Thanks for all the help guys, really appreciate it.
So I thought I'd update this thread with the results of my findings.
I didn't go the Java route as Robin suggested so I can't comment on the effectiveness of that solution.
I also didn't use the Generic HTML component as Dror suggested.
I went with the web.xml option that Nagarajan suggested.
So, here are my test results. I tested the BASIC, CLIENT-CERT, and TICKET authorization methods. I had to use IE8 as this is the corporate standard at the moment so also tested Firefox to get real UI5 results as IE8 does not fully support it.
Test | Auth-method | Browser | Logged into Portal | EIWA* | Result |
1a | BASIC | IE | No | On | Prompted for pw but even with ID/PW still not logged in |
1b | BASIC | Firefox | No | n/a | Prompted for pw but even with ID/PW still not logged in |
2a | BASIC | IE | Yes | On | Prompted for pw but even with ID/PW still not logged in |
2b | BASIC | Firefox | Yes | n/a | Prompted for pw but even with ID/PW still not logged in |
3a | CLIENT-CERT | IE | No | On | Security warning message and then App is launched |
3b | CLIENT-CERT | Firefox | No | n/a | Unable to Connect error |
4a | CLIENT-CERT | IE | Yes | On | Security warning message and then App is launched |
4b | CLIENT-CERT | Firefox | Yes | n/a | Unable to Connect error |
5a | TICKET | IE | No | On | App is launched |
5b | TICKET | Firefox | No | n/a | App is not launched – auth error after refresh |
6a | TICKET | IE | No | Off | App is not launched – auth error after refresh |
7a | TICKET | IE | Yes | On | App is launched |
7b | TICKET | Firefox | Yes | n/a | App is launched |
* EIWA = Enable Integrated Windows Authentication in IE Options.
The security warning using CLIENT-CERT I believe is because we are not using SSL for our Portal. The CLIENT-CERT appears to require SSL.
We need to continue testing with mobile devices now and then will determine if we're going to use CLIENT-CERT or TICKET. If we use the TICKET option then we may have to use a java redirect to generate the TICKET and then re-route to the app.
Cheers,
Robin