Single-sign-on to external web application using header parameters

Single-sign-on to external web application using header parameters

  

Users of my application should be able to log into an external (non-OutSystems) web application without providing their credentials. But, due to security demands, i can't use query string parameters. Instead, i am forced to use header parameters. How can that be done?

I have tried a few things from the HTTPRequestHandler extension like AddHeader (to what?), GetRequest_AddArgument + GetRequest_Submit and PostRequest_AddArgument + PostRequest_Submit, but all without success.

It is kind of logical, because it is not about Getting or Posting something, it is about opening a webpage. Please help.

Kind regards,

Leen Rietveld.

Hi Leen,

You have a server action that needs to make a get to a page and pass the user credentials through the headers. I got it right?

Hi João,

I'm not sure it's a get, but the rest you've got right. It's more like a redirect: when the user pushes the button and  fires the server action he should go to this external application (open it in a different tab) an be logged in automatically.

Kind regards, Leen.


Leen Rietveld wrote:

Hi João,

I'm not sure it's a get, but the rest you've got right. It's more like a redirect: when the user pushes the button and  fires the server action he should go to this external application (open it in a different tab) an be logged in automatically.

Kind regards, Leen.


Hi, I'm new to this post subject, and I'm really having trouble.

I need to send an html form through POST.

I need to send the data in a html form, to the URL of the bank, for the bank will display a bank slip.

But I'm not getting any success with the PostRequest_Submit or HttpPost components.


Because clicking the button, you will need to send the data in the form format.


I tried whith HttpPost:



Below, I am concatenating the values for the header, to use in the HttPost component.




I tried too whith PostRequest_Submit:




I researched in the forum the format of the data to be sent, but I did not find anything that could help.


Below, it's a example of form html to submit to bank.


Thanks!

It's been a while, but i returned to this case lately. In fact, it's an ExternalURL, but i can't pass the credentials and customer id in the URL. So is there any way to combine ExternalURL with headers?

Best regards,

Leen.

Leen Rietveld wrote:

It's been a while, but i returned to this case lately. In fact, it's an ExternalURL, but i can't pass the credentials and customer id in the URL. So is there any way to combine ExternalURL with headers?

Best regards,

Leen.

Good day Leen,


May I ask your help please. I have the same situation, require to redirect to external URL and send the authentication in the header for that site. Did you ever find a solution to this issue? Thank you in advance!


Hi Elize,

No, i did not. To be honest, i haven't been trying very hard lately, because i was busy with other projects and i more or less accepted the fact that this could not be solved right now.

Best regards,

Leen Rietveld.

Thank you Leen for getting back.

I implemented a sort of work-around. The sending side sends a POST HTTP request and sends the username and password (encrypted) as input (as if in a form so that the username and password is sent in the body of the HTTP request), on the receiving end we read the username and password using the HTTPRequestHandler extension calling first GetRequestContent to get the request's content, then GetFormValue for each of the username and password values, decrypt these and then call User_Login action, so the user is now logged in. Although the username and password is sent in the body of the POST and we use HTTPS it should be encrytped, but we do additional encryption on the username and password. To test in OutSystems I used the RedirectAndPost plugin to simulate the "posting" side.


Kind Regards,

Elize van der Riet