Cookie Authentication

Installation and Configuration

Copyright ©

Mindbreeze GmbH, A-4020 Linz, 2018.

All rights reserved. All hardware and software names used are registered trade names and/or registered trademarks of the respective manufacturers.

These documents are highly confidential. No rights to our software or our professional services, or results of our professional services, or other protected rights can be based on the handing over and presentation of these documents. Distribution, publication or duplication is not permitted.

.


Cookie Authentication Permanent link for this heading

Cookie authentication allows Mindbreeze InSpire to use the credentials of a web portal for the search. The prerequisite is that a logged-in user in the web portal has a cookie (the web portal and Mindbreeze InSpire are on the same host) or a cookie with login information can be requested (the web portal and Mindbreeze InSpire do not have to be on the same host). In addition, the prerequisite that a cookie can be “broken” into user name and its groups by the web portal must be met. Login scenarios can be found in the chapter Login scenarios.

Configuration Permanent link for this heading

The Cookie Authentication is configured in the Mindbreeze Client Service configuration. The Plugin „SessionAuthenticationService.CookieAuthentication“ has to be added as „Session Authentication Plugin“ to the Client Service configuration. After adding the Plugin the following configuration options are available.

Login Form URLPermanent link for this heading

The „Login Form URL“ defines the Login Form of the Client Service. If the default Login Form is used the URL should be set to
„https://<clientservice+port> /apps/login/login.html?destination=/apps/login/loggedin.html“.

When the User is not logged in this Form is used to enter the username and password of the user. The entered data is transmitted to the Login of the Portal for authorisation.

Sample URLPermanent link for this heading

The “Sample URL” must be available from the portal and converts a cookie obtained through the login into the user name and its groups in the portal. A GET request is sent to the “Sample URL” (the header “Cookie” is set), with the headers “X-Username” and “X-Groups” set in the response. This way the Mindbreeze Search Client knows which user is logged in as well as which groups the user belongs to.

Post URL for Login on PortalPermanent link for this heading

This is the login post URL on the portal to which the username and its password from the login form will be posted. In the process, the user name with “credential_0” and the password with “credential_1” are sent to the “Post URL for Login on Portal” via content-type “application/x-www-form-urlencoded.” Mindbreeze receives the cookie in the header “Set Cookie,” which can be resolved into users and groups using the “Sample URL.”

Additional Login URLsPermanent link for this heading

If the Portal needs additional URLs to be opened before login, the „Additional Login URLs“ are opened and all cookies are collected and sent to the Portal Login.

Additional Form ParamsPermanent link for this heading

Some Portal Login Forms require additional parameters, which can be specified in this Option.

Authentication SzenariosPermanent link for this heading

Mindbreeze Search Client embedded in a Portal Permanent link for this heading

The Portal Login provides a Cookie which can be „cracked“ by the configured „Sample URL“ into credentials. In this scenario only the „Sample URL“ has to be configured.

The Mindbreeze Search Client exists outside the portalPermanent link for this heading

If the Mindbreeze Search Client is to be addressed via a URL other than the portal, the following parameters must be configured, and the procedure is as follows:

  • The login is done via the “Login Form URL” in order to enter the user name and password.
  • The credentials are then sent to “Post URL for Login on Portal” to receive a cookie.
  • This cookie is then sent to the “Sample URL” in order to resolve the logged in user name and its group membership.