Frontend SSO Interface

This document introduces the Single Sign-on (SSO) interface supported by FineReport.

Note:

FanRuan provides official interfaces related to FineReport SSO and only solve their calling issues. If you encounter non-interface errors during the actual operation, you can contact the technical personnel of your company for troubleshooting.

The username, password, and other information need to be placed after the URL for login verification. Then you can use iframe or Ajax to achieve frontend cross-domain SSO. Just add the call of the interface to your login page, requiring no backend adaptation. The account and password of the user system need to be the same as those on the FanRuan platform.

Interface Introduction

Two methods for frontend SSO are supported in the FineReport system: iframe method and Ajax method.

FineReport provides you with a unified interface for both login methods as below:

Note:

This interface uses the GET request method.

http://localhost:8080/webroot/decision/login/cross/domain?fine_username=XX&fine_password=XX&validity=
-2&callback=

The following table describes the parameters.

Parameter	Mandatory or Not	Definition
$fine_username	Yes	User name.
fine_password	Yes	Password.
encrypted	No	Password encrypted or not. true: The entered password must be encrypted through AES for the normal interface use. Note: You are advised not to encrpt the password or use this parameter in the interface.
validity	Yes	-2: Login is kept for 14 days. -1: Login is not kept. The login period follows the value of Login Timeout under System Management > System Setting > Login. Note: To keeplogin during SSO, set validity to -2.
callback	No	/

Enter the URL http://localhost:8075/webroot/decision/login/cross/domain?validity=-1&fine_username=account&fine_password=password in the browser. If success is returned, the SSO interface is called successfully.

Other Description

The following provides specific introduction:

• This interface can not only be used for SSO, but also as a custom login page. For details, see Online Interface Document on the Decision-making Platform.

• You need to disable Prevent Content Sniffing Attack on the platform. If the iframe is embedded, you also need to disable Prevent Clickjacking. For details about these switches, see Security Protection.

• The token returned after the login is stored in a cookie. Ensure that cookies are not disabled for the browser or set to HttpOnly for the same domain's OA or other systems.

• Since user information is included in the URL, URL characters may occur. You are advised to use encodeURIComponent for encoding.

• For some IE browsers, you need to add the target site to the trusted site list.

Difference Between Ajax and Iframe

Both iframe and Ajax can achieve cross-domain SSO, but only Ajax can achieve asynchronous SSO and process the report system verification results (like login timeout) during the report verification.