Quick bit of background info to set the scene:
The product I work with is a J2EE web application, which implements JAAS. This allows customers to write custom login modules if the out-of-the-box modules don't suit. In this case the app server is Websphere 22.214.171.124, and the web server is IBM HTTP Server (ie: Apache).
I have written a custom login module for a customer which implements Single Sign-On (SSO) in a specific way - the user logs in to the corporate portal via TAM (Tivoli Access Manager), and from the corporate portal the user clicks a link to our application. TAM inserts a custom variable ("iv-user") into the HTTP header of the request, and my login module reads the value of the variable and checks to see if that username is a valid user in our application.
I am pretty sure the login module itself is OK, but I need to do a complete end-to-end test. I would like to set up a little PHP page (or something similar) which I can use to submit a request for my application and which will insert the custom header variable.
I need the PHP page to do a POST to a JSP page called custom_sso.jsp. The JSP custom_sso.jsp includes the following code:
String username = request.getHeader("iv-user
which is then passed to the custom login module.
For example, if I browse to http://myserver/testlogin.php
, this page would display a single text box and a submit button. I enter a username and click Submit, which performs a POST to http://myserver/MyApp/custom_sso.jsp
. The PHP page needs to insert a custom HTTP header called "iv-user" (without quotes), and the value of that variable is the username I typed in.
PS: The 500 points are for urgency, not difficulty. I suspect the solution is pretty simple (for those who know PHP), but I need a solution real quick.