New post
Question
· Dec 14, 2016

Login to csp application from remote system

#Security #Ensemble

Hi,

i have a csp application (namespace default) to which i like to login from remote. This is possible via

http://localhost:57772/csp/namespace/MyApp.MyPage.cls?CacheUserName=<use...

So the credentials need to be in cleartext which is in fact a problem. The invocation is made within a lan so we don´t need to transport the credentials over the web. Anyway, a remote application likes to use that page (display and work with it) and is able to pass in different parameters. These parameters are encoded in a way I couldn´t figure out yet.

I try to figrue out how such an remote login approach would work in the given scenario. Anyone who has accomplished this yet and what are the steps neccessary to solve this, since remote app and my app need to be use the same encoding mechanism for the credentials.

Any suggestions would be highly appreciated.

best regards,

sebastian

Discussion (2)1
Log in or sign up to continue
Fabian Haupt · Dec 14, 2016

Hi Sebastian,

so if I understand you correctly, you want to use your csp application to authenticate users for another application? 

In that case, I would recommend having a look at the oauth article over here and here. Using this SSO approach, you get rid of the problem of transmitting usernames and passwords in cleartext altogether. And it allows your two different applications to use the same credentials. 

Hope this is helps! 

-Fab

0 0
Sebastian Thiele · Dec 14, 2016

Hi Fabian,

not exactly. The setting is the following. Some application (no ensemble, no cache) within a domain shall access (via http link) ensemble (only my webapplication) and display some pages in there. Therefore it need to log in to ensemble. 

The way to go is... provide the remote application with the link to invoke to enter my webapplication. This is a migration project. In the past the remote app accessed another application using encrypted username/pw tokens. Anyway the project knowledge of how this was done/mechanisms used is lost :(. Anyway the link to invoke to get the application can be changed in the remote application.

Now after writing this post, I think that OAuth would be one aproach but the customer runs ens 2015.2.

best regards,

sebastian

0 0