-
Secure Logon to Omnis Web App
Dear $all,
currently, I log into my web app via a user/password dialog. But with every reload of the page, I have to re-login.Is there a possibility to have an automated logon via shared secret, certificate or similar?
Thank you!Uwe
-
10 Replies
-
Hi Uwe,
You might want to check out the JS Preferences sample library in the HUB. It allows to store a secret key in the local storage of the browser.
However doesn’t the browser support to store the credentials? It should work automatically to load the credentials from the password manager when visiting the site.
Best,
Andreas
-
Hi Andreas,
Thanks for your hint – I’ll have a look at it!
-
My solution was to create a sessionState table.
When connecting I have a service rest /getsessionid?user={user} returns a uuid and on each change I send a saveSession/user/key?value={value}.
when starting command /getState/{key}
first command “isLoged”, the service returns me (for isLoged){key=”isLoged”,keyResult=”true”,extraData=”{lastView=”sf_ViewSales”,lastParams=”2025-01-11″}” }
where sf_ViewSales is a remote form.
and when receiving I ask the main Form to show the page, taking into account that my application is a SPA and just to call setContentView the the app open a form
-
Hi Diego,
Thank you! I’ll look into that, too!
-
$Dear all,
Thank you for your help!
I have mastered half-way through ‘secure log in’ issue:
With a little help from ChatGPT, I decided to perform a mutual TLS (mTLS) authentication. In that setup, the server verifies the client’s identity through a certificate, in addition to the client verifying the server’s identity (as in regular TLS). So whenever someone not having a valid client certificate tries to enter my site/web app, Apache will tell to get lost. This works fine and should be super secure. If you want a step by step guide, let me know!
But now I’m stuck again with the seemingly simple task of using Andreas suggestion to use the jsPreferences sample:
Saving the prefs works fine, but loading the pref seems to keep the instance variable into which the PrefValue is saved local to client-only. But my understanding was that instance variables are kept in sync between client and server!?!
Please see my few code lines, and the tool tip saying ’empty’, i.e. the variable icPrefValue has no access to its value. On the remote form, however, <b style=”background-color: var(–bb-content-background-color); font-family: inherit; font-size: inherit; color: var(–bb-body-text-color);”>icPrefValue does display its value.
How (or when) can I access icPrefValue on the server?
Best regards
Uwe
-
How (or when) can I access icPrefValue on the server?
I have struggled with communication between “browser” and “app” and found few ways to “send” data to the server. One is to use a cookie. Or use fetch() to send a value to an endpoint on the server. But probably will Andreas have a better solution 🙂
-
-
Hey Mats,
I assume that the clientmethod ‘savepreference’ and ‘loadpreference’ does nothing else but creating or reading a cookie – but my problem is that I can’t read the instance variable that ‘loadpreference’ write into.
I suppose I can only read it on the client side, but I need it on the server side when I call the client method.
Yes, maybe Andreas can give me a hint…
-
Hi Uwe,
I did a quick test with the sample library from the HUB copying the following into the $init method of the remote form:
Do lPrefRow.$define(lPrefName,lPrefValue)
Do lPrefRow.$assigncols('omnis_pref1','iPref1')
Do $cinst.$clientcommand("loadpreference",lPrefRow) Returns #F
Do method process (iPref1)
The “process” method is a server executed method and will receive the loaded content. Note that iPref1 needs to be an instance variable though.
You can then use this information to make a $changeform or assign a specific subform if you wish.
I hope this helps.
Best,
Andreas
-
This reply was modified 6 months ago by Andreas Pfeiffer.
-
This reply was modified 6 months ago by
-
-
Hi Andreas,
Yes, it did help!
I now have a security/login solution that makes me happy!
The first level is to allow only access to the web server to users who have a client certificate, as described in my post above.
The second level is a convenience level, where upon first login through a login dialog, a cookie is set via clientcommand(savepreference..), and on any further calls to the app, no login is required since the user is identified via clientcommand(loadpreference…).
Via a logout button, the cookie (after login set to the user id), can be set to ‘loggedOut’, so the login dialog will pop up again on the next connection.
I’ve put all this logic into the super class rfSuper, also the $init, so it doesn’t matter if I enter through index.htm (based on rfSuper) or if I choose to take a shortcut directly to some form like rfQuickEntry.
Since all the rf.$constructs (which may already load data) run before the first $init (initiating user authentification), I’ve put a $clientcommand(‘showloadingoverlay’,row(kTrue,#NULL,’anmelden…’)) in the $construct of rfSuper which is released as soon as the user is logged in.
If anyone wants more details, please don’t hesitate to ask!
Regards
Uwe
-
Awesome Uwe, well done!
We love to see our customers happy!
Best regards,
Andreas
Log in to reply.
