Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Chinese

Pagetitle
单点登录(SSO)
单点登录(SSO)

Table of Contents


English
User logs in to external system / identity provider and implicitly gains access to Joget

...

without being prompted to login again.

Using JSON API

  • Using '/web/json/directory/user/sso' JSON API.
  • You are allowed to call this method using JSON API Authentication or 
  • Directly passes the username and password with "username" and "password" parameters respectively shown in following example.
Code Block
languagejs
<script>
    $(document).ready(function(){
		$.ajax({
            type: "POST",
            url: 'http://localhost:8080/jw/web/json/directory/user/sso?callback=callbackFunction',
            data: {
                username: 'admin',
                password: 'admin'
            },
            success: function(res) {
                console.log("username (" + res.username + ") is " + ((res.isAdmin !== undefined && res.isAdmin === "true")?"admin":"not an admin"));
            },
            dataType: "json"
        });
    });
</script>

Using Basic Http Authentication with JSON API

  • Since V4, Joget Workflow is supported Basic HTTP Authentication in JSON API authentication, you can passing the credentials in the header.
  • ExampleAssuming the username and password required is "user1" and "password1" respectively, we can set the Basic Auth header to the JSON API using following jQuery script.
Code Block
languagejs
<script>
    $(document).ready(function(){
		$.ajax({
            type: "POST",
            url: 'http://localhost:8080/jw/web/json/directory/user/sso',
            beforeSend: function (xhr) {
                xhr.setRequestHeader ("Authorization", "Basic dXNlcjE6cGFzc3dvcmQx");
            },
            success: function(res) {
                console.log("username (" + res.username + ") is " + ((res.isAdmin !== undefined && res.isAdmin === "true")?"admin":"not an admin"));
            },
            dataType: "json"
        });
    });
</script>

Using Javascript API

  • Includes the jQuery & util.js libraries. 
  • Using the AssignmentManager.login method for SSO.

  • Perform actions in callback of successful login.
Code Block
langjavascript
<script type="text/javascript" src="http://localhost:8080/jw/js/jquery/jquery-1.9.1.min.js"></script>
<script type="text/javascript" src="http://localhost:8080/jw/js/json/util.js" ></script>

<script type="text/javascript" >
$(document).ready(function(){
    var loginCallback = {
        success : function(response){
            if(response.username != "roleAnonymous"){
                alert("login successfully");
            }else{
                alert("login fail");
            }
        }
    };
    AssignmentManager.login('http://localhost:8080/jw', 'admin', 'admin', loginCallback);
});
</script>

...

Chinese

用户登录到外部系统,隐式获得对Joget 的访问,而不会再提示重新登录。

Thai

ผู้ใช้ล็อกอินเข้าสู่ระบบภายนอกและเข้าถึง Joget โดยปริยายโดยไม่ต้องแจ้งให้ลงชื่อเข้าใช้อีกครั้ง

Joget SSO on G Suite

Please see Joget Low Code Application Platform for G Suite

Joget SSO with Keycloak using SAML

Please see Joget SSO with Keycloak using SAML.

Joget SSO with Azure Active Directory using SAML

Please see Joget SSO with Azure Active Directory using SAML.

Joget SSO to Active Directory with Kerberos

Please see Joget SSO to Active Directory with Kerberos.

OpenID Connect

Please see OpenID Connect Directory Manager Plugin.

Joget SharePoint SSO Integration

Please see Joget SharePoint SSO Integration.

Login an User Programmatically

Chinese

以编程方式登录用户

Thai

เข้าสู่ระบบผู้ใช้โดยทางโปรแกรม


...

  • Chinese

    您可以构建自己的  Web Service插件来执行自定义的SSO实现。

    Thai

    คุณสามารถสร้าง  Web Service Plugin ของคุณเองเพื่อเรียกใช้การปรับใช้ SSO แบบกำหนดเอง


Code Block
import org.joget.apps.workflow.security.WorkflowUserDetails;
import org.joget.directory.model.service.DirectoryManager;
import org.joget.workflow.model.service.WorkflowUserManager;
import org.joget.apps.app.service.AppUtil;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.joget.directory.model.User;
import org.joget.workflow.util.WorkflowUtil;
import org.springframework.security.core.context.SecurityContextHolder;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
 
//Get service beans
DirectoryManager dm = (DirectoryManager) AppUtil.getApplicationContext().getBean("directoryManager");
WorkflowUserManager workflowUserManager = (WorkflowUserManager) AppUtil.getApplicationContext().getBean("workflowUserManager");
 
//Login as "clark"
String username = "clark"; 
User user = dm.getUserByUsername(username);

if (user != null) {
    WorkflowUserDetails userDetail = new WorkflowUserDetails(user);
 
    //Generate an authentication token without a password
    UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userDetail.getUsername(), "", userDetail.getAuthorities());
    auth.setDetails(userDetail);
    //Login the user
    SecurityContextHolder.getContext().setAuthentication(auth);
    workflowUserManager.setCurrentThreadUser(user.getUsername());

    // generate new session to avoid session fixation vulnerability
    HttpServletRequest httpRequest = WorkflowUtil.getHttpServletRequest();
    HttpSession session = httpRequest.getSession(false);
    if (session != null) {
        SavedRequest savedRequest = (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY");
        session.invalidate();
        session = httpRequest.getSession(true);
        if (savedRequest != null) {
            session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", savedRequest);
        }
    }
}

Please note that if you are adding these code in a filter, you will need to store the SecurityContext to session.

Chinese

请注意,如果要将这些代码添加到过滤器中,则需要将SecurityContext存储到会话中。

Thai

โปรดทราบว่าหากคุณเพิ่มรหัสเหล่านี้ในตัวกรองคุณจะต้องเก็บ SecurityContext ไปที่เซสชัน

Code Block
//Store SecurityContext to session to avoid spring security to clean it.
session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());

 

...