76
Views
3
Comments
Solved
Reactive web IntegratedAuthentication roles not recognized
Question

Hi,


First of all thank you for your time. We are using IntegratedAuthentication for Active directory accounts on our Traditional Web applications for a while. Now we have started reactive web aswell. We wanted to use the same function "User_GetUnifiedLoginUrl". This does not work out of the box so I am experimenting with the following solution.

In the reactive application inside the SecurityException instead redirection to the login page I redirect to a traditional web application with a empty page.

The traditional page has a parameter for the exceptionURL and a preparation that uses function "User_GetUnifiedLoginUrl". After the login we redirect back to to the reactive page with a valid userId and a session.

This pattern works great...Except for pages that use roles. Somehow we do get a session however OutSystems cannot validate the roles a user has.

So if I navigate to a reactive page that requires a role it will log me through "User_GetUnifiedLoginUrl" and redirect me. However i get redirected to Common\InvalidPermissions because I do have a UserId, but OutSystems does not find the roles the user has.

Does anyone have any clue why this is not working?
At what moment does OS react check its roles? Can I debug this somehow?



Greetings,


Robert






mvp_badge
MVP
Rank: #72
Solution

Hi everyone,

It seems this was a bug that was fixed in Platform Server version 11.10.0.

  • Fixed authenticated user losing the roles while navigating from a Traditional to a Reactive app, with Single Sign-On activated. (RAR-307)
  • Fixed SSO between different app types so the roles are correctly updated and users are no longer blocked from accessing the screens in the session. (RTAF-3182)


Regards,

Nordin

mvp_badge
MVP
Rank: #51

Hi Robert,

I came across a similar situation with one of my reactive web application with SAML authentication ,and what i observed when i have the specific role in combination with registered role (Checked Registered role also on the page with the specific role) the access was working fine and if i am keeping the specific roles only without the registered role checked i was being redirect to invalid permission page.

The good part of it was when i kept it in combination the registered user (not having any specific role assigned to him ) was not able to access the page.

Not sure if your issue is similar to what i faced but still thought to share it with you.


Regards,

-PJ-

Rank: #8685

I'm experiencing the same behavior as both of you.

It does seem that you have the correct role, after all. If I simply manually change the URL after I get the invalid permissions issue. I'm able to use the application with the role I have (application restricted to specific role). 

My guess is that the session transfer from the backend (services/traditional) happens after the react page already was initialized. Which results in triggering the Invalid permissions.

No workaround/solution found yet.

Any ideas?

mvp_badge
MVP
Rank: #72
Solution

Hi everyone,

It seems this was a bug that was fixed in Platform Server version 11.10.0.

  • Fixed authenticated user losing the roles while navigating from a Traditional to a Reactive app, with Single Sign-On activated. (RAR-307)
  • Fixed SSO between different app types so the roles are correctly updated and users are no longer blocked from accessing the screens in the session. (RTAF-3182)


Regards,

Nordin