Tips on how to implement Single Sign-on with Identity Server

Permanently deleted user

26. April 2016 17:45

We are designing a new ASP.net website to interface with an existing GeoCortex HTML5 Viewer. We are going to add a login/authorization page (user id and password) to the ASP.net site and then pass the credentials to GeoCortex. The GeoCortex HTML5 Viewer already uses Identity Server to authorize users. 

 

Are we able to use Identity Server from the ASP.net login page? If so, any tips on how to best implement this with ASP.net?

0

• 

  Kevin Penner

  26. April 2016 17:58

  Hi Rey,

   

  I think the best way to do this is to leverage the signin redirect that is made available via the signin endpoint in Essentials. The signin endpoint is located here by default: https://<server>/Geocortex/Essentials/<InstanceId>/Rest/Security/Signin

   

  Your going to want to use the 'app' parameter on the request which is where the signin will be redirected back to. This will likely be either the asp page or whatever resource you wish to access which is secured in Essentials.

   

  It will look like this

   

  --User arrives at your landing pages and clicks sign in button

   

  --User is redirected to the Essentials signin page https://<server>/Geocortex/Essentials/Rest/Security/Signin?app=<URL of where to go next>&token_type=fragment

   

  --User will sign in and is then redirected to the app url as passed in. They will have a token in the url bar behind the '#' (hash) symbol.

   

  --If you are returning to a custom page (the app argument) you have created, that page can strip off the token and use that when navigating to any secured resource with ?token=<token> appended to the URL/request.

   

  Admins needs to configure the app to be an allowed redirect in REST manager. You may also need to configure the AllowedAudience xml node in the security XML. This basically lets Essentials know where it's allowed to process signins from and where it is allowed to forward to.

   

  Let me know if you want more information.

   

  -Kevin

  0
• 

  Permanently deleted user

  26. April 2016 23:28

  Thanks for the response Kevin. Is there more documentation on this?

   

  - Rey

  0
• 

  Kevin Penner

  26. April 2016 23:40

  Not specifically, but there is a GUC video (https://support.geocortex.com/essentialsGSCVideo?sub-nav=videos&main-nav=essentials&#!/feedtype=SINGLE_ARTICLE_DETAIL&dc=Geocortex_Essentials&id=kA560000000XZQF)  on our security model which will help.

  0
• 

  Permanently deleted user

  28. April 2016 19:23

  Rey Santiago

   

  Kevin,

   

  "leverage the signin redirect"

   

  Is this configured within Identity Server? (The snapshot below is provided by our GeoCortex developer whom I am discussing this with):

   

  

   

  Thanks!

   

    - Rey

   

   

  0
• 

  Kevin Penner

  28. April 2016 20:46

  Hi Rey,

   

  The signin url is not an IdentityServer endpoint. It is an Essentials endpoint and performs a signin as specified in the Providers section of the Security & Data tab in Rest Manager.

   

  Using the signin endpoint as described above will return a token to the browser which can be used in subsequent requests.

   

  -Kevin

   

   

  0

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.