Zelestra

Zelestra Standards

Realm Core Services Home

login

The login operation is used to support single sign-on across providers. This operation is usually performed by a user client to establish a security context on an identity provider. This operation has a direct correlation to the user login function within a SAML 2.0 deployment, however this operation is intended for cross-domain AJAX implementations. This operation is usually implemented only on identity providers. The single sign-in process is standardized within the Zelestra Core Framework to allow the efficient proxy of multiple competing single sign-on standards within a single application interface.

Request

The login operation requires a message that consists of a single LoginRequest element. The request MUST be sent over a secured session. In REST implementations, this is usually HTTPS, using the POST method to prevent logging of the username and password within this provider's access logs.

Examples

URL Encoded:
username=jdoe&password=mypassword

XML:
<LoginRequest>
  <Username>jdoe</Username>
  <Password>mypassword</Password>
</LoginRequest>

The LoginRequest element MUST contain a Username element. This element is the user's identifier within the identity provider itself.

The LoginRequest element MUST contain a Password element. This element is the user's password within the identity provider itself.

Operation

If a security context already exists within the current session with the specified username, then the operation returns normally. If a security context already exists within the current session with a different user name, then a conflict fault is returned to the requester. If there is no security context within the current session, then an attempt is made to establish a new security context within the current session using the username and password.

Response

The login operation does not return any data.

Faults

The login operation may return a badRequest fault if a username is not specified.

The login operation may return a conflict fault if a security context already exists within the current session with a different username.

The login operation may return an unauthorized fault if this identity provider is unable to authenticate the requester. A delay of 3 seconds SHOULD be taken before returning this fault to reduce the chance of brute force attacks.

The login operation may return an operationFailed fault if the service was unable to otherwise fulfill the request.

All content herein is protected copyright work of Zelestra - © 2001‑2012 - ALL RIGHTS RESERVED.  Last  Updated:  2012‑02‑28  by  the