Authenticating Embedded Requests

For embedding apps within client pages, Arcadia Enterprise uses trusted authentication protocol to authenticate embedded requests.

When a client requests an Arcadia page, the Arcadia Server authenticates the iframe request and returns Arcadia visualization to the client.

Follow these steps to authenticate a embedded request from the client:

Request a Ticket from Arcadia Server

The parent Application Server sends a POST ticket request to Arcadia Server by either using the ticket-granting Arcadia username or an IP address, or both. The ticket request has the following syntax:
https://arcadiaserver/arc/trustedauth/getticket

Post Ticket Request Using a Ticket-Granting User. To authenticate the ticket request using the trusted ticket granter's Arcadia username and password, use the following syntax:

curl --data \ "username=arcuser&trustedusername=ticketgranter&trustedpassword=trustedpass" \ 
        http://127.0.0.1:8000/arc/trustedauth/getticket
If the request is valid, Arcadia Server returns the following ticket: cYvvmRSHSWOOWNCOeve1vA.

Post Ticket Request Using an IP Address

In this case, Arcadia Server already has the parent Application server IP in the list of trusted IPs. The POST request includes only the Arcadia username, to get the ticket-granting user's full credentials.To authenticate the ticket request using an IP address, use the following syntax.
curl --data "username=arcuser" 
http://127.0.0.1:8000/arc/trustedauth/getticket

If the request is valid, Arcadia Server returns the following ticket: cYvvmRSHSWOOWNCOeve1vA.

The following POST Parameters are used in the above two examples:
username
User identifier for automatic login.
trustedusername
User identifier for ticket-granting user; optional when using trusted IP authentication.
trustedpassword
Password for ticket granting user.

Generate a Unique URL

The parent Application Server uses the ticket to generate a unique URL, which contains the <iframe> tag and the ticket for the embedded visual, and sends it to the client.

In our examples, the URL address in the iframe would be:

http://127.0.0.1:8000/arc/trustedauth/trusted/cYvvmRSHSWOOWNCOeve1vA/app/1

Request Visual from Arcadia Server

The client browser uses the iframe URL obtained from the Application Server and forwards the same URL to the Arcadia Server, requesting for the visual.

http://127.0.0.1:8000/arc/trustedauth/trusted/cYvvmRSHSWOOWNCOeve1vA/app/1

Return Arcadia Visual

The Arcadia Server authenticates the iframe request based on the ticket that is part of the request URL. If the ticket is valid, it automatically logs in the username specified in the original POST request. It then sends the visual to the client.