To start a XIMSS session, a client application should send an HTTP request to the CommuniGate Pro HTTPU module using the following URLs:
If the request contains the userName parameter, the Server tries to authenticate the specified user (Account):
If the userName parameter is absent, the Server tries to authenticate the request using the TLS Client Certificate (if specified), or using the HTTP authentication methods. This functionality is the same as the WebUser Interface Automatic Login and Single Sign-on functionality, but the /ximsslogin/ URL is used.
A request to the /ximsslogin/ URL can contain a text/xml body. In this case, no login operation is performed. The XML body should contain one <XIMSS> element containing zero, one, or several XIMSS Pre-Login operations. The Server sends an HTTP response with XML data. The response is a <XIMSS> element containing the requested operations result.
If the user has been successfully authenticated, and the XIMSS session has been created, the HTTP Login response contains the XIMSS session message with the session ID string. Note that the session message does not contain the id attribute.