Overview
This document summarizes single sign-on (SSO) FAQs and related notes, helping you quickly find the required answer.
Related documents are listed as follows:
The following table lists relevant questions.
SSO | Can the decision-making platform be directly logged in after your own login platform is logged in using the unified identity? |
Certificate configuration | Are related operation documents available for users to configure HTTPS domain names in the FineReport server? |
Where is the SSL certificate generally placed and how should it be configured? | |
Frontend SSO | How long does the login keeping attribute set in SSO last? |
CAS SSO | What configurations should be removed from web.xml to remove CAS? |
After CAS integration, how does the designer connect to the remote server? | |
Where can you configure exit if you exit to the homepage of the FineReport decision-making platform rather than the SSO page after login through SSO? | |
Failed SSO in the browser | What can you do if login is abnomal due to Token read failure? |
Notes
Disabled Cookie
Browser cookie may be disabled in certain situations, resulting in login failures. Different browsers have different methods to enable cookie. The following figure shows how to enable cookie for IE, Chrome, and Firefox. You can search for methods to enable cookie for other browsers. Note that if cookie clearance upon exit is set for the browser, the login keeping function is unavailable, requiring login each time.
Privacy and Security Policies
For IE of certain versions (especially, IE V9/10), its privacy policy determines that the cookie cannot be written directly if the decision-making platform is embedded into other OA systems or placed in an iframe. You need to add the site to the trusted sites or lower the privacy level. Note that the added address cannot be localhost or 127.0.0.1.
HttpOnly
After the cookie is set to HttpOnly in special cases, JS cannot read the token and the request header cannot correctly carry the token, resulting in authentication failures. In this case, going back to the login page and logging in again directly cannot solve the problem. After login keeping is disabled, simply close the browser and reopen it to solve the problem. If the cookie has an expiration time set, manual clearance is required.
URL Encoding
If special characters like / are contained in the username and password (whether there is a password depends on the login method) directly placed in URL during login, requests are problematic. The solution is to encode the special characters through the encodeURIComponent() method.
Cookie Storage
After successful login, normally two records need to be stored. One is the token after successful login (stored through fine_auth_token) and the other is whether login is kept (stored through fine_remember_login). If the login cannot be kept, you need to check the token and whether the record stored by fine_remember_login is -2.
