Reactive web IntegratedAuthentication roles not recognized
Question

Hi,


First of all thank you for your time. We are using IntegratedAuthentication for Active directory accounts on our Traditional Web applications for a while. Now we have started reactive web aswell. We wanted to use the same function "User_GetUnifiedLoginUrl". This does not work out of the box so I am experimenting with the following solution.

In the reactive application inside the SecurityException instead redirection to the login page I redirect to a traditional web application with a empty page.

The traditional page has a parameter for the exceptionURL and a preparation that uses function "User_GetUnifiedLoginUrl". After the login we redirect back to to the reactive page with a valid userId and a session.

This pattern works great...Except for pages that use roles. Somehow we do get a session however OutSystems cannot validate the roles a user has.

So if I navigate to a reactive page that requires a role it will log me through "User_GetUnifiedLoginUrl" and redirect me. However i get redirected to Common\InvalidPermissions because I do have a UserId, but OutSystems does not find the roles the user has.

Does anyone have any clue why this is not working?
At what moment does OS react check its roles? Can I debug this somehow?



Greetings,


Robert






mvp_badge
MVP
Solution

Hi everyone,

It seems this was a bug that was fixed in Platform Server version 11.10.0.

  • Fixed authenticated user losing the roles while navigating from a Traditional to a Reactive app, with Single Sign-On activated. (RAR-307)
  • Fixed SSO between different app types so the roles are correctly updated and users are no longer blocked from accessing the screens in the session. (RTAF-3182)


Regards,

Nordin

mvp_badge
MVP

Hi Robert,

I came across a similar situation with one of my reactive web application with SAML authentication ,and what i observed when i have the specific role in combination with registered role (Checked Registered role also on the page with the specific role) the access was working fine and if i am keeping the specific roles only without the registered role checked i was being redirect to invalid permission page.

The good part of it was when i kept it in combination the registered user (not having any specific role assigned to him ) was not able to access the page.

Not sure if your issue is similar to what i faced but still thought to share it with you.


Regards,

-PJ-

I'm experiencing the same behavior as both of you.

It does seem that you have the correct role, after all. If I simply manually change the URL after I get the invalid permissions issue. I'm able to use the application with the role I have (application restricted to specific role). 

My guess is that the session transfer from the backend (services/traditional) happens after the react page already was initialized. Which results in triggering the Invalid permissions.

No workaround/solution found yet.

Any ideas?

mvp_badge
MVP
Solution

Hi everyone,

It seems this was a bug that was fixed in Platform Server version 11.10.0.

  • Fixed authenticated user losing the roles while navigating from a Traditional to a Reactive app, with Single Sign-On activated. (RAR-307)
  • Fixed SSO between different app types so the roles are correctly updated and users are no longer blocked from accessing the screens in the session. (RTAF-3182)


Regards,

Nordin

Hi all,


I experience the same issues. We plan to upgrade in a few weeks, but until then, my users are redirected from time to time in /Users instead of invalid permissions when switching from traditional -> reactive or the other way around.

Any ideas how I could fix that?


Thanks,

Lorena 

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.