please let me know where i am missing OR where i need to change so that users from webservice can be authorised .??
Thanks