Ajax cross domain asynchronous single sign on

1. problem description

The OA system is integrated with the BI system, and the BI is bound to the nodes of the OA system. To realize single sign on to FineBI in the OA system, the user needs to transfer the user name and password to the authentication address of the BI in the OA login interface for authentication.

If the OA system and the BI system are not deployed on the same server and cross domain login is performed during login, how can the cross domain login of the OA system and the BI system be realized through Ajax?

2. solutions

Both iframe mode and Ajax mode can realize cross domain single sign on, but Ajax can realize asynchronous single sign on and process the results of BI system verification, such as login timeout; However, iframe cannot be processed asynchronously, and the verification result cannot be processed during verification.

Ajax login mode naturally supports cross domain, so in the login interface of OA system, the user name and password are directly sent to the BI server through Ajax for background verification, which can solve the cross domain single sign on problem.

Start two projects with port numbers of 37799 and 8080, and create new HTML files ajaxlogin.html and ajaxlogout HTML to the project with port number 37799. visit http://localhost:37799/webroot/ajaxlogin.html , enter the user name and password of the 8080 project, and successfully access the 8080 project.

Open a new tab on the successfully logged in browser to access http://localhost:37799/webroot/ajaxlogout.html, click the "login" button to refresh the 8080 project page that was successfully logged in before, and the user is kicked out of the login.

Note: the examples in this chapter are applicable to PC.

1. environmental preparation

1) The two projects prepared in this article are:

Note: the two projects need to have the same user name and password.

• Local project, port number 37799

• Project deployed to Tomcat with port number of 8080

See: Tomcat server deployment for Tomcat server deployment

2) Start two projects.

2. new login page

Note 1: modify the access path or port number in the code according to the actual situation.

Note 2: in the Intranet environment, the jquery.min.js file referenced by the following code cannot take effect. You need to download the JS file locally and modify the corresponding path. Please refer to Section 2.3 of the  Single sign on problem summary document for specific steps.

1) there are no special characters in the user name or password

Create a new HTML file named "ajaxlogin.html". The code is as follows:

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; " charset="UTF-8">
    <script type="text/javascript" src="https://cdn.bootcss.com/jquery/1.9.1/jquery.min.js"></script>
    <script type="text/javascript">
        function doSubmit() {
            var username = document.getElementById("username").value.trim();
            var password = document.getElementById("password").value.trim();
            if (username === "") {
                window.alert("enter one user name");
                return false;
            }
            if (password === "") {
                window.alert("Please input a password");
                return false;
            }
            var url = "http://localhost:8080/webroot/decision/login/cross/domain" + "?fine_username=" + username + "&fine_password=" + password + "&validity=" + -1;
			alert(url);
            jQuery.ajax({
                url: url,//Single sign on management platform report server
                timeout: 5000,//Timeout (in milliseconds)
                dataType:"jsonp",//Jsonp is adopted for cross domain
                jsonp:"callback",
                success: function (res) {
                    console.log(res);
                    if (res.errorCode) {
                        window.alert(res.errorMsg);
                    }else {
                        // Save the token and jump to the corresponding link
                        window.location.href = "http://localhost:8080/webroot/decision";
                    }
                },
                error: function () {
                    alert("Timeout or other server error");// Login failure (timeout or other server error)  
                }
            });
        }
    </script>
</head>
<body>
<p>Please login</p>
<form id="login" name="login" method="POST" action="">
    <p>user name:<input id="username" type="text" name="username"/></p>
    <p>password:<input id="password" type="password" name="password"/></p>
    <input type="button" value="登录" onClick="doSubmit()"/>
</form>
</body>
</html>

2) there are special characters in the user name or password

If there are special characters in the user name or password, such as "& #", the user name or password needs to be transcoded. This section provides two transcoding methods:

• Scheme 1: transcode using encodeURIComponent()

var url = "http://localhost:8080/webroot/decision/login/cross/domain" + "?fine_username=" +encodeURIComponent(username)
 + "&fine_password=" + encodeURIComponent(password) + "&validity=" + -1;

HTML code example: Scheme 1.html

• Scheme 2: use data to transfer parameters

data:{"fine_username":username,"fine_password":password,validity:-1},

HTML code example: Scheme II.html

3. logout user page

Create a new HTML file named "ajaxlogout.html". The code is as follows:

Note: modify the access path or port number in the code according to the actual situation.

<html>      
  <head>      
  <meta http-equiv="Content-Type" content="text/html; " charset="UTF-8">
  <script type="text/javascript" src="https://cdn.bootcss.com/jquery/1.9.1/jquery.min.js"></script>    
  <script type="text/javascript">      
    function doSubmit() {  
	 jQuery.ajax({  
     url:"http://localhost:8080/webroot/decision/logout/cross/domain",//Single sign on report server  
     dataType:"jsonp",//Jsonp is adopted for cross domain  
     jsonp:"callback",  
     timeout:5000,//Timeout (in milliseconds)  
     success:function(data) {  
            if (data.status === "success") {  
                  //Login succeeded
					alert("Logged out");
            }   
     },  
     error:function(){  
           // Logout failed (timeout or other server error)  
     }  
});
  }  
 </script>      
</head>      
<body>      
  <p>Please log out</p>      
  <form id="login" name="login" method="POST"  action="" >            
    <input type="button" value="log out"  onClick="doSubmit()" />      
  </form>      
 </body>      
</html

4. place the HTML file in the specified location

Save the saved ajaxlogin.html and ajaxlogout.html file to the %BI_HOME%/webapps/webroot folder, as shown in the following figure:

5. close safety protection related buttons

1) Enter the project platform with port number 37799 as an administrator, click "management system > security management", close "content sniffing attack protection" and "click hijacking attack protection", as shown in the following figure:

2) In the same step, turn off "content sniffing attack protection" and "click hijacking attack protection" of the project with port number 8080.

6. effect viewing

1) Open the browser and access: http://localhost:37799/webroot/ajaxlogin.html, enter the account number and password of the 8080 project, and successfully access the 8080 project. As shown in the following figure:

2) Open a new tab on the successfully logged in browser to access http://localhost:37799/webroot/ajaxlogout.html.Click the "log out" button to switch to the 8080 project page that was successfully logged in before, refresh the page, and the user will be kicked out of the login. As shown in the following figure:

Note: if SMS login verification  is enabled for both projects with port number 37799 and port number 8080, access http://localhost:37799/webroot/ajaxlogin.html Ajax single sign on will skip SMS verification and directly log in successfully.