| Chinese | ||||||
|---|---|---|---|---|---|---|
|
| Table of Contents |
|---|
| English |
|---|
| User logs in to external system / identity provider and implicitly gains access to Joget without being prompted to login again. |
| Chinese |
|---|
用户登录到外部系统,隐式获得对Joget Workflow的访问,而不会再提示重新登录。的访问,而不会再提示重新登录。 |
Using JSON API
| Chinese |
|---|
使用JSON API |
Using '/web/json/directory/user/sso' JSON API.
Chinese 使用 '/web/json/directory/user/sso' JSON API.
You are allowed to call this method using JSON API Authentication or
Chinese 您可以使用 JSON API 认证或
Directly passes the username and password with "username" and "password" parameters respectively shown in following example.
Chinese 直接传递用户名和密码,分别如下例所示的“用户名”和“密码”参数。
| Code Block | ||
|---|---|---|
| ||
<script>
$(document).ready(function(){
$.ajax({
type: "POST",
url: 'http://localhost:8080/jw/web/json/directory/user/sso?callback=callbackFunction',
data: {
username: 'admin',
password: 'admin'
},
success: function(res) {
console.log("username (" + res.username + ") is " + ((res.isAdmin !== undefined && res.isAdmin === "true")?"admin":"not an admin"));
},
dataType: "json"
});
});
</script> |
Using Basic Http Authentication with JSON API
| Chinese |
|---|
使用基本的Http身份验证和JSON API |
Since V4, Joget is supported Basic HTTP Authentication in JSON API authentication, you can passing the credentials in the header.
Chinese 自V4以来, 支持Joget Workflow基本HTTP身份验证的JSON API身份验证中,您可以将凭据传递到头中。
Example: Assuming the username and password required is "user1" and "password1" respectively, we can set the Basic Auth header to the JSON API using following jQuery script.
Chinese 示例: 假设所需的用户名和密码分别为“user1”和“password1”,我们可以使用以下jQuery脚本将Basic Auth头设置为JSON API。
| Code Block | ||
|---|---|---|
| ||
<script>
$(document).ready(function(){
$.ajax({
type: "POST",
url: 'http://localhost:8080/jw/web/json/directory/user/sso',
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic dXNlcjE6cGFzc3dvcmQx");
},
success: function(res) {
console.log("username (" + res.username + ") is " + ((res.isAdmin !== undefined && res.isAdmin === "true")?"admin":"not an admin"));
},
dataType: "json"
});
});
</script> |
Using Javascript API
| Chinese |
|---|
使用JavaScript API |
Includes the jQuery & util.js libraries.
Chinese 包含jQuery&util.js库。
Using the AssignmentManager.login method for SSO.
Chinese 使用AssignmentManager.login方法进行SSO。
Perform actions in callback of successful login.
Chinese 执行成功登录回调的操作。
...
| lang | javascript |
|---|
...
| Thai |
|---|
ผู้ใช้ล็อกอินเข้าสู่ระบบภายนอกและเข้าถึง Joget โดยปริยายโดยไม่ต้องแจ้งให้ลงชื่อเข้าใช้อีกครั้ง |
Joget SSO on G Suite
Please see Joget Low Code Application Platform for G Suite
Joget SSO with Keycloak using SAML
Please see Joget SSO with Keycloak using SAML.
Joget SSO with Azure Active Directory using SAML
Please see Joget SSO with Azure Active Directory using SAML.
Joget SSO to Active Directory with Kerberos
Please see Joget SSO to Active Directory with Kerberos.
OpenID Connect
Please see OpenID Connect Directory Manager Plugin.
Joget SharePoint SSO Integration
Please see Joget SharePoint SSO Integration.
Login an User Programmatically
| Chinese |
|---|
以编程方式登录用户 |
| Thai |
|---|
เข้าสู่ระบบผู้ใช้โดยทางโปรแกรม |
You can build your own Web Service Plugin to perform custom SSO implementation.
Chinese 您可以构建自己的 Web Service插件来执行自定义的SSO实现。
Thai คุณสามารถสร้าง Web Service Plugin ของคุณเองเพื่อเรียกใช้การปรับใช้ SSO แบบกำหนดเอง
| Code Block |
|---|
import org.joget.apps.workflow.security.WorkflowUserDetails;
import org.joget.directory.model.service.DirectoryManager;
import org.joget.workflow.model.service.WorkflowUserManager;
import org.joget.apps.app.service.AppUtil;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.joget.directory.model.User;
import org.joget.workflow.util.WorkflowUtil;
import org.springframework.security.core.context.SecurityContextHolder;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
//Get service beans
DirectoryManager dm = (DirectoryManager) AppUtil.getApplicationContext().getBean("directoryManager");
WorkflowUserManager workflowUserManager = (WorkflowUserManager) AppUtil.getApplicationContext().getBean("workflowUserManager");
//Login as "clark"
String username = "clark";
User user = dm.getUserByUsername(username);
if (user != null) {
WorkflowUserDetails userDetail = new WorkflowUserDetails(user);
//Generate an authentication token without a password
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userDetail.getUsername(), "", userDetail.getAuthorities());
auth.setDetails(userDetail);
//Login the user
SecurityContextHolder.getContext().setAuthentication(auth);
workflowUserManager.setCurrentThreadUser(user.getUsername());
// generate new session to avoid session fixation vulnerability
HttpServletRequest httpRequest = WorkflowUtil.getHttpServletRequest();
HttpSession session = httpRequest.getSession(false);
if (session != null) {
SavedRequest savedRequest = (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY");
session.invalidate();
session = httpRequest.getSession(true);
if (savedRequest != null) {
session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", savedRequest);
}
}
} |
Please note that if you are adding these code in a filter, you will need to store the SecurityContext to session.
| Chinese |
|---|
请注意,如果要将这些代码添加到过滤器中,则需要将SecurityContext存储到会话中。 |
| Thai |
|---|
โปรดทราบว่าหากคุณเพิ่มรหัสเหล่านี้ในตัวกรองคุณจะต้องเก็บ SecurityContext ไปที่เซสชัน |
| Code Block |
|---|
//Store SecurityContext to session to avoid spring security to clean it.
session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext()); |
...