Follow

How to bypass the Login Page to access the Traverse Web Application

Question:

How Can I Bypass The Login Page on Traverse Web Application?

Answer:

In order to access the Web Application, a user normally has to provide their unique login credentials (username and password) on the login page.

However, it is possible to bypass the login page by constructing a special URL/link with an embedded MD5 hash based on the credentials. This link may then be used within a third party intranet page where a user has already been authenticated. Or a similar link with read-only user login can be provided to a partner.

Traverse utilizes a shared key and the user name to generate an MD5 Message Digest. The shared key is defined within TRAVERSE_HOME/webapp/WEB-INF/web.xml and is unique to each Traverse installation:

Code:
<init-param>
<param-name>externalLoginKey</param-name>
<param-value>mySecretKey</param-value>
</init-param>

Use a tool such as http://www.md5hasher.net/ to create the MD5 digest from the input value 'username_mySecretKey'

Once the 32 character HEX digest of the combination of login username and shared key (mySecretKey in the example above) has been generated, it may be used in a URL such as the following:

Code:
http://n.n.n.n/logon.do?username=USER&password=DIGEST&mode=md5&maxPages=-1&redirectUrl=%2Fsome%2Fpage.jsp


Where n.n.n.n is the IP address of your BVE server, USER is the login username and DIGEST is the generated HEX digest. The (optional) redirectUrl parameter can be used to take the user to a specific page after successful login. The target URL can be determined by navigating to page in question and clicking on the "link" icon on top-right. The value of containURL parameter must be "URL encoded" (eg. / = %2F). Finally, the maxPages parameter controls whether the user is able to navigate beyond the post-login page. A value of 1 will invalidate the session as soon as the user clicks on any link while value of -1 will be active until user clicks on "logout" link.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.