For embedding apps within client pages, Arcadia Enterprise uses the trusted authentication protocol to authenticate embedded requests.
When a client requests an Arcadia page, the Arcadia Server authenticates the
<iframe>
request and returns Arcadia visualization to the client.
Follow these steps to authenticate an embedded request from the client:
https://arcadiaserver/arc/trustedauth/getticket
To authenticate the ticket request using the trusted ticket granter's Arcadia username and password, use the following syntax:
curl --data \ "username=arcuser&trustedusername=ticketgranter&trustedpassword=trustedpass" \
http://127.0.0.1:8000/arc/trustedauth/getticket
If
the request is valid, Arcadia Server returns the ticket
cYvvmRSHSWOOWNCOeve1vA
.
In this case, Arcadia Server already has the parent Application server IP in the list of trusted IPs. The POST request includes only the Arcadia username, to get the ticket-granting user's full credentials. To authenticate the ticket request using an IP address, use the following syntax:
curl --data "username=arcuser"
http://127.0.0.1:8000/arc/trustedauth/getticket
If
the request is valid, Arcadia Server returns the ticket
cYvvmRSHSWOOWNCOeve1vA
.
These POST parameters are used in the preceding examples:
The parent Application Server uses the ticket to generate a unique URL, which contains
the <iframe>
tag and the ticket for the embedded visual, and sends it to
the client.
In our examples, the URL address in the <iframe>
would be:
http://127.0.0.1:8000/arc/trustedauth/trusted/cYvvmRSHSWOOWNCOeve1vA/app/1
The client browser uses the <iframe>
URL obtained from the
Application Server and forwards the same URL to the Arcadia Server, requesting for the
visual.
http://127.0.0.1:8000/arc/trustedauth/trusted/cYvvmRSHSWOOWNCOeve1vA/app/1
The Arcadia Server authenticates the <iframe>
request based on the ticket
that is part of the request URL. If the ticket is valid, it automatically logs in the
username specified in the original POST request. It then sends the visual to the client.