Status: Open
Status: Answered
Status: Closed
Status: Duplicate

SSO between Portal and CS-Widget using OTDS

2
Posted Jan 30 by Jose Luis Fernandez Ramirez.
Updated Feb 05.

We are using Portal 8.5 with the last fix SP2 (20141201) and the CS 10.0 with Widgets Module 10.0.0 update 13 (both configured with OTDS authentication in the same AD).

The Portal is configured to login in the OTDS and is working OK, is connecting with the Resource ID Portal, that is created in the CS, and is generating the cookie “otdsticket”. The problem is when we are in the portal and call the page that has the “FolderBrowser” widget the CS:

  connection : {
    url : "http://IP-CS/livelink/livelink/api/v1/",
    supportPath : "/livelinksupport",
    authenticationHeaders: {
      OTDSTicket:  "value of the Cookie otdsticket"
    }
  }  

The widget don’t show the login and he is trying to connect to CS, but the server response with:

DBG  Sending request as GET to http://IP-CS/livelink/livelink/api/v1/volumes/141.
http://IP-CS/livelink/livelink/api/v1/volumes/141 

Failed to load resource: the server responded with a status of 401 (Unauthorized)

DBG  Authentication needed: Error validating a ticket. OTDS client library error code: -11 [OTDS 0].

DBG  Using the authentication headers credentials to log in to http://IP-CS/livelink/livelink/api/v1/

Uncaught TypeError: undefined is not a function

Maybe I need to configure something in the CS?
Thanks!!

6 Answers

1
BEST ANSWER: As chosen by the author.

I continue with the problem to connect Portal 8.5 with CS 10.0, but now the error is different.

Updating the situation:

Using a javascript function "readCookie" I read the cookie from my browser generated in the login of the Portal with the logged user:

ticketCookieOtds = readCookie("otdsticket");

The ID-Resource is the resource created in the OTDS for the Portal. Value type of the ticketCookieOtds: "OTDSSSO … **".

With the value of the cookie and idresource of the CS I get a ticket to connect in the CS:

http:// IP-OTDS:8080/otdsws/rest/authentication/ticketforresource
{
"ticket": ticketCookieOtds, 
"targetResourceId": CS ID-Resource
}

And the response is a ticket type: “ADA6fLLoaX2…”.
With this ticket I try to connect using the CS widget:

var connector = new csui.util.Connector({
 connection : {
  url : "http://IP-CS/livelink/livelink/api/v1/",
  supportPath : "/livelinksupport",
  authenticationHeaders: {
   OTDSTicket: “ADA6fLLoaX2…”
  }
}
});

The error that appears in the browser console is:

DBG  Sending request as GET to http://IP-CS/livelink/livelink/api/v1/volumes/141.
http://IP-CS/livelink/livelink/api/v1/volumes/141 

Failed to load resource: the server responded with a status of 401 (Unauthorized)

DBG  Authentication needed: Authentication required.

DBG  Using the authentication headers credentials to log in to http://IP-CS/livelink/livelink/api/v1/

Uncaught TypeError: undefined is not a function

2
BEST ANSWER: As chosen by the author.

Finally I got the solution and the SSO is working now (thanks to Peter and Ferdinand).

I’m sharing the source code of my widget (I’m using a "Text Pad Portlet")

<!DOCTYPE html>
<html>

<head>

  <script src="http://IP-CS/livelinksupport/csui/csui.js"></script>
  <link rel="stylesheet" href="http://IP-CS/livelinksupport/csui/csui.css">

  <script>

  csui.onReady(function() {

      var idResourceCS = "f49cab28-e0e9-49f8-a261-73a44f7c9bc9"; 
      var urlOTDS = "http://IP-OTDS:8080/otdsws/rest/authentication/ticketforresource";
      var urlCS = "http://IP-CS/livelink/livelink/api/v1/";

      function readCookie(name) {
        var nameEQ = name + "=";
            var ca = document.cookie.split(';');
            for(var i=0;i < ca.length;i++) {
                var c = ca[i];
                    while (c.charAt(0)==' ') c = c.substring(1,c.length);
                    if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
            }
        }

      var valorCookie = readCookie("otdsticket");

      // Principal call //
      getValorTicketCS()
          .then(createWidget)
          .fail(function (request) {
            alert(request.status, request.statusText, request.responseJSON);
          });
      ///////////////////


      function getValorTicketCS() {
        return $
            .ajax({
                url: urlOTDS,
                method: 'POST',
                data: JSON.stringify({
                  targetResourceId: idResourceCS, 
                  ticket: valorCookie 
                }),
                dataType: "json",
                contentType: 'application/json'
              })
              .then(function (response) {
                return response.ticket;
              });
        }

      function createWidget(ticket) {
          new csui.widget.FolderBrowserWidget({
            placeholder: '#folderBrowser',
            connection: {
              url: urlCS,
              supportPath: '/livelinksupport',
              authenticationHeaders: {OTDSTicket: ticket}
            },
            pageSize: 10
          }).show();
        }

            });
  </script>

</head>

<body>
<div id="folderBrowser"></div>
</body>

</html>

1
BEST ANSWER: As chosen by the author.

Thanks for posting the full code! It is a great sample how to integrate OTDS in the browser only, when just the SSO ticket is available.

If the otdsticket cookie was set up as HTTP-only for improved security, you would need the server to cooperate more by generating the ticket on the page, for example, or retrieving the ticket on the server side. I don't know if such cookie setting is possible for the otdsticket, though.


0
BEST ANSWER: As chosen by the author.

Hi,

I'm trying to get this to work in my environment. I have portal 8.5, OTDS 10.5 and CS 10. I set this up as outlined by Jose, but I get a 400 error when executed. It would appear that I don't have a otdsticket within my browser. This might be slightly off topic, but any idea why this might be the case. Portal is configured correctly to use OTDS and I can get a simpler example working to connect directly to CS and return a folderBrowse view correctly.

Really grateful for any pointers,

Anthony


0
BEST ANSWER: As chosen by the author.

You would find out if the Portal sets a JavaScript variable with the OTDS ticket. If it does not, you would customize it so that the code generated at the server side does so.


0
BEST ANSWER: As chosen by the author.

Hi Ferda,

Ok. I wondered if adding a cookie with the otdsticket (OTDSSSO) was out-of-the-box with portal? Doesn't sound like it is?

I've just looked through the javascript variables set by the browser via the Chrome console, but the otdsticket isn't one of them! So I guess, I will have to customise the login page (for static logins - i.e. logging in via the portal login screen) and also when using Kerberos SSO so that the variable is always set. (may be put it in to the site template header?)

Any thoughts and thanks,

Anthony


 You have subscribed and will receive email notifications of updates to this topic. To unsubscribe, uncheck the checkbox.

Statistics

Related categories

Related tags

Your answer

To leave an answer, please sign in.