Saltar al contenido principal

Creating A One-Time URL

There are several steps in setting up a One-Time URL SSO system with the IndySoft Client.

Note: All images below are toggles. Click on image to expand/collapse.

Setting Up the IndySoft REST Server

Upon settings up your WebTier installation, there is a REST server installed with the product. To access it, launch the executable in your IndySoft folder called IndySoftSyncOptions.exe and be sure to run the exe "As Administrator" (this next step this is required to install a Windows Service). Next, go to the REST Scripts tab to setup the REST Server and press the IndySoft REST Server Setup button.

hm_clip3037rest_zoom70

IndySoft DataSync REST Scripts Option

Next, you'll see this dialog. Press the Install Service if the REST Server service is not already installed.

hm_clip3038rest_zoom70

Install REST Server Service Button

One installed, choose a Port to connect with (Default is 9001) and choose a Host IP and base RelativeURI. In this case it is myrestserver.com and IndyAPI. Also choose a user to Log-In by default as.

hm_clip3039rest_zoom40

REST Server Settings

If you would like to use HTTPS for the REST Server Configuration, you will need a matching Digital Certificate for the Host name. This is done in the IndyHTTPConfig.exe utility. The REST Server uses Microsoft HTTP.sys technology, so you can also use this utility to confirm that your URL has the proper security rights for HTTP.sys and has been registered. In the sample below you should see http://+9001/IndyAPI/ for our sample.

hm_clip3040rest_zoom40

IndyHTTPConfig.exe

Next, return to IndySoftSyncOptions.exe and create a new Script.

hm_clip3041rest_zoom30

New REST Script

Next, create a script called ONETIMEURL, make it Active and Pascal. Name the Description: ONETIME URL FOR WEBTIER ACCESS

hm_clip3042rest_zoom25

New REST Script named ONETIMEURL

Next - copy paste the following code into the editor.

var

sUserName, sKey, sOneTimeURL, sEncrypted : String;

begin

sUserName := RequestQueryParameter('UserName');

sKey := RequestQueryParameter('Key');

sEncrypted := NewEncryptString(FormatDateTimeForSQL(Now + 3) + sUserName + FormatDateTimeForSQL(Now));

If sKey = 'A42kdh120d' then

begin

RunSQL('DELETE FROM GLOBAL_VARS WHERE VARIABLE_NAME = ''HIDE_U_' + sUserName + '''');

if tdDoSQLRecords(1, 'SELECT USER_NAME FROM USERS WHERE USER_NAME = ''' + sUserName + ''' AND IS_ACTIVE = ''1''') then

begin

RunSQL('INSERT INTO GLOBAL_VARS (VARIABLE_NAME, VARIABLE_TEXT) VALUES (''HIDE_U_' + sUserName + ''',''' + sEncrypted + ''')');

sOneTimeURL := sEncrypted;

ResponseStatusCode(700);

ResponseBodyAsText(sOneTimeURL);

end else

begin

ResponseStatusCode(800)

ResponseBodyAsText('IndySoft User does not exist');

end;

end else

begin

ResponseStatusCode(900)

ResponseBodyAsText('Invalid Key');

end;

end;

After adding this code, stop and start the REST Server Service.

Requesting a Single Sign On - One-Time Use Code

This new REST Server script is triggered upon a REST Server call and is passed a UserName and Key value. The Key is a secret contained in this script - in this case it is: A42kdhl20d - you can modify this to your own key if you like. Once your own Single-Sign On logic is performed in your environment, you'll want to call this REST script and pass the User Name you would like to give access to the IndySoft client. Note: This User Name must be pre-setup in IndySoft as a valid User with a matching Security Profile.

To request 1 SSO Access for UserName INDYSOFT - you would format the REST request as such.

http://myrestserver.com:9001/IndyAPI/RETURNONETIMEURL?UserName=INDYSOFT&Key=A42kdh120d

In return, you'll get a 1 time use code for this user. Something like:

BB48E446424B406A68194A39B8EA9067994C684C3CAF8C7171B8DB69B73BD93C615E22FF93DAB5B06144CFE44E3D3ECB

If the User and Key are not formatted correctly, you will receive:

Invalid Key

Setting Up your Single Sign On Script

To setup your IndySoft Client to receive a Single Sign On WebTier Request, you'll need to add 1 more Script. This time, in the Profile Manager utility (ISSECURE.EXE) which will require IndySoft System Administrator login rights.

hm_clip3044rest_zoom35

Login Custom Rules Menu Option

Press the New Button to create a new Login Custom Rule.

hm_clip3046rest_zoom35

New Login Custom Rule

Enter WEBTIERSSO as the Custom Rule Name and choose a trigger action of Login Override for SSO. Choose a Project based script and press the New button.

hm_clip3048rest_zoom30

New Custom Rule Settings

A New Project dialog will appear, call it also WEBTIERSSO and choose From Backup Project. If IndySoft Support has not already provided you with a WEBTIERSSO.ZIP project, please request one. If you have the file, then select it after you press OK and it will be imported.

hm_clip3045rest_zoom40

New Project Name (From Backup Project)

hm_clip3043rest_zoom30

Completed Custom Rule

One imported the dialog should look similar to this. Press OK to save it.

The project itself will look something like this in the IndySoft Project Designer. There is a label describing the SSO process occurring and a Timer control.

hm_clip3049rest_zoom30

Unit2 of the WEBTIERSSO Project Script

For the Unit1 code - the important option there is that MainForm.ShowModal is there (As opposed to the default of MainForm.Show;

hm_clip3050rest_zoom30

IndySoft Project Designer - WEBTIERSSO Unit 2

The code in Unit2 is displayed below. There is simply code to retrieve a Single Sign On User Code - then validate it and if correct, pass the associated User Name onto the IndySoft Client and allow log-in as that particular user. The 1 time code is then deleted from the Database.

{$FORM TForm2, Unit2.sfm}

uses

Classes, Graphics, Controls, Forms, Dialogs, StdCtrls,

ExtCtrls;

procedure Timer1Timer(Sender: TObject);

begin

Close;

end;

procedure Form2Create(Sender: TObject);

var

sCode, sKey, sOneTimeURL, sEncrypted : String;

begin

SSO_Override := False;

SSO_User := '';

SSO_Profile := '';

sCode := ReturnParamByName('SSOUSER');

If sCode <> '' then

begin

if tdDoSQLRecords(1, 'SELECT VARIABLE_NAME FROM GLOBAL_VARS WHERE VARIABLE_TEXT = ''' + sCode + '''') then

begin

sUser := tdFieldbyNameAsString(1,'VARIABLE_NAME');

RunSQL('DELETE FROM GLOBAL_VARS WHERE VARIABLE_NAME = ''' + sUser + '''');

If Pos('HIDE_U_',sUser) = 1 then

begin

sUser := Copy(sUser,8,Length(sUser)-7);

ShowMessage(sUser);

if tdDoSQLRecords(1, 'SELECT USER_NAME, PROFILE FROM USERS WHERE USER_NAME = ''' + sUser + ''' AND IS_ACTIVE = ''1''') then

begin

SSO_Profile := tdFieldByNameAsString(1, 'PROFILE');

SSO_User := tdFieldbyNameAsString(1,'USER_NAME');

SSO_Override := True;

end;

end;

end;

end;

Timer1.Enabled := True;

end;

begin

end;

Formatting the URL Request for the SSO Login

Once you have retrieved your SSO Login code for a user, the last step is to format a URL request to send.

The format is:

WebTier Server Call + user=@webtieruser + program=program directory + startupdir=startup directory + params=SSOUSER=SSO Code.

An example of this would be:

http://mywebtier.com/software/html5.html?user=@indyclouduser&program=c:\\\\program%20files\\\\indysoft\\\\isdashboard.exe&startupdir=c:\\\\program%20files\\\\indysoft&params=SSOUSER%3D23198C5E978F54AEBFAF52F0EC87746C85AFFCFFCEF58C1DB6FCE4256E1D0F416882393EF44E846A67BF3353A3AD0A54

This would login to the mywebtier.com IndySoft WebTier Server with a login user of indyclouduser. It would launch the isdashboard.exe utility and have it run in the same directory. Last, it would use a params variable to pass SSOUSER=the SSO code. (In this example it's important to use %3D as a substitute for the "=" symbol. It's also important that the a \ to specify a folder location use 4 's with this format. If this is formatted correctly, the IndySoft Client should be launched and the appropriate IndySoft User will automatically be logged in. |