In order to access the Web Application, a user normally has to provide their unique login credentials (username and password) on the login page. However, it is possible to bypass the login page by constructing a special URL/link with embedded credentials. This link can be used within an intranet page where a user has already been authenticated. Or a similar link with read-only user login can be provided to a partner.

Traverse utilizes a shared key to generate an MD5 Message Digest. The shared key is defined within TRAVERSE_HOME/webapp/WEB-INF/web.xml:


<init-param>
<param-name>externalLoginKey</param-name>
<param-value>mySecretKey</param-value>
</init-param>


Once the 32 character HEX digest of the combination of login username and shared key (username_secret) has been generated, it will become part of the login URL:


http://n.n.n.n/logon.do?username=USER1&password=DIGEST1&mode=md5&maxPages=-1&redirectUrl=%2Fsome%2Fpage.jsp


where n.n.n.n is the IP address of your BVE server, USER1 is the login username and DIGEST1 is the generated HEX digest. The (optional) redirectUrl parameter can be used to take the user to a specific page after successful login. The target URL can be determined by navigating to page in question and clicking on the "link" icon on top-right. The value of containURL parameter must be "URL encoded" (eg. / = %2F). Finally, the maxPages parameter controls whether the user is able to navigate beyond the post-login page. A value of 1 will invalidate the session as soon as the user clicks on any link while value of -1 will be active until user clicks on "logout" link.

Current Traverse users (as well as active evaluations) can use Auto-Login Tool (http://zyrion.com/support/tools/urlgen/) to generate a similar URL.