myDBR Forums » Best practices

Embeded Authentication

(7 posts) (2 voices)

Tags:

No tags yet.

  1. jjr, Member

    Hi,
    I'd be grateful for some advice.
    I can see how to set up embedded MyDBR reports in another web page, but I haven't been able to find any information or implement a way to securely log in from the calling web page. Is there a best practice way to do this securely as controlled by the calling web page (rather than initiating SSO from within MyDBR for example)?
    Using Basic HTTP Authentication as suggested at the bottom of this page : https://mydbr.com/doc/content/manage.directurl.html , seems to mean that SSO can't be used from the calling application and if I use <object> or <iframe> tags to embed the MyDBR report then there is an issue of setting the HTTP headers as well as the result being sent back as json rather than an embedded page.
    Any suggestions and support would be much appreciated.
    Thanks.
    JJ

  2. myDBR Team, Key Master

    JJ,
    you can use HTTP Basic authentication for the authentication if the web page is not public but the report is. Why do you need to authenticate if you are embedding results to web page?

    there is an issue of setting the HTTP headers as well as the result being sent back as json rather than an embedded page

    What do you mean by this?

    --
    myDBR Team

  3. jjr, Member

    Hi,

    Thanks for your reply.

    In my case both the web page and the report need to be private, so I need authentication on both my webpage and MyDBR. Is this possible?

    If not then the only solution I can think of is to put them both on the same server and only allow local unauthenticated access to MyDBR, but I would prefer logins to provide different rights for different users.

    What I mean by my other comment is: I understand how to set HTTP headers for a normal HTTP request, but when you embed the page in an <object> or <iframe> tag then the URL to the report is provided in the "data" or "src" attribute respectively and I have not been able to find a reliable way of setting the HTTP headers in such a situation (particularly as I am trying to use Javascript) - however if you know how to do that then would be great. The reference to JSON is that in your example the returned report is requested in JSON format and so because I cannot get the authentication working I am not sure whether your example could be used to embed the page rather than just passing back JSON (as I haven't been able to test yet).

    Thanks, JJ

  4. myDBR Team, Key Master

    If you want to integrate your webpage and myDBR together to use same authetication, use the Single-Sign On.

    You can also request report from myDBR using HTTP Basic authentication, but then you have to deal yourself with different users.

    The object and iframe tags will include the whole document, so not really sure what you mean by "setting the HTTP headers".

    --
    myDBR Team

  5. jjr, Member

    Hi,

    Unless I am mistaken, your implementation of SSO relies on signing in at the MyDBR front end and MyDBR will get authentication from another application. This still presents a MyDBR signin page rather than embedding the application. What I'd like to do is log in to my web page (not MyDBR) and provide MyDBR reports without presenting another login screen to users. Or have I misunderstood your SSO mechanism?

    For the HTTP Basic Authentication - yes I am happy to deal with the users myself, but my point about the HTTP headers is that the HTTP Basic Authentication uses the HTTP headers to provide the login, so that is why I need to set/edit them. Yes the object and iframe tags include the whole document, but how do I use them in conjunction with HTTP Basic Authentication?

    Again if I have misunderstood something here then please let me know as I'd be grateful for any guidance.

    Thanks, JJ

  6. myDBR Team, Key Master

    myDBR Single Sign-On does not use myDBR signin page, but asks the credentials from the SSO server (another application/service). This allows for you to do exactly what you want, user logs in only into your application (web page) and myDBR get's users login credentials from the web page once user accesses myDBR for the first time.

    --
    myDBR Team

  7. jjr, Member

    Great. Thanks.


Reply

You must log in to post.