Spotlight service authentication for risk assessment

The Spotlight Policy Location Risk Assessment plugin uses the ClientLoginService service, provided by loginServiceAPIStandalone.jar, using the credentials in LocationRiskAssessmentPlugin for authentication. The credentials are specified in the plugin in the username and password parameters. In the base configuration, the values for these parameters are provided using external server configuration. The parameters do not have default values. The authorization cookie returned by the service is stored in the gwAuth variable in SpotlightConfigParameters.gs. The plugin use that cookie to access the risk assessment service.

The Spotlight Policy Location Risk Assessment plugin uses the same gwAuth cookie for a specified period of time before it requires a new authorization cookie. The maximum login session time is configurable by setting SPOTLIGHT_MAX_LOGIN_SESSION_MILLISEC in SpotlightConfigParameters.gs. In the base configuration, the default login session time is 1 hour.

If the risk assessment service connection is refused with an HTTP status code 403 with the current gwAuth cookie, then the plugin resets the login session expiration time. The plugin obtains a new authorization cookie before making a subsequent call to the risk assessment service.

The plugin communicates with Spotlight using secure HTTPS communication.

See also

• External server configuration