Reactive web IntegratedAuthentication roles not recognized
Question

Hi,


First of all thank you for your time. We are using IntegratedAuthentication for Active directory accounts on our Traditional Web applications for a while. Now we have started reactive web aswell. We wanted to use the same function "User_GetUnifiedLoginUrl". This does not work out of the box so I am experimenting with the following solution.

In the reactive application inside the SecurityException instead redirection to the login page I redirect to a traditional web application with a empty page.

The traditional page has a parameter for the exceptionURL and a preparation that uses function "User_GetUnifiedLoginUrl". After the login we redirect back to to the reactive page with a valid userId and a session.

This pattern works great...Except for pages that use roles. Somehow we do get a session however OutSystems cannot validate the roles a user has.

So if I navigate to a reactive page that requires a role it will log me through "User_GetUnifiedLoginUrl" and redirect me. However i get redirected to Common\InvalidPermissions because I do have a UserId, but OutSystems does not find the roles the user has.

Does anyone have any clue why this is not working?
At what moment does OS react check its roles? Can I debug this somehow?



Greetings,


Robert






mvp_badge
MVP
Solution

Hi everyone,

It seems this was a bug that was fixed in Platform Server version 11.10.0.

  • Fixed authenticated user losing the roles while navigating from a Traditional to a Reactive app, with Single Sign-On activated. (RAR-307)
  • Fixed SSO between different app types so the roles are correctly updated and users are no longer blocked from accessing the screens in the session. (RTAF-3182)


Regards,

Nordin

mvp_badge
MVP

Hi Robert,

I came across a similar situation with one of my reactive web application with SAML authentication ,and what i observed when i have the specific role in combination with registered role (Checked Registered role also on the page with the specific role) the access was working fine and if i am keeping the specific roles only without the registered role checked i was being redirect to invalid permission page.

The good part of it was when i kept it in combination the registered user (not having any specific role assigned to him ) was not able to access the page.

Not sure if your issue is similar to what i faced but still thought to share it with you.


Regards,

-PJ-

I'm experiencing the same behavior as both of you.

It does seem that you have the correct role, after all. If I simply manually change the URL after I get the invalid permissions issue. I'm able to use the application with the role I have (application restricted to specific role). 

My guess is that the session transfer from the backend (services/traditional) happens after the react page already was initialized. Which results in triggering the Invalid permissions.

No workaround/solution found yet.

Any ideas?

mvp_badge
MVP
Solution

Hi everyone,

It seems this was a bug that was fixed in Platform Server version 11.10.0.

  • Fixed authenticated user losing the roles while navigating from a Traditional to a Reactive app, with Single Sign-On activated. (RAR-307)
  • Fixed SSO between different app types so the roles are correctly updated and users are no longer blocked from accessing the screens in the session. (RTAF-3182)


Regards,

Nordin

Hi all,


I experience the same issues. We plan to upgrade in a few weeks, but until then, my users are redirected from time to time in /Users instead of invalid permissions when switching from traditional -> reactive or the other way around.

Any ideas how I could fix that?


Thanks,

Lorena 

mvp_badge
MVP

Hi Lorena,

Are you using Windows Integrated Authentication in combination with a Reactive Web App?

If that's the case, you can check out my answer here for more details.

Hope this helps.

Regards,

Nordin

Hi All,

I am experiencing a similar issue. Unfortunately, the platform version update is working in my case.

Two important things that I want to highlight here:

  • My application is a reactive application. @Nordin Ahdi mentioned fix was 'authenticated user losing the roles while navigating from a Traditional to a Reactive app'. In my case, it is Reactive to Reactive
  • OutSystems platform version is 11.10.1 (Build 23852).
mvp_badge
MVP

Hi Abhijit,

I don't think your issue is the same. 

This post was specifically about navigating from Traditional Web to Reactive Web (or the other way around) while having Single Sign-On Between App Types enabled.

Please create a new post where you describe your issue as detailed as possible.

Thanks,

Nordin

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.