Solutions for Authenticated Users
Consider the following situation. An end user is authenticated (correctly logged in) on one MobileTogether Server and is running a solution from that server. You, as the designer, wants to start a solution from another MobileTogether Server on that user's device. Since the user is already authenticated on one MobileTogether Server, you would like the solution on the second MobileTogether Server to be started directly, without the user having to log in to the second MobileTogether Server. MobileTogether enables you to securely pass authentication information to a solution on another MobileTogether Server.
Note: The authentication described in this topic applies only to solutions running on web clients.
Setting up authenticated users for remote solutions
The steps for setting up the transfer of user authentication to a solution on another MobileTogether Server are given below.
Terminology note
•Authentication Host: The first MobileTogether Server, on which the authentication has already been carried out. •Authentication Receiver: The second MobileTogether Server, from which the second solution is served and on which we want authentication for the solution to be automatic.
|
1.In the MobileTogether Server settings of the Authentication Receiver, enter and enable the settings of the Authentication tab. These settings are: (i) the address of the Authentication Host, (ii) the secure HTTPS port for mobile clients, and (iii) the Audience string, which is a unique string that identifies the audience of this MobileTogether Server. Note also: (i) that both servers must use SSL encryption (HTTPS connections), and (ii) that both solutions (the calling and called) must be run for anonymous users.
2.In the calling solution, define a Solution Execution action (see screenshot below) at an appropriate point during solution execution.
The relevant settings of the action are:
•The solution's address: Which should evaluate to an address of the form https://MTServerAddress/run?d=/public/SolutionName.
•Token: A user-defined XML tree that is securely passed to the solution on the second server. You define this XML tree so that it contains all the information you want to pass. MobileTogether requires only that this entry is a well-formed XML tree.
•Audience: This string must match the Audience setting of the Authentication Receiver (see Point 1 above).
3.If the audience matches, then the XML tree that is passed to the Authentication Receiver (via the Token setting of the Execution Solution action; see previous point) will be passed to the second solution in the $MT_AuthenticationToken variable. You can access nodes in the token via XPath expressions that use the variable (for example: $MT_AuthenticationToken/Root/User/@id). If the audience does not match, then the solution will start, but without a valid authentication token. It is left to you as the developer to decide how to handle this situation. One way would be to show a suitable message and forward the user back to the calling solution.