cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Apply business logic at Launchpad Login to either deny or grant login?

Go to solution
omacoder
Active Contributor

on ‎11-14-2018 4:31 PM

0 Kudos

Hi colleagues-

Interesting business issue from one of our customers.

We run a multi-tenant environment. The Launchpad is open to the world wide web to support many tenants all across the USA.

This particular tenant (identified by the first three letters of the user's login name), only wants their employees logging into Launchpad from their corporate office. They are trying to force their employees to control their work-life balance.

Business logic is:

If, when click Login, Username starts with 'ABC' and IP Address NOT IN (10.2.1.5,10.2.1.6,10.2.1.7) then prevent the user from logging in.

Is just business logic possible with login.jsp or custom.jsp?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

denis_konovalov
Active Contributor
‎11-26-2018 7:52 PM
0 Kudos

you're right, I overlooked that. you'll need to use something like siteminder or a pre-BOE login page to get user details, then evaluate it against the rules and then either let it go thru BOE login or not.


Show replies
Show replies
omacoder
Active Contributor
‎11-26-2018 7:55 PM
0 Kudos

Thank you- so isn't this what custom.jsp is for? Additonal processing at login?

Answers (4)

Answers (4)

denis_konovalov
Active Contributor
‎11-26-2018 8:31 PM
0 Kudos

If you can write code that will pull user IP and name from a form and then compare it to values from some table that contains IP ranges and user names, then probably yes.

Show replies
Show replies
denis_konovalov
Active Contributor
‎11-26-2018 7:35 PM
0 Kudos

if customers who want to do this supply you with IP range, you don't need to collect everyone's IP's, since when anyone tries to access your network exposes the IP, you can just filter on that.

Show replies
Show replies
omacoder
Active Contributor
‎11-26-2018 7:38 PM
0 Kudos

I'm sorry I'm not following your logic 🙂

We only want to allow that customer in if they are coming in through a certain IP range. They would provide us with the five IP's of their corporate office. They do not want that customer coming in if they are coming in from home, Starbucks, etc.

If on the firewall we only allow the 5 IP addresses, this will restrict all other 120 customers from getting in as they are all on different IP addresses.

denis_konovalov
Active Contributor
‎11-26-2018 6:48 PM
0 Kudos

as I can't comment on your comment, I have to post this as another answer 😞

You don't really need to know the actual user - as long as user is from correct IP range - user sees login screen, if user is not from IP range, user sees static page branded by that customer that says - we do not want you to work if you're not in our office 🙂

Show replies
Show replies
omacoder
Active Contributor
‎11-26-2018 7:29 PM
0 Kudos

We need to know the user to test for their IP, as this rule only would apply to one of the hundreds of customers.

Otherwise we have to collect everyone's IP address (all customers, who don't even want to restrict by IP address). Not feasible.

denis_konovalov
Active Contributor
‎11-26-2018 6:34 PM
0 Kudos

I don't think it will be possible to implement at BOE level (login.jsp/custom.jsp) - this needs to be done at the proxy that controls access to the Launchpad ( I do hope you're not exposing tomcat that hosts Launchpad directly to internet).
On that proxy or router/switch you can set a rule that users not in that IP range can't access the site at all.

Show replies
Show replies
omacoder
Active Contributor
‎11-26-2018 6:43 PM
0 Kudos

Thanks Denis for your input. I was afraid of this.

Netscaler sits on top of Tomcat to balance the load. We can't do this at the netscaler level, because we don't know the user yet.

We don't know the user until they click 'Login' at the Launchpad login screen.

Ask a Question