For embedding apps within client pages, Arcadia Enterprise uses trusted authentication protocol to authenticate embedded requests.
When a client requests an Arcadia page, the Arcadia Server authenticates the iframe request and returns Arcadia visualization to the client.
Follow these steps to authenticate a embedded request from the client:
https://arcadiaserver/arc/trustedauth/getticket
Post Ticket Request Using a Ticket-Granting User. To authenticate the ticket request using the trusted ticket granter's Arcadia username and password, use the following syntax:
curl --embedded \ "username=arcuser&trustedusername=ticketgranter&trustedpassword=trustedpass" \
http://127.0.0.1:8000/arc/trustedauth/getticket
If the request is valid, Arcadia Server returns the following ticket:
cYvvmRSHSWOOWNCOeve1vA
. Post Ticket Request Using an IP Address
In this case, Arcadia Server already has the parent Application server IP in the list of trusted IPs. The POST request includes only the Arcadia username, to get the ticket-granting user's full credentials.To authenticate the ticket request using an IP address, use the following syntax.curl --embedded "username=arcuser"
http://127.0.0.1:8000/arc/trustedauth/getticket
If
the request is valid, Arcadia Server returns the following ticket:
cYvvmRSHSWOOWNCOeve1vA
.
The parent Application Server uses the ticket to generate a unique URL, which contains the <iframe> tag and the ticket for the embedded visual, and sends it to the client.
In our examples, the URL address in the iframe would be:
http://127.0.0.1:8000/arc/trustedauth/trusted/cYvvmRSHSWOOWNCOeve1vA/app/1
The client browser uses the iframe URL obtained from the Application Server and forwards the same URL to the Arcadia Server, requesting for the visual.
http://127.0.0.1:8000/arc/trustedauth/trusted/cYvvmRSHSWOOWNCOeve1vA/app/1
The Arcadia Server authenticates the iframe request based on the ticket that is part of the request URL. If the ticket is valid, it automatically logs in the username specified in the original POST request. It then sends the visual to the client.