Using custom authentication

You enable custom authentication in Administration Console by changing the authentication method from Basic to Custom on the remoting endpoint. If you use custom authentication, your client application calls the ChannelSet.login method to log in and the ChannelSet.logout method to log out.

Note: In the previous release of LiveCycle, you sent credentials to a destination by calling the RemoteObject.setCredentials method. The setCredentials method did not actually pass the credentials to the server until the first attempt by the component to connect to the server. Therefore, if the component issued a fault event, you could not be certain if the fault happened because of an authentication error, or for another reason. The ChannelSet.login method connects to the server when you call it so that you can handle an authentication issue immediately. Although you can continue to use the setCredentials method, it is recommended that you use the ChannelSet.login method.

Because multiple destinations can use the same channels, and corresponding ChannelSet object, logging in to one destination logs the user in to any other destination that uses the same channel or channels. If two components apply different credentials to the same ChannelSet object, the last credentials applied are used. If multiple components use the same authenticated ChannelSet object, calling the logout method logs all components out of the destinations.

The following example uses the ChannelSet.login and ChannelSet.logout methods with a RemoteObject control. This application performs the following actions:

  • Creates a ChannelSet object in the creationComplete handler that represents the channels used by the RemoteObject component

  • Passes credentials to the server by calling the ROLogin function in response to a Button click event

  • Uses the RemoteObject component to send a String to the server in response to a Button click event. The server returns the same String back to the RemoteObject component

  • Uses the result event of the RemoteObject component to display the String in a TextArea control

  • Logs out of the server by calling the ROLogout function in response to a Button click event

<?xml version="1.0"?> 
<!-- security/SecurityConstraintCustom.mxml --> 
<mx:Application xmlns:mx="" width="100%" 
    height="100%" creationComplete="creationCompleteHandler();"> 
            import mx.controls.Alert; 
            import mx.messaging.config.ServerConfig; 
            import mx.rpc.AsyncToken; 
            import mx.rpc.AsyncResponder; 
            import mx.messaging.ChannelSet; 
            // Define a ChannelSet object. 
            public var cs:ChannelSet; 
            // Define an AsyncToken object. 
            public var token:AsyncToken; 
            // Initialize ChannelSet object based on the  
            // destination of the RemoteObject component. 
            private function creationCompleteHandler():void { 
                if (cs == null) 
                cs = ServerConfig.getChannelSet(remoteObject.destination);                     
            // Login and handle authentication success or failure.  
            private function ROLogin():void { 
                // Make sure that the user is not already logged in. 
                if (cs.authenticated == false) { 
                    token = cs.login("sampleuser", "samplepassword"); 
                    // Add result and fault handlers. 
                    token.addResponder(new AsyncResponder(LoginResultEvent, 
            // Handle successful login. 
            private function LoginResultEvent(event:ResultEvent, 
                token:Object=null):void  { 
                    switch(event.result) { 
                        case "success": 
                            authenticatedCB.selected = true; 
                // Handle login failure. 
                private function LoginFaultEvent(event:FaultEvent, 
                    token:Object=null):void { 
                        switch(event.fault.faultCode) { 
                            case "Client.Authentication": 
                                authenticatedCB.selected = false; 
                      "Login failure: " + event.fault.faultString); 
                // Logout and handle success or failure. 
                private function ROLogout():void { 
                    // Add result and fault handlers. 
                    token = cs.logout(); 
                // Handle successful logout. 
                private function LogoutResultEvent(event:ResultEvent, 
                    token:Object=null):void { 
                        switch (event.result) { 
                            case "success": 
                                authenticatedCB.selected = false; 
                // Handle logout failure. 
                private function LogoutFaultEvent(event:FaultEvent, 
                    token:Object=null):void { 
              "Logout failure: " + event.fault.faultString); 
                // Handle message recevied by RemoteObject component. 
                private function resultHandler(event:ResultEvent):void { 
                    ta.text += "Server responded: "+ event.result + "\n"; 
                // Handle fault from RemoteObject component. 
                private function faultHandler(event:FaultEvent):void { 
                    ta.text += "Received fault: " + event.fault + "\n"; 
        <mx:Label text="Enter a text for the server to echo"/> 
        <mx:TextInput id="ti" text="Hello World!"/> 
        <mx:Button label="Login"  
        <mx:Button label="Echo"   
        <mx:Button label="Logout"  
        <mx:CheckBox id="authenticatedCB"  
    <mx:TextArea id="ta" width="100%" height="100%"/> 
    <mx:RemoteObject id="remoteObject" 

The login and logout methods return an AsyncToken object. Assign event handlers to the AsyncToken object for the result event to handle a successful call, and for the fault event to handle a failure.

// Ethnio survey code removed