Ceptor Docs

Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The various sorts of plugins and script in the Gateway, get fed with a StateHolder object which contains all information about the current request - plugins manipulate the content of this object, e.g. by using the Agent within to authenticate, or by changing the request attributes.


When scripts are called, the variable "context" points to this object.


  • io.ceptor.authentication.AuthenticatorBasicAuth
    Allows authenticating using HTTP Basic Authentication - meaning the HTTP Request Header "Authorization" with contents "Basic xxxxxxx" where xxxxxxx is a base64 encoded version of userid:password. Please note that the password is not encrypted, but just encoded using base64 encoding, which makes this a relatively weak authentication method so the entire transport must be appropriately encrypted, using HTTPS.
  • io.ceptor.authentication.AuthenticatorForms
    Supports using FORMS authentication, where user can authenticate using HTTP query or POST parameters. Is also often used to simply redirect to another forms page somewhere else - e.g. in a login application if the user is not authenticated.
  • io.ceptor.authentication.AuthenticatorNTLM
    Supports NTLM authentication in an intranet environment.
  • io.ceptor.authentication.AuthenticatorSPNEGO
    Supports SPNEGO/Kerberos with NTLM fallback types of authentication in intranet environments.
  • io.ceptor.authentication.AuthenticatorOpenIDConnect
    Allows use of OpenID Connect authentication - supports redirecting to authentication providers and handles the response from them - supports use of Authorization Code flow to obtain an ID/Access token from an authorization code. 
  • io.ceptor.authentication.AuthenticatorSSLClientCert
    Allows authenticating clients using SSL Client certificate.
  • io.ceptor.authentication.AuthenticatorWebSSO
    Allows using ADFS / SAML WebSSO / WSTrust to authenticate users - supports acting both as an identity provider, and a relying party. 
  • io.ceptor.authentication.AuthenticatorLTPAToken
    Allows using a cookie with an LTPA Token to authenticate users - enables easier SSO with IBM products such as WebSphere, Liberty Server and iNotes.
  • io.ceptor.authentication.AuthenticatorAPIKey
    Allows using an API Key to authenticate a caller - usually used when making REST calls.
  • io.ceptor.authentication.AuthenticatorScript
    Supports a javascript based authentication where you can write a script that authenticates any way you want based upon the incoming HTTP request.


For the AuthenticatorScript, you can script authentication based upon the incoming request. Below is an example that looks in HTTP headers or query parameters named X-User and X-Password.
If found, it will attempt to authenticate the user.