Skip to main content

Hi, 

I'm toying with the following. I have an Indicium and Universal GUI. In this universal I open a View, that displays another website. This website is also mine, connects with the same data database, but shows some things that cannot be done in Universal. 

I have created a URL showsomething.companyname.com and open this in a view (iframe like). This works fine. BUT I do not want this data to be visible by anyone browsing the web. So, I (have) a login on this. Now the end user must login in the Universal gui, and again in the 'iframe’. This is not super user friendly and I think that we must be able to pass the user login cookie to this site as well. 

If the user is logged in Universal, it shows data. If you browse the site outside of Universal; Access Denied. I have read this topic but we can't get it working. 

Do we need to place the 'iframe’ in a subfolder in Indicium? Or next to it? 
It would be very nice if this is possible. Any help in the right direction is very welcome! 

Thanks!

Blommetje 

 

 

Hello Blommetje,

What you are asking for is basically Single Sign On. This is possible and will in fact work automatically if set up Indicium as an OpenID provider and use OpenID / OAuth 2.0 as the authentication method for your other website, using Indicium as the authorization server. You can find some information on this here:

Roughly speaking, the steps that you will have to take are the following:

  1. Configure an OpenID Client / Client Application in IAM. This includes a client_secret that you can make up and a (login) redirect_url to your website. If you're on 2023.2, be sure to select Authorization code as the Grant type. You will also need to turn off Consent if you want this to work seamlessly.
  2. Restart Indicium.
  3. Configure your website to use the OpenID Connect / OAuth 2.0 Authorization code flow for authentication, using Indicium as the authorization server. I can't say much more on how to achieve this part, because it depends on the technology of your website. What I can say is that it will involve the following steps:
    1. Your website redirecting the user to Indicium's /connect/authorize endpoint.
    2. Receiving the Authorization code callback on the redirect_uri that was configured in IAM.
    3. Requesting an access token with this authorization code and, if successful, allowing access.

Once configured, the flow will work like this:

  • The ‘viewer’ which is embedded in the Universal GUI will request your website.
  • Your website will respond with a redirect to Indicium's /connect/authorize endpoint
  • Indicium will detect that the user is already signed in because the browser will automatically include the cookie, because the cookie belongs to that Indicium on that domain.
  • Indicium will redirect back to your website, including an authorization code.
  • You validate the authorization code by requesting an access token with it.
  • At this point you may consider the user signed in and you can return your page in the response, which will then be displayed in the viewer.

If your website is interactive, rather than just displaying a page to the user, then a few more steps might be required to make the authentication a bit more efficient. I can elaborate on this if needed.

I hope this helps.


Hi Vincent, 

Searching high and low, but I figured out that here; 

in the Universal version 23.1.18.0 you can’t add in grid? When I open a web/win gui, I can. 
Is this correct? 

How do I add this then?

Blommetje


So, I set it up via the win gui. A bit of a work around, but seems to work.

I’ve tested it in Postman, and low and behold, I get the indicium login screen, and after login, a Token. 

Now to make the whole flow working. To be continued.