CSUI Widget and OTDS Authentication

Hello Folks,
I have a CSUI (10.5) Browse widget html hosted on IIS. We need to enter Username & Password to see the contents of the folder in CS. Since I have the latest OTDS (16.2), I can directly get the OTDSSSO ticket by making an OTDS REST call to otdsws/v1/authentication/headers.
Wondering if anyone had any luck to use this mechanism to authenticate automatically when the widget html is accessed? I really don't want the users to prompt for username/pwd. This would help integrate these widgets easily into other apps outside Content Server. For example: We can replace webparts in Sharepoint with this widget html.

Thanks,

Mahesh

Find more posts tagged with

Comments

Ferdinand Prantl

Yes, you can authenticate CS UI Widgets using an OTDS ticket.

This is how you set up the connection using OTCSTicket:

 connection: {    url: '//server/instance/cs/api/v1/',    supportPath: '/instancesupport',    ticket: '...' // Obtained by POST .../auth  }

This is how you set up the connection using OTDSTicket:

 connection: {    url: '//server/instance/cs/api/v1/',    supportPath: '/instancesupport',    authenticationHeaders: {      OTDSTicket:  '...' // Received from OTDS    }  }

Basically, you can use any HTTP header in "authenticationHeaders", which is supported by a CS login callback and performs a custom authentication. OTDS supplies such callback for OTDS tickets.

OTDSSSO ticket has to be exchanged for the "native" ticket after the first server call, because it becomes invalid then. CS UI Widgets has supported this feature since the 2014/12 patch. Make sure, that you have installed the most recent updates.

Mahesh Pinnamaneni

Hi Ferdinand,

Thanks for the reply. I tried different approaches and I couldn't able to get it to work when I call the html page and do a single sign on into the browse widget. I guess there is no CS(10.5) REST API to get the token directly with GET, is that right? I see only option is to get OTDSSO ticket which I can get the token when called from browser but its not working when I call using ajax call. Any thoughts? Attached here is the code that I was trying..

Appreciate it.

Thanks,

Mahesh

browse.html

Ferdinand Prantl

Your code is fine. CS UI Widgets do not include a component providing SSO. They are supposed to be placed on a page, which has been already authenticated and the ticket is available there.

I am not aware of any CS REST API, which would authenticate by a GET request. You cannot prevent the login dialog or hardcoded credentials, as long as you have only a static HTML page and nothing else. I can think about the following ways to achieve SSO:

Convert you page into a dynamically generated one. (ASP.NET, JSP, BSP, WebLingo etc.) Obtain the ticket on the server side and render it on the page in a JavaScript element.
Use a hidden iframe on your page to perform the authentication and post a message with the token to the main frame. OpenText AGA authenticates like this, AFAIK.

Mahesh Pinnamaneni

Thanks Ferdinand. Will try those options.

Marius Bakkeli

Quoted Ferdinand Prantl on 10/12/2018 07:02 AM:

Your code is fine. CS UI Widgets do not include a component providing SSO. They are supposed to be placed on a page, which has been already authenticated and the ticket is available there.

Convert you page into a dynamically generated one. (ASP.NET, JSP, BSP, WebLingo etc.) Obtain the ticket on the server side and render it on the page in a JavaScript element.
Use a hidden iframe on your page to perform the authentication and post a message with the token to the main frame. OpenText AGA authenticates like this, AFAIK.

Hi,

Could someone explain how to achieve option 2, hidden iframe?

I'm new to CSUI and OTDS, and not sure how to do this.

I know how to setup and post message between pages, but I don't know how to obtain the token from the ifram page.

Regards,

Marius

MangeshThorat

Correction: For both OTCS and OTDS we have to use authenticationHeaders as shown below

 connection: {    url: '//server/instance/cs/api/v1/',    supportPath: '/instancesupport',    authenticationHeaders: {      OTCSTicket:  '...' // Received from OTCS    }  }
 connection: {    url: '//server/instance/cs/api/v1/',    supportPath: '/instancesupport',    authenticationHeaders: {      OTDSTicket:  '...' // Received from OTDS    }  }

Wei Wei

@MangeshThorat Did you make it work for CS 21? We have a similar situation and would like to make it available for SharePoint page.

Appu Nair

See this post

https://forums.opentext.com/forums/developer/discussion/comment/961122#Comment_961122

The CS REST API will only work if it sees OTCSTicket or OTDSTicket it will not accept a Livelink cookie or any cookie. The only time the rest api accepts a cookie is when you already have a authenticated page like a WR, you can then use a tag to pass it to the CS REST api call