Create and Use Logon and Session Tokens for Symphony
This applies to: Managed Dashboards, Managed Reports
When you embed Symphony in another application, you can Symphony's API as an alternative to other SSO login options to create one-time tokens to log in users automatically and securely. Use server-side code to create one-time time-limited tokens, then pass them to your client application's JavaScript or HTML.
You can create:
A one time logon token to create a session for a specified user and log them on.
Log on through the API and create a session for the user, optionally setting up session properties such as custom attributes, and create a one-time session token the user can use to access that session and to confirm ahead of time that the logon is successful.
For example, your server-side code can create these one-time, time-limited tokens and pass them to your client application's JavaScript or HTML.
Create Tokens
Create logon tokens through the .NET API using GetLogonToken(LogOnParameters) or through the REST API using POST /LogOn/Token. Specify the EffectiveAccountName
in the options when calling with administrator account privileges to log on a different, specified user account. For more information and a working example, see POST /LogOn/Token.
For session tokens, first log on the desired user using ILogonService in .NET or POST /LogOn using the REST API. Similar to when creating logon tokens, you can specify the EffectiveAccountName
when calling with administrator account privileges. In Symphony 24.4 and later, you can also specify CustomAttributes
to apply or AccountProperties
for creating or updating accounts. Otherwise, use the session ID you obtain as a result of logging on, you can use ISessionService methods or a REST method such as POST /Session/CustomAttributes to customize the session, then create a session token using ILogonService.GetSessionToken or POST /Logon/GetSessionToken.
Use Tokens
To make use of a one-time logon or session token, you can:
Pass it as
logonTokenId
orsessionToken
in the Symphony URL's query string parameters (for example,https://symphony.example.com/managed/?logonTokenId=<token>
), or set the respective option when using the embed library. This will automatically log the user on.Use the token in your own API calls to obtain a
session ID
to pass in subsequent calls when performing actions on the user's behalf. To use a logon token to access the REST API, for example, call POST /LogOn specifying the LogOnToken option instead of credentials to get the session ID, then pass it in Authorization request headers (for example,Authorization: Bearer <session ID>
) to other REST API methods. To exchange a one-time session token for a session ID instead, call POST /LogOn/ExecuteSessionToken.
For a sample web application that uses server-side code to get a logon token and use it to embed Symphony, see the Symphony viewer integration sample.
Comments
0 comments
Please sign in to leave a comment.