Skip to main content

Reference

This section provides a detailed explanation of the available options for setting up an Express application to enable Single Sign-On (SSO) with applications that support only custom authentication procedures.

Express Configuration

Preflight function

  • Should the preflight function be asynchronous?: This feature allows users to choose whether the preflight function should be executed synchronously or asynchronously.

  • Preflight function: A customizable javascript function that runs client side before the configured HTTP call. The return object from this function can be used to populate values in login properties or express configuration. If the asynchronous flag is not checked, the function must return an object (e.g. return {key: "value"}). If the flag is checked, the function must call the callback function and pass the object to it (e.g. callback({key: "value"})).

Request configuration

  • Login URL: The URL of the resource or service that will be accessed via the HTTP request.

    • User attribute: This flag is used to retrieve the value from one of the domain attributes. In this case the value specified will be the key of the user attribute.
    • From preflight: This flag is used to retrieve the value from the result of the preflight function. In this case the value specified will be the key of the preflight function returned object.

  • HTTP Method: The HTTP method that will be used when making the HTTP request. POST and GET method are supported.

    • User attribute: This flag is used to retrieve the value from one of the domain attributes. In this case the value specified will be the key of the user attribute.
    • From preflight: This flag is used to retrieve the value from the result of the preflight function. In this case the value specified will be the key of the preflight function returned object.

Two types of request are possible:

  • Submit form: This flag enables HTTP requests to be made via form submission triggering browser navigation.

  • XHR: This flag enables HTTP requests to be made via XMLHttpRequest, which is executed by JavaScript code on the client side. This option provides the ability to use custom headers and set up custom redirection after the request has ended.

    • Redirect URL: The redirect URL.
    • Wait before redirect (ms): The timeout in milliseconds before redirecting.
    • Request headers: The headers to be sent with the request. Content-Type header is mandatory, only application/json and application/x-www-form-urlencoded are allowed.

Login properties

  • Type: It's the type of the field to choose between email, password and text.
  • Property to be sent: It's the identification key of the property.
  • Value: It refers to the current value of the property, and its meaning varies depending on the flags explained below.
  • Hidden: This flag is used to make the associated value hidden from the user and prevent it from being edited. Can be combined with all flags except Editable.
  • Is attribute: This flag is used to retrieve the value from one of the domain attributes. Can only be used with the Hidden flag.
  • From preflight: This flag is used to retrieve the value from the result of the preflight function. The associated value field is not user-modifiable, and should be used to specify the variable expected from the preflight result. Can only be used with the Hidden flag.
  • From session: This flag is used to obtain the value from one of the session attributes. Can only be used with the Encrypted and Hidden flags.
  • Encrypted: This flag is used to mark a value as encrypted. Can only be used with the From session and Hidden flags. If this flag is checked, a textbox will appear for inserting the decryption key (AES256 algorithm will be used).
  • Editable: This flag is used to allow the user to specify the value to be used. Incompatible with other flags.