Here is the problem I want to solve: I have a 3rd party Tomcat application. The application allows login using http api, e.g.

http://server1/jasperserver/flow.html?_flowId=searchFlow&j_username=xxxx&j_password=yyyy. After this login, an authentication cookie will be saved somewhere to the web browser. Thus the other pages will not need the login info as long as the browser is open. I am trying to integrate this app with MojoPortal, both of them use LDAP. Originally I tried the following approach in the UserSignInEventHandler, it failed to save the authentication cookie for whatever reason.

          string requestLoginResult = httpclient.UploadString("http://server1/jasperserver/flow.html?_flowId=searchFlow&j_username=xxxx&j_password=yyyy", "GET");     
            string session = httpclient.ResponseHeaders.Get("Set-Cookie");
            System.Web.HttpCookie myCookie = new System.Web.HttpCookie("Cookie", session);
            HttpContext.Current.Response.AppendCookie(myCookie);

So I came out another approach. Add an iframe content with 0 pixel height to the Home page, set the iframe url to the above login page. Set the frame content security to authenticated user. In this way, when user log into Mojo, it automatically log in to jasperserver. But there are two problems here: 1) A shared user has to be used since there is no way to plug in each mojo user's user name and password. 2) Even though the iframe is not showing due to 0 height, but from firebug, one can easily see the DOM window url with userid and password. 1) is ok, but 2) is a security concern. My question is:

--Do anyone know how to get the authentication cookie from response and save it to Mojo's session so that 3rd party application login is bypassed?

--Is there any way in MojoPortal to open a page (e.g. the above 3rd party login page) and immediately close it agter getting the authentication cookie so that the login url with password will not be seen from firebug?