Successfully!

Error!

Frontend SSO Interface

  • Last update:  2023-12-04

    • Overview

    This document introduces the Single Sign-on (SSO) interface supported by FineReport.

    iconNote:
    FanRuan provides official interfaces related to FineReport SSO and only solve their calling issues. If you encounter non-interface errors during the actual operation, you can contact the technical personnel of your company for troubleshooting.

    Frontend SSO

    The username, password, and other information need to be placed after the URL for login verification. Then you can use iframe or Ajax to achieve frontend cross-domain SSO. Just add the call of the interface to your login page, requiring no backend adaptation. The account and password of the user system need to be the same as those on the FanRuan platform.

    Interface Introduction

    Two methods for frontend SSO are supported in the FineReport system: iframe method and Ajax method.

    FineReport provides you with a unified interface for both login methods as below:

    iconNote:
    This interface uses the GET request method.

    http://localhost:8080/webroot/decision/login/cross/domain?fine_username=XX&fine_password=XX&validity=
    -2&callback=

    The following table describes the parameters.

    Parameter

    Mandatory or Not

    Definition

    $fine_username

    Yes

    User name.

    fine_password

    Yes

    Password.

    encrypted

    No

    Password encrypted or not.

    true:

    The entered password must be encrypted through AES for the normal interface use.

    iconNote:
    You are advised not to encrpt the password or use this parameter in the interface.

    validity

    Yes

    -2:

    Login is kept for 14 days.

    -1:

    Login is not kept. The login period follows the value of Login Timeout under System Management > System Setting > Login.

    iconNote:
    To keeplogin during SSO, set validity to -2.

    callback

    No

    /

    Enter the URL http://localhost:8075/webroot/decision/login/cross/domain?validity=-1&fine_username=account&fine_password=password in the browser. If success is returned, the SSO interface is called successfully.

     

    Other Description

    The following provides specific introduction:

    • This interface can not only be used for SSO, but also as a custom login page. For details, see Online Interface Document on the Decision-making Platform.

    • You need to disable Prevent Content Sniffing Attack on the platform. If the iframe is embedded, you also need to disable Prevent Clickjacking. For details about these switches, see Security Protection.

    • The token returned after the login is stored in a cookie. Ensure that cookies are not disabled for the browser or set to HttpOnly for the same domain's OA or other systems.

    • Since user information is included in the URL, URL characters may occur. You are advised to use encodeURIComponent for encoding.

    • For some IE browsers, you need to add the target site to the trusted site list.

    Difference Between Ajax and Iframe

    Both iframe and Ajax can achieve cross-domain SSO, but only Ajax can achieve asynchronous SSO and process the report system verification results (like login timeout) during the report verification.

     


    Attachment List


    Theme: Deployment and Integration
    Already the First
    Already the Last
    • Helpful
    • Not helpful
    • Only read
    中文(简体) 中文(繁體) 日本語
    English

    Doc Feedback