I’m working on a MIP SDK plugin that embeds a WebView within the Milestone Smart Client. This WebView displays a website that necessitates user authentication. My goal is to streamline the user experience by utilizing the Smart Client’s existing authentication mechanism to automatically authenticate users for the website displayed in the WebView. This integration should eliminate the need for users to undergo a separate login process when accessing the website through the WebView. I seek advice on how to implement this Single Sign-On (SSO) or Token feature, ensuring that the authentication process is secure and seamless, aligning with the overall security protocols of the Milestone ecosystem.
You can in a plugin get the IDP Token like this..
var loginSettings = VideoOS.Platform.Login.LoginSettings.GetLoginSettings(EnvironmentManager.Instance.MasterSite.ServerId);
var idpToken = loginSettings.IdentityTokenCache.Token;
We have no sample or description how you can use it to implement single sign-on
Hi,
With this approach, I could generate a token and pass it to my backend API through my Webview, but it seems we need more parameters to validate the token issuer here,
as I’m getting
“IDX10500: Signature validation failed. No security keys were provided to validate the signature.” This issue arises when trying to authenticate API requests using these tokens.
In this case, I have some questions,
What is the method used for signing these tokens (symmetric or asymmetric)?
How can we obtain the appropriate key for validating the signature?
If symmetric, how do we securely obtain the secret key or define a secret key?
If asymmetric, where can we find the public key?
Any configuration options that might allow me to either retrieve the signing key or configure a known key?
Expert developer colleague sent me this..
--
As I read it, you are trying to use our IDP and users in your integration, that is both for authorization and authentication of users. You have a web backend (resource server) that needs to validate the incoming tokens.
The XPCO IDP need to be set as authority for the incoming requests. I cannot really see from the post which technologies but I would recommend to use standard libraries for this and not do custom validation.
The token is encrypted using asymmetric encryption and the public keys can be queried at the location of the XPCO IDP https://”managementserveraddress”/idp/.well-known/openid-configuration. The discovery document follows the specification of Final: OpenID Connect Discovery 1.0 incorporating errata set 2 and includes a jwks_uri which locates the public key information( RFC 7517 describes the JWK format).
I hope this help you further.