1Тема от tuckerBA

Single Sign On

  • tuckerBA
  • Wialon fan club
  • Неактивен
  • Зарегистрирован: 05/04/2019
  • Сообщений: 27
  • Карма: 3

Тема: Single Sign On

Hey I have a question about setting up single sign on for our app. First I'll explain the current set up.

  • Currently, a user must have an account on our database (email and password) that they enter to log into our app.
  • The user will also have to authenticate our app to use Wialon on their behalf (New Authorization Way). This only needs to be done once ever.
  • I store that token in the database and associate it with an account in the database. The token never expires
  • When a user logs into our app with their email and password, they will also be logged into the Wialon API with that token

What we want to do is allow the user to click on our app inside Wialon and automatically be authenticated when the new tab opens (like how Eco Driving doesn't make you log in). We don't want to have to use a query string because we're storing sensitive customer information in our database and had to pass a compliance test before being allowed access to it. Passing a session id and a username and linking a Wialon username to an account in our database then checking for a valid session with the session id isn't an option because of this. I would think it would be secure to send a POST request to our API with that information over https though and have our API authenticate the user that way.

So my question is:
Is this possible, and if so, how would I go about doing it?

0
2Ответ от Diana

Single Sign On

  • Diana
  • Diana
  • Gurtam
  • Неактивен
  • Зарегистрирован: 08/10/2012
  • Сообщений: 1,470
  • Карма: 301

Re: Single Sign On

Hello!
To allow user to click on your app inside Wialon and login at once you can try to use option authorization hash for your app.
First you create authorization hash via request core/create_auth_hash, then you can use this created  hash value to login into app  through request core/use_auth_hash

Diana Cheley
Wialon Hosting Expert
Gurtam

dean

+1
3Ответ от tuckerBA

Single Sign On

  • tuckerBA
  • Wialon fan club
  • Неактивен
  • Зарегистрирован: 05/04/2019
  • Сообщений: 27
  • Карма: 3

Re: Single Sign On

I'll look into this some later today, thanks. For that, how can I make a Wialon API request from the button in the Apps section of Wialon? I'm guessing I would need to create that hash, then send it via post request to my server, then use that hash to login, check the account id, and then authenticate the account in my database based on the linked Wialon account id. Is that right?

0
4Ответ от Diana

Single Sign On

  • Diana
  • Diana
  • Gurtam
  • Неактивен
  • Зарегистрирован: 08/10/2012
  • Сообщений: 1,470
  • Карма: 301

Re: Single Sign On

tuckerBA пишет:

I'll look into this some later today, thanks. For that, how can I make a Wialon API request from the button in the Apps section of Wialon? I'm guessing I would need to create that hash, then send it via post request to my server, then use that hash to login, check the account id, and then authenticate the account in my database based on the linked Wialon account id. Is that right?

Hello!

When some app is added into Wialon, it can have some additional URL parameters like     Active SID, Base URL, Host URL, Language, Current user.
These parameters are set up at APP configurator on CMS site under top-user.

So URL for app can be opened with these parameters, for example, http://some_app_url_hosted?sid=some_vlaue&user=userName&host.....
On your server side you just need to parse URL with additional parameters,

for example http://your_app_url?user=userName&authHash=029aa251d523b2356e62f65268eedb7b  - in this case (after user click app button Wialon will be create hash value ) you need to proceed on your side parameter 'autoHash' and 'user'  - login with this authorization hash and use current user name

Diana Cheley
Wialon Hosting Expert
Gurtam

0
5Ответ от tuckerBA

Single Sign On

  • tuckerBA
  • Wialon fan club
  • Неактивен
  • Зарегистрирован: 05/04/2019
  • Сообщений: 27
  • Карма: 3

Re: Single Sign On

Is there any way to send that in a POST request instead of a query string? For security purposes we don't want to expose that hash or a SID or anything because we're storing sensitive information on our server.

0