I was able to do a SSO(Single sign on) on click of external link from the code below. SSO works but username/password is seen on url. https://example.org/index.php?userLogin=user1&userPassword=pass123
<h:outputLink styleClass="ui-menuitem-link ui-corner-all"
value="https://example.org/index.php">
<h:outputText value="Ext Tool" />
<h:outputText styleClass="ui-icon ui-icon-suitcase"
style="float:left" rendered="#{userBean.in}" />
<f:param name="userLogin" value="#{userBean.user.eUser}" />
<f:param name="userPassword" value="#{userBean.user.ePass}" />
</h:outputLink>
I also used tried as below...
<h:commandLink action="#{userBean.eSubmit()}">
<h:outputText value="Ext Tool" />
<f:param name="userLogin" value="#{userBean.user.eUser}" />
<f:param name="userPassword" value="#{userBean.user.ePass}" />
</h:commandLink>
In the bean.. My coding is like this
public void eSubmit() throws IOException{
FacesContext fc = FacesContext.getCurrentInstance();
fc.getExternalContext().redirect("https://example.org/index.php?userLogin=" + user.getUser() + "&userPassword=" + user.getPass());
}
Even for the above code with commandLink - UserName and password are visible in the URL. Please guide me to hide password in the URL.
Am new to JSF so please help me understand...
A redirect instructs the client to create a new GET request on the specified URL. That's why you see it being reflected in browser's address bar.
As to performing a POST to an external site, you don't necessarily need JSF here. You're not interested in updating JSF model nor invoking a JSF action. Just use a plain HTML POST form.
If necessary, throw in some CSS to make the submit button look like a link, or some JS to let a link submit that form.