Home
TeamSite
Authenticating for a tool using teamsite login
manugarg
Hi guys,
I have to write a tool that copies content from one branch to another branch as per user specification. I have to host it on the teamsite server.
For this tool I need to authenticate the user so that only valid users can copy the content and I want this authentication to be done using teamsite login screen. If I use cutom menu item (CMI) feature, first he'll have to go to teamsite home page and then from some cutom menu item, he will be taken to tool homepage. I would also like to add some query option to the tool homepage url. Using CMI it's not possible, so user will have to provide these parameters to tool after reaching homepage. Is there anyway to avoid this extra effort by user?
Is something similar to following possible: user clicks on the tool's url, it redirects to login page and then redirect it back to old url i.e. tool homepage. If somebody has done something similar to this, please let me know.
Thanks,
Manu
TeamSite Administrator,
GE Healthcare
Find more posts tagged with
Comments
Valentine
I would think that you have 2 choices,
- cgi script, located on the TeamSite server and called by the Workflow.
- Implement the application using ContentServices SDK
ts_user
Have a CGI or a JSP page check the user's cookie to verify if the user is a valid user or redirect to the login page. After authentication provide option for browsing the the backing store to select from and to branch and then copy files with extended attributes.
You can have users go directly to this CGI/JSP page instead of having to invoke it from the dropdown. For authenticating from with JSP page we check the cookie to see if the user is already authenticated:
if (cookie.getName().equals("IWAUTH")) {
// User already logged into TeamSite
....
......
}
Migrateduser
NOTE: The presence of an IWAUTH cookie does not guarantee that the user has a valid session, only that the user has logged in at some point. The server may be configured to expire user sessions, in which case the IWAUTH cookie may identify an expired session.
Brinko Kobrin
Interwoven Staff Engineer
manugarg
Thanks for your reply ts_user. But, when user is not already logged in, after authentication from login page, I want to come back to the cgi script, not the teamsite gui. Is it possible in teamsite e.g. by passing some parameter to login servlet.
-Manu
TeamSite Administrator,
GE Healthcare
ts_user
Thanks Brinko, I did not check that condition. But as Manu is looking for valid users to access that page, I think it would work for him.
Manu, What we do here is to provide the login page as a popup. After the users login, they can close the login page and refresh the CGI/JSP to access the content. If you would like to provide a customized login page, I think you can do so by using OpenAPI or CSSDK. I haven't tried those options yet as our users have been happy with this pop-up workaround.
iwovGraduate
From the value of IWAUTH cookie, is there a way to find out if the user has a valid / unexpired session ?
...in which case the IWAUTH cookie may identify an expired session.
How ?
Migrateduser
You can validate a IWAUTH string using CS. Use CSFactory.getUser with the session string. There are methods on the CSClient object to determine its validity and expiration date.
Brinko Kobrin
Interwoven Staff Engineer
iwovGraduate
Thanks brinko.
Any way this can be done using plain old CGI ?
Migrateduser
I am not aware of any easy way to validate the user session from a CGI.
You could write Perl code that sends an HTTP request to the server with that cookie and then inspects the response. If the session has expired then the response should either contain the login page or a redirect request to the login page.
Brinko Kobrin
Interwoven Staff Engineer
iwovGraduate
You can avoid the pop-up or extra click on user's part.
Related threads:
prompt for TS login from CGI script
How to check to see if a user is logged in
Validating IWAUTH
manugarg
Thank you all for the responses!
Well I finally worked it out. This is how I am doing this:
1. User clicks on the following URL:
http://teamsiteserver/iw/tool.html
2. Javascript inside this html check for the IWAUTH cookie. If cookie is found it redirects the user to following URL:
http://teamsiteserver/iw-bin/iw_cgi_wrapper.cgi/tool_home.cgi
3. If valid cookie is not found, it redirects to another cgi script:
http://teamsiteserver/iw-bin/tool_auth.cgi
4. Inside tool_auth.cgi script, I post the login data (after teamsite encoding) to the teamsite authentication url. I grab the cookies from returned headers, if everything is fine set the cookies and redirect the user to tool_home.cgi. If wrong login data then take the user to login page again.
I know writing tool_auth.cgi is a major pain, but this looks like a clean solution. If someone interested, I can post the script here after doing few more checks and generalization.
Cheers!
Manu
TeamSite Administrator,
GE Healthcare
lhdavis
I know I would be interested in seeing the finished script...or maybe you could even contribute an article and try and win the iPod.
Luke Davis
Open Technology Group, Inc.
luke.davis@med.va.gov
