When you take advantage of the single sign-on mechanism,
you expect users to log in by using the centralized login service
before starting a client application. That is, a client application
does not log in through the browser or by calling the ChannelSet.login method.
If you are using the LiveCycle single sign-on mechanism,
configure the Remoting endpoint to use custom authentication, not
basic. Otherwise, when using basic authentication, an authentication
error causes a browser challenge, which you do not want the user
to see. Instead, your application detects the authentication error
and then displays a message instructing the user to log in using
the centralized login service.
A client application accesses LiveCycle through a remoting
endpoint by using the RemoteObject component, as
the following example shows.
<?xml version="1.0"?>
<mx:Application xmlns:mx="http://www.adobe.com/2006/mxml"
backgroundColor="#FFFFFF">
<mx:Script>
<![CDATA[
import mx.controls.Alert;
import mx.rpc.events.FaultEvent;
// Prompt user to login on a fault.
private function faultHandler(event:FaultEvent):void
{
if(event.fault.faultCode=="Client.Authentication")
{
Alert.show(
event.fault.faultString + "\n" +
event.fault.faultCode + "\n" +
"Please login to continue.");
}
}
]]>
</mx:Script>
<mx:RemoteObject id="srv"
destination="product"
fault="faultHandler(event);"/>
<mx:DataGrid
width="100%" height="100%"
dataProvider="{srv.getProducts.lastResult}"/>
<mx:Button label="Get Data"
click="srv.getProducts();"/>
</mx:Application>
Logging in as a new user while the Flex application is still running
An
application built with Flex includes the authentication cookie with
every request to a LiveCycle service. For performance reasons,
LiveCycle does not validate the cookie on every request.
However, LiveCycle does detect when an authentication cookie
is replaced with another authentication cookie.
For example,
you start a client application and while the application is active,
you use the centralized login service to log out. Next, you can
log in as a different user. Logging in as a different user replaces
the existing authentication cookie with an authentication cookie
for the new user.
On the next request from the client application,
LiveCycle detects that the cookie has changed, and logs
out the user. Therefore, the first request after a cookie change
fails. All subsequent requests are made in the context of the new cookie
and are successful.
Logging out
To log out of LiveCycle and invalidate a session,
the authentication cookie must be deleted from the client’s computer.
Because the purpose of single sign-on is to allow a user to log
in once, you do not want a client application to delete the cookie.
This action effectively logs out the user.
Therefore, calling
the RemoteObject.logout method in a client application generates
an error message on the client specifying that the session is not
logged out. Instead, the user can use the centralized login service
to log out and delete the authentication cookie.
Logging out while the Flex application is still running
You can
start a client application built with Flex and use the centralized
login service to log out. As part of the logout process, the authentication
cookie is deleted. If a remoting request is made without a cookie,
or with an invalid cookie, the user session is invalidated. This
action is in effect a logout. The next time the client application
attempts to connect to a LiveCycle service, the user is
requested to log in.
