iframe Cross-domain SSO

  • Last update:December 11, 2020
  • I. Overview

    1) For the single sign-on of FineReport in OA system, the user needs to pass the user name and password into the authentication address of the report in the OA login interface for authentication. If the OA system and the reporting system are not deployed on the same server, and cross-domain is carried out during login

    2) how to achieve cross-domain sign-on of OA system and reporting system through iframe?

    II. Steps

    In JS of the login interface of OA system, the report will first embed the permission verification address in an iframe to solve the JS cross-domain problem, and then trigger the form login event in the iframe to realize the jump of the login page.

    Note: if the report is embedded in the way of cross-domain iframe and cannot be accessed, please turn off the [Click Attack Protection] in the advanced setting of "Security Headers", please see:

    2.png

    Through the simplified OA login page, explain the implementation steps of iframe cross-domain single sign-on:

    The report platform system authentication address of FineReport is:

    scr.src = " <a href="http://localhost:8075/webroot/decision/login/cross/domain?fine_username=" "="">http://localhost:8075/webroot/decision/login/cross/domain?fine_username=" + username + "&fine_password=" + password + "&validity=" + -1 + "&callback=callback";

    Login button event Settings

    User input user name password and then click the submit or login button, the trigger doSubmit () method, this method first create a iframe, then report to verify the user name password authentication address pointing to the iframe SRC, and to use the browser to determine for each browser registered of writing is different, then this iframe tags added to the head, the implementation report forms authentication code is as follows:

    function doSubmit() {
        var username = document.getElementById("username").value;// Gets the username entered
        var password = document.getElementById("password").value;  // Gets the entered password
        var scr = document.createElement("iframe");      //Create iframe
        scr.src = " <a href="http://localhost:8075/webroot/decision/login/cross/domain?fine_username=" "="">http://localhost:8075/webroot/decision/login/cross/domain?fine_username=" + username + "&fine_password=" + password + "&validity=" + -1 + "&callback=callback";    // Points the address to which the report authenticates the username and password to this iframe
        if (scr.attachEvent){       // Determine if you are an Internet explorer browser
              scr.attachEvent("onload", function(){
                   // If the browser is ie, the page will be executed immediately after loading
                       window.location=" <a href="http://localhost:8075/webroot/decision" ;"="">http://localhost:8075/webroot/decision";         // Jump directly to the data decision system
              });
         } else {
              scr.onload = function(){
                    // Other browsers reload the onload event
                    /* Jumps to the specified login success page,index.jsp
                    var f = document.getElementById("login");
                    f.submit();  */
                    window.location=" <a href="http://localhost:8075/webroot/decision" ;"="">http://localhost:8075/webroot/decision";             // Jump directly to the data decision system
                };
           }   document.getElementsByTagName("head")[0].appendChild(scr);         // Embed the iframe tag in the head
       }

    Put the submission time of the above iframe single sign-on on the original OA system login page, which means that the event will be triggered when the login button is clicked. After modification, the code of cross-domain single sign-on can be realized as follows:

    <!DOCTYPE html>
    <html>
      <head>
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <meta http-equiv="X-UA-Compatible" content="IE=10" />
      <script type="text/javascript">
        function doSubmit() {
            var username = document.getElementById("username").value; // Gets the username entered
            var password = document.getElementById("password").value;  // Gets the entered password
            var scr = document.createElement("iframe");      //Create iframe
            scr.src = "<a href="http://192.168.1.40:8075/webroot/decision/login/cross/domain?fine_username=" "="">http://192.168.1.40:8075/webroot/decision/login/cross/domain?fine_username=" + username + "&fine_password=" + password + "&validity=" + -1 + "&callback=callback";   // Points the address to which the report authenticates the username and password to this iframe
            if (scr.attachEvent)      {
           // Determine if you are an Internet explorer browser
                     scr.attachEvent("onload", function(){
                        // If the browser is ie, the page will be executed immediately after loading
                         window.location="<a href="http://192.168.1.40:8075/webroot/decision" ;"="">http://192.168.1.40:8075/webroot/decision"; // Jump directly to the data decision system
                   });
                  } else {
                     scr.onload = function(){              // Other browsers reload the onload event
                      /* Jumps to the specified login success page,index.jsp
                        var f = document.getElementById("login");
                          f.submit();  */
                    window.location="<a href="http://192.168.1.40:8075/webroot/decision" ;"="">http://192.168.1.40:8075/webroot/decision"; // Jump directly to the data decision system
                };
               }
                   document.getElementsByTagName("head")[0].appendChild(scr);   // Embed the iframe tag in the head
              }
        </script>
          </head>
          <body>
            <p>Please login</p>
            <form id="login" name="login" method="POST"  action="" >
            <p>username:<input id="username" type="text" name="username" /></p>
            <p>password:<input id="password" type="password" name="password"/></p>
            <input type="button" value="Login" onClick="doSubmit()" />
            </form>
          </body>
        </html>

    III. Matters need attention

    Since IE11 does not have the attachEvent property, we can add a meta tag to set the browser's default compatibility mode by adding it in the HTML head tag

    <meta http-equiv="X-UA-Compatible" content="IE=10" />

    This meta TAB sets the browser's default compatibility mode to IE10.This allows you to still use the attachEvent attribute.

    In addition, Internet explorer needs to add the address of the report server to the trusted site, as shown below:

    3.png

    IV. Log out

    When FineReport is integrated into the project, log out the project user, and also want to log out the user name session of the system, exit the system. The logout method is as follows:

    http://192.168.1.40:8075/webroot/decision/logout/cross/domain to log out of the FR system.


    Attachment List


    Theme: Decision-making Platform
    Already the First
    Already the Last
    • Helpful
    • Not helpful
    • Only read

    滑鼠選中內容,快速回饋問題

    滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。

    不再提示

    10s後關閉

    Get
    Help
    Online Support
    Professional technical support is provided to quickly help you solve problems.
    Online support is available from 9:00-12:00 and 13:30-17:30 on weekdays.
    Page Feedback
    You can provide suggestions and feedback for the current web page.
    Pre-Sales Consultation
    Business Consultation
    Business: international@fanruan.com
    Support: support@fanruan.com
    Page Feedback
    *Problem Type
    Cannot be empty
    Problem Description
    0/1000
    Cannot be empty

    Submitted successfully

    Network busy